| Featured Article | NICE Framework in Focus | Academic Spotlight | Industry Spotlight | Government Spotlight | Affiliated Program Updates | Funded Project Updates | Resources | NICE Working Group Updates | Key Dates |
Subscribe to the NICE eNewsletter
Welcome to the NICE Spring eNewsletter.
Our feature article reflects upon the NICE Strategic Plan that has served us well for the past 4 ½ years by reminding you of its contents and highlighting a few accomplishments. As the latest chapter in our history together as a community draws to a close, we invite you to help us shape the next strategic plan that will guide our priorities for the coming 5 years.
This quarter you will also learn: how cybersecurity folds into all disciplines of STEM education to prepare students of all ages to become critical and creative thinkers, innovators, problem-solvers, collaborators, and strong communicators; how our economy demands a workforce with cybersecurity skills for digital manufacturing and what the forthcoming Cybersecurity for Manufacturing Hiring Guide will contain; and how workforce development recommendations in the Cyberspace Solarium Commission’s report advocate a new strategic approach to cybersecurity, known as layered cyber deterrence.
Finally, I want to update you on work underway to draft the next revision of the NICE Framework which seeks to connect more closely to existing NIST cybersecurity and privacy publications. We are hosting discussions with stakeholders to learn how the NICE Framework has supported them and how it could be improved, and we are examining input received during the open comment period launched at last year’s NICE Conference and Expo. Stay informed of our progress by visiting the NICE Framework Resource Center.
Bill Newhouse
Deputy Director, National Initiative for Cybersecurity Education (NICE)
CLOSING ANOTHER CHAPTER IN THE LIFE OF NICE STRATEGIC PLANS
By Rodney Petersen, Director of National Initiative for Cybersecurity Education (NICE)
Our feature article reflects upon the NICE Strategic Plan that has served us well for the past 4 ½ years by reminding you of its contents and highlighting a few accomplishments. As the latest chapter in our history together as a community draws to a close, we invite you to help us shape the next strategic plan that will guide our priorities for the coming 5 years.
Let’s start by reviewing the NICE Mission: to energize and promote a robust network and an ecosystem of cybersecurity education, training, and workforce development. The scope of our collective work is more than “cybersecurity education” as implied by the organizational title for NICE (National Initiative for Cybersecurity Education). The additional emphasis on “training” (both for employees as well as adult workers who transition to cybersecurity work) recognizes the importance of skills development for practitioners and for continuous learning. The significance of supporting the needs of employers and promoting workforce development, also reflected in the third goal (see below), recognizes that our ultimate aim is to support a “digital economy enabled by a knowledgeable and skilled cybersecurity workforce.” (See the NICE Vision in the NICE Strategic Plan.)
The NICE Values emphasize the communal nature of our work, including the need to Foster Communication, Facilitate Collaboration, and Share Resources. NICE wants to be known for getting things done, which is why the values of Pursue Action, Challenge Assumptions, Drive Change, and Stimulate Innovation are important to our shared interests. We also want to make a difference, which is why we Seek Evidence and Measure Results in all of our endeavors. Perhaps no value is more heartfelt from across the community than the need to Model Inclusion that encourages participation from stakeholders with diverse backgrounds and viewpoints.
The Goals and Objectives in the NICE Strategic Plan are intended to address different imperatives and target specific audiences:
As we turn the final pages on the 2016-2020 strategic plan, we invite you to engage with NICE in the coming weeks as we develop our agenda for the next five years. Please send your comments and suggestions to nist-nice [at] nist.gov (nist-nice[at]nist[dot]gov).
A profile of a cybersecurity practitioner to illustrate application of the NICE Cybersecurity Workforce Framework categories, specialty areas, and work roles.
NICE Framework Categories:
Oversee and Govern/Analyze: Provides leadership, management, direction, or development and advocacy so the organization may effectively conduct cybersecurity work. Performs highly-specialized review and evaluation of incoming cybersecurity information to determine its usefulness for intelligence.
NICE Framework Specialty Areas:
Training, Education, and Awareness (TEA): Conducts training of personnel within pertinent subject domain. Develops, plans, coordinates, delivers and/or evaluates training courses, methods, and techniques as appropriate.
Threat Analysis: Identifies and assesses the capabilities and activities of cybersecurity criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities.
Name: Chris Knox
Title: Manager, Security Awareness & Analysis
Organization: CPS Energy, a Municipally owned electric & gas company for San Antonio metropolitan area
Work Roles: Cyber Instructor/Threat Analyst
Academic Degrees: B.S., Occupational Education; A.A.S., Instructional Technology; A.A.S., Communications Management
Certifications: None
Q: Chris, explain your role and responsibilities as Manager of the Security Awareness Program at CPS Energy.
A: CPS Energy is the municipally owned electric and gas company for San Antonio, Texas. My role in particular is responsible for developing and delivering security awareness education and training for our workforce. We also provide threat intelligence support, which includes vulnerability awareness, vulnerability assessments, and executive travel assessments.
Q: How could you envision using the NICE Cybersecurity Workforce Framework, maybe in establishing that program but also, more specifically, to guide your career and the other staff careers that you supervise in your organization?
A: My director and my team have used the NICE Framework to try to align and map our current workforce structure so that we can look across the organization and see where there might be some potential manning gaps. How can we use the NICE Framework to maybe even support some of our future hiring decisions based on these gaps? Also, how do we define more specific role-based training opportunities? Because of what we’re doing in the training and development space, we are also trying to create role-based training, and the NICE Framework provides a great foundation for how we develop training opportunities.
To listen to the full audio interview with Chris Knox, Manager, Security Awareness & Analysis, CPS Energy, click on the audio below.
Download a transcript of the interview
CYBERSECURITY AS A DISCIPLINE CONNECTOR
By Davina Pruitt-Mentle, Lead for Academic Engagement, National Initiative for Cybersecurity Education (NICE)
A variety of national strategy and policy documents highlight the importance of cybersecurity education in developing a knowledgeable and skilled cybersecurity workforce. However, there are differing interpretations of cybersecurity education that have implications for how, when, and with whom it would be taught and the kinds of learning experiences that students should have. This lack of clarity limits buy-in across stakeholders. But this lack of clarity is an opportunity for the NICE community to be strategic and lead the nation by coming to a consensus about how best to articulate the role of cybersecurity in the U.S. educational system. It is time for a more robust conversation at the national level about how best to incorporate cybersecurity into existing and future learning opportunities.
Educational Pendulum Swing to STEM not S.T.E.M.
Throughout history, economic and political forces influence reforms, and the pendulum swings between focus areas. The Association for Supervision and Curriculum Development (ASCD) maintains that historically, in the United States, the purpose of education has evolved according to the needs of society. The central focus has always been to help citizens develop the skills, the knowledge, and the dispositions that will allow them to be responsible, contributing members of their democratically informed community while also contributing to its economic growth and prosperity.
Throughout U.S. history, several national educational reform movements have taken place. The back-to-fundamentals approach after World War II lasted until the 1950’s when Sputnik caused the nation to focus on science, math, engineering, and technical education efforts.
Between the 1970’s and 1980’s the U.S. underwent an educational movement toward equality-based and individualized learning. The technology explosion in the 1990’s to early 2000’s demanded that educators shift their focus back to instruction around the disciplines of science, mathematics, engineering, and technology (SMET). In 2001, American biologist Judith Ramaley, then assistant director of education and human resources at the National Science Foundation (NSF), rearranged the words to form the STEM acronym, with the intent to create a new approach to instruction.
The acronym was meant to unite the four fields and highlight how these related disciplines could be taught and content learned in an interdisciplinary way. STEM, as Ramaley stated “has science and math serving as bookends for technology and engineering. Science and math are critical to a basic understanding of the universe, while engineering and technology are means for people to interact with the universe.”
Ramaley’s STEM acronym was a way of weaving elements of human action across disciplines into all aspects of education. This multidisciplinary approach was seen as being vital for all students to be successful participants in society. This approach would prepare students to solve interdisciplinary problems that they would encounter in the global society regardless of their major or chosen career path. STEM education would prepare students of all ages to become critical and creative thinkers, innovators, problem-solvers, collaborators, and strong communicators. Interconnecting the STEM disciplines through a holistic lens focused on building critical thinking and analysis skills by addressing how students viewed and experienced the world around them. Put simply, the STEM educational approach, often referred to as STEM literacy, would prepare citizens to tackle the challenges of a fiercely competitive and constantly changing global economy.
Although the attention on STEM education has brought with it benefits, the educational system is in danger of losing the innovative, collaborative approach. Over time, the interdisciplinary nature of STEM has faded. Instead, Science, Technology, Engineering, and Mathematics are presented as individual, often siloed disciplines (S.T.E.M.). Computer science has joined these four fields as a precursor to maintaining our world economic status continuing to split our focus.
Cybersecurity as a Connector
STEM literacy is a foundational skill that matters for all careers, not just STEM-related fields or jobs. This multi-skilled, STEM educated individual is a representation of a student who understands how academic subjects are meant to be a genuine symphony and not a collection of discordant solos.
Cybersecurity folds into all disciplines. Cybersecurity is cross-cutting and multidisciplinary in nature. All students, no matter what their future education and career path, must have an understanding of cybersecurity concepts and impacts in order to be prepared for citizenship, college, and careers. This is an excellent opportunity to highlight the synergies between multiple disciplines and return to the elegance of Ramaley’s original STEM concept.
Today, there is tremendous potential to realize the key role that cybersecurity can play within current and future learning at all educational levels, serving as a connector between science, technology, engineering, mathematics, and computer science in addition to other existing and emerging disciplines.
THE DIGITAL MANUFACTURING AND CYBERSECURITY WORKFORCE OF THE FUTURE
By Michael Garamoni, Manager of Workforce Development Programs, MxD Learn
A report by Dell Technologies and The Institute of the Future asserts that 85 percent of the jobs that will exist in 2030 haven’t been invented yet. A similar report from the World Economic Forum states that 65 percent of children entering primary school today will end up working in job types that don’t yet exist. While these statistics may be hard to believe, manufacturers have no doubts. Manufacturing is experiencing an exciting shift, what economists call the 4th Industrial Revolution, thanks to developments in digital manufacturing and cybersecurity. But these significant changes are also making it difficult for workers and employers. Workers suddenly need new skills; employers suddenly need to retrain existing workers or hire new ones with more advanced skills.
In 2016, MxD (Manufacturing times Digital) completed a project that identified 165 roles that will make up the manufacturing workforce of the future. This hiring guide identified roles, positions, position descriptions, and career pathways for digital manufacturing. It even touched on cybersecurity and the unique demands it places on manufacturers. Now, MxD is preparing to roll out the Cybersecurity for Manufacturing Hiring Guide, in partnership with ManpowerGroup, a world leader in innovative workforce solutions. This guide will provide manufacturers with details for the 247 most critical roles for cybersecurity in manufacturing.
By creating a structure to define and classify the manufacturing industry’s cybersecurity work, the Hiring Guide enables the advancement of workforce development goals across the manufacturing ecosystem: industry, individuals, academia, government, and workforce development and community development initiatives. “The speed and trajectory of cybersecurity’s challenges and solutions to this point tell us cybersecurity is an evolving but very opportunistic and valuable field that is here to stay,” said lead author Lory Antonucci, Director of Workforce Innovations and solutions at ManpowerGroup. “Our intent is that the taxonomy efforts overall will help clarify the roles and better inform decision-makers.”
The project leverages the NICE Cybersecurity Workforce Framework and utilizes the NIST Cybersecurity Framework. It integrates insights from subject matter experts representing more than 20 industry, academic, and government entities. The Hiring Guide is complemented by tools such as career progression charts, cybersecurity workforce data analysis, and success profiles of key roles. “This effort is a springboard for solving the cybersecurity workforce needs in manufacturing,” said MxD CEO Chandra Brown. “As factories and supply chains become increasingly digital and interconnected, these jobs are critical to protecting people, assets, and infrastructure. It's part of our national defense.”
In 2019, MxD was named the National Center for Cybersecurity in Manufacturing by the U.S. Department of Defense. MxD’s portfolio includes more than 60 successfully completed collaborative projects in digital manufacturing and design innovation, as well as cybersecurity and workforce development. MxD houses the Future Factory in its Chicago innovation center, offering different physical and cyber testbeds and a neutral setting to showcase digital manufacturing solutions, where industry competitors can meet and work together with government and academic partners to solve problems and confront challenges.
MxD Learn is MxD’s workforce development division. Beyond managing the cybersecurity and digital manufacturing jobs taxonomy projects, MxD Learn is devoted to initiatives that educate, train, and retain a skilled manufacturing workforce. In 2019, MxD Learn received a $1.25 million grant from the Siemens Foundation to support deployment of an advanced manufacturing high school curriculum and community college apprenticeship program in under-resourced communities. The grant also emphasizes cybersecurity career pathways in manufacturing, and some grant funds will be used for further enhancements to specified Cybersecurity for Manufacturing Hiring Guide components.
The public release of the Hiring Guide is scheduled for Spring 2020, and the full report from the 2016 digital manufacturing hiring guide is currently available. To receive a copy of this report or ask any questions about current or past workforce development projects at MxD, please email Michael Garamoni, Manager of Workforce Development Programs at michael.garamoni [at] mxdusa.org (michael[dot]garamoni[at]mxdusa[dot]org)
To learn more about MxD, to receive information on news, general projects, or workshops, or to become a member of the Institute, please visit www.mxdusa.org or email info [at] mxdusa.org (info[at]mxdusa[dot]org).
THE CYBERSPACE SOLARIUM COMMISSION ON BUILDING TALENT FOR THE FEDERAL GOVERNMENT CYBERSECURITY WORKFORCE
By Laura Bate, Director, Cyber Engagement, U.S. Cyberspace Solarium Commission
The U.S. Cyberspace Solarium Commission (CSC) is a bipartisan, intergovernmental body created by the 2019 National Defense Authorization Act (NDAA) to develop a strategic approach to defend the United States in cyberspace against cyberattacks of significant consequence. In carrying out this mandate, the Commission necessarily considered cybersecurity workforce development because, in order to successfully implement any cyberspace strategy, the United States must have a strong, skilled cybersecurity workforce.
The CSC’s year-long analysis concluded that deterrence, as currently implemented, is not working in cyberspace because perpetrators have seen that their activity damages the United States without triggering a meaningful response. However, the Commission also found that deterrence can still work in cyberspace if the United States adjusts its strategic approach to: improve its investments in defensive systems; build a more effective public-private collaboration; and confront adversary activity “forward” in the “gray zone” with all elements of national power. This will require the United States to apply a more coordinated, whole-of-nation approach to shaping behavior in cyberspace, denying adversaries the benefits of attacking critical infrastructure, and imposing costs on bad actors. By doing so, the United States can create a digital environment that is safe and stable, promotes continued innovation and economic growth, protects personal privacy, and ensures national security.
The Commission’s work culminated in a public report detailing a comprehensive strategic approach with specific policy and legislative recommendations for implementation. These recommendations span a wide range of topics, addressing U.S. government structure and reform, norms and non-military tools of state power, national resilience, the cyber ecosystem, collaboration with the private sector, and preserving and employing military power. To be successful in any of these areas, however, the United States must build and develop the cybersecurity workforce.
Because of the scope outlined for the CSC in the 2019 NDAA, the Commission focused on the federal government’s cybersecurity workforce. But the Commission also recognizes that the federal government cannot merely cut itself a bigger slice of the cybersecurity workforce “pie.” Rather, the government must support growing the whole pie of talent needed throughout the nation. Given this focus, the CSC’s recommendations on cyber workforce development center around six key goals:
The Commission’s next steps focus on putting these recommendations on the path towards implementation. In many cases, this means taking big ideas and translating them into actionable steps and specific details. In that process, we particularly appreciate input from you and the entire NICE community, and we welcome your comments at info [at] solarium.gov (info[at]solarium[dot]gov).
Various organizations within the U.S. government own and operate programs designed to enhance the cybersecurity education, training, and workforce development needs of the nation. The following are a few of those programs with updates on their activities:
The NICE Cybersecurity Workforce Framework is undergoing an update. A public request for comments on the update was open November 19, 2019 – January 13, 2020.
Thank you to those who submitted comments! Comments received are being reviewed and considered in forming a new draft of the NICE Framework. Once completed, the draft revision will be provided to the public for further review and comment.
Learn more: NICE Cybersecurity Workforce Framework Resource Center
2020 Community College Cyber Summit (3CS) Postponed
The annual Community College Cyber Summit (3CS) was scheduled to take place August 4-6, 2020, at Sinclair Community College in Dayton, Ohio. Because of the challenges and uncertainties created by the pandemic, the event will be rescheduled. However, a few components will be presented virtually. The opening plenary session will take place online on August 4, 2020, 6:00-8:00 PM EDT. The session will honor the 2020 Innovations in Cybersecurity Education winners, and program and funding updates will be announced. Afterwards there will be a virtual reception. For information about the evolving plans for 3CS, visit https://www.my3cs.org/.
Fast Track CAE Designation Workshop
The CAE National Resource Center (CNRC) at Whatcom Community College has released a Virtual Fast Track CAE Designation Workshop on NCyTE.net. This workshop is designed for all regionally accredited U.S. colleges and universities qualified for and interested in earning the CAE in Cyber Defense Education (CAE-CDE) designation. This workshop covers the updated submission timeline and the new two-part application process and requirements in half the time of a regular workshop. To access the Virtual Fast Track CAE Designation Workshop, visit https://www.ncyte.net/cae-virtual-workshop.
Cybersecurity Program Development Workshop Series
The NCyTE Center will host a three-part workshop on cybersecurity program development beginning on April 27, 2020, 11:00 AM-1:00 PM PDT. Corrinne Sande, Director/PI of the NCyTE Center, will present this workshop, which is designed to help faculty and administrators at colleges with limited cybersecurity programming add to or substantially enhance their programs. The workshop will be split into two 2-hour online sessions (on April 27 and May 11) and one in-person session at a later time. For more details, visit https://www.ncyte.net/program-development-workshops.
New Cybersecurity Curriculum for Advanced Placement Computer Science Principles (AP CSP) Courses
The NCyTE Center announces the availability of three new lessons intended for high school instructors interested in adding cybersecurity to AP CSP courses. These lessons could be used effectively in colleges also. Experts engaged in the Catalyzing Computing and Cybersecurity in Community Colleges (C5) project, hosted at Whatcom Community College, are designing 12 lessons and related instructional materials to enhance computer science and cybersecurity curricula. The first three lesson topics are Information Security and the CIA Triad; Personal Data Vulnerabilities; and Identity, Authentication, and Authorization. Each lesson includes an overview document, a presentation, and student activities. Additional lessons will be released as they are completed. For more information on the lessons and curriculum resources, visit https://www.ncyte.net/c5-lessons.
Learn more: ATE Program
Cybersecurity Education in the Age of Artificial Intelligence (AI)
The interplay between AI, machine learning, and cybersecurity will continue to introduce new opportunities and challenges in the security of AI as well as AI for cybersecurity. National Science Foundation (NSF) seeks to promote exploration of possible partnerships between AI researchers, cybersecurity researchers, and education researchers in order to inspire novel education and outreach efforts. Such collaborative efforts could also foster a robust workforce with integrated AI and cybersecurity competencies, and develop an informed public that understands the privacy, confidentiality, ethics, safety, and security implications of AI. Teams are required to send a research concept outline, including project title, team members, institutions involved, and a summary of the project concept (up to two pages) by email to satc-edu [at] nsf.gov (satc-edu[at]nsf[dot]gov) no later than midnight EDT on May 15, 2020. For more information, visit https://www.nsf.gov/pubs/2020/nsf20072/nsf20072.jsp
Learn more: Scholarship for Service
The Cyber Education Discovery Forum is an annual summer institute hosted by NICERC for K12 educators who want to integrate cybersecurity into their classrooms. This year, for the first time ever, all of the content will be delivered online, with a mix of live sessions, virtual office hours, and at-home projects. Sign up for a workshop track to walk through hands-on exercises in a particular course, and be sure to log in for keynote sessions throughout the week.
Learn more: NICERC Cyber Education Discovery Forum
Military veterans are an important community for consideration for cybersecurity jobs. Whether they have direct military experience with information security or possibly possess a highly desirable security clearance (or ability to qualify for a clearance), our nation’s military veterans are increasingly recognized as an attractive talent candidate pool for our most critical cybersecurity roles. We have compiled a list of resources for veterans who are considering a cybersecurity career.
Learn more: NICE Veteran Resources
Interested in a cybersecurity career? Need to improve your cybersecurity knowledge and skills? Want to acquire a new cybersecurity credential?
NICE has shared a list of free and low-cost online educational content on topics such as information technology and cybersecurity. Some, not all, may contribute to professional learning objectives or lead to industry certifications and online degrees. Please note that this site will continue to be updated as new information is gathered and edited for clarity and accuracy.
Learn more: NICE Online Learning Resources
NIST Notice of Funding Opportunity (NOFO) for the NICE K12 Cybersecurity Outreach Program (April 17, 2020) – This webinar provided information for those interested in learning about this funding opportunity. Learn more and view a recording here.
The Role of the School Counselor in Promoting Cybersecurity Career Opportunities (April 15, 2020) – In this webinar, school counselors shared how they work with students in elementary, middle, and high school settings to guide them into a variety of career pathways. Learn more and view a recording here.
NICE Cybersecurity Workforce Framework Use Cases and Success Stories (March 18, 2020) - This webinar identified a few of the emerging use cases and success stories that can help to encourage widespread adoption of the NICE Framework. Learn more and view a recording here.
The Intersection of the Privacy and Cybersecurity Workforce (February 19, 2020) – This webinar introduced the newly released Privacy Framework and described the need for and mechanisms for building a workforce skilled in privacy. Learn more and view the recording here.
Learning Cybersecurity Principles for the Practice of Information Security (January 29, 2020) – This webinar opened a dialogue about reaching consensus for a common set of cybersecurity principles to be communicated, acquired, and practiced by learners of all ages. Learn more and view the recording here.
Learn more and view recordings: NICE Webinar Series
The NICE Working Group (NICEWG) has been established to provide a mechanism in which public and private sector participants can develop concepts, design strategies, and pursue actions that advance cybersecurity education, training, and workforce development. This quarter, the Competitions Subgroup has created several new podcasts featuring interviews with cybersecurity competition leaders around the country.
Learn more about these podcasts and other deliverables from the NICE Working Group.
This webinar will explore ways to turn lessons learned from the recent pandemic into systemic changes to improve cybersecurity education, training, and workforce development for the future. NICE webinars are free to attend, but registration is required.
Learn more and register today here
NIST has announced funding on behalf of NICE for the NICE K12 Cybersecurity Education Outreach Program. NIST is soliciting applications from U.S.-located, non-Federal entities to assist NICE in its outreach efforts to build a K12 community that inspires cybersecurity career awareness with students in elementary school, stimulates cybersecurity career exploration in middle school, and enables cybersecurity career preparedness in high school. The deadline to apply is Monday, June 1, 2020, by 11:59 p.m. ET.
Learn more: Notice of Funding Opportunity
The call for speakers for the 11th annual NICE Conference and Expo is open now! Submit your proposal by May 31, 2020 and learn more at www.niceconference.org.
Featured tracks:
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under a Cooperative Agreement (Award# 70NANB18H025).
The call for speakers for the 6th annual NICE K12 Cybersecurity Education Conference is open now! Submit your proposal by June 12, 2020, and learn more at www.k12cybersecurityconference.org.
Conference tracks:
This event is supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology in the U.S. Department of Commerce, under financial assistance award #60NANB16D302.