By Aubrie Kendall, Summer Graduate Fellow, National Initiative for Cybersecurity Education
The overall message and intent of the CHIPS & Science Act of 2022 (or CHIPS Act) is to focus on increasing the strength of American supply chains, manufacturing, national security, and the workforce to support those three aspects1. This article will focus on the themes related to cybersecurity workforce development within the CHIPS Act. The themes include the increased investment in STEM (science, technology, engineering, and math) education to assist with cybersecurity workforce development, increased workforce diversity to make it more resilient, and increased collaboration and data collection between various stakeholders to better understand the condition of the cybersecurity workforce.
One of the themes woven throughout the CHIPS Act is the focus on STEM education and its impact on the comparative advantage of the United States. Title III- National Science Foundation (NSF) for the Future Subtitle B- STEM Education outlines PreK-12, undergraduate, and graduate STEM education for additional support to increase the number of diverse students within these fields. Furthermore, Section 10321 goes over increasing programs to address the STEM workforce through scholarships, fellowships, traineeships, post-doctoral, apprenticeships, etc. For instance, the NSF CyberCorp: Scholarship for Service will be expanded to include additional cybersecurity-related topics of artificial intelligence, quantum computing, and aerospace (Section 10316)2. Generally speaking, there is a proposed level of investment in STEM education that has not been seen in some time by the American government.
When the CHIPS Act is viewed in its entirety, there is a theme of increasing diversity within the STEM and cybersecurity workforce. Secondly, there is a focus on identifying and addressing barriers underserved people face entering the cybersecurity workforce. Thirdly, to increase Federal engagement with underrepresented communities such as minority-serving institutions (MSIs), low-income, caregivers, women, minorities, and rural & tribal communities. Section 10235 Dr. David Satcher Cybersecurity Education Grant Program establishes cybersecurity grant programs for institutions of higher education that have a large admission of needy students or are MSIs as an example. Another example is Section 10241 where the National Institute of Standards and Technology (NIST) educational outreach is to focus on underrepresented communities. A final example is Section 10315 where research of the cybersecurity workforce is used to understand the paths to entry and re-entry into the cybersecurity workforce. In other words, Federal agencies are to identify what barriers prevent members from joining the cybersecurity workforce and best practices to help mitigate these barriers.
There is a new focus on rural communities that are considered part of underserved communities described in Title V: Broadening Participation in Science Subtitle B- Rural STEM Education Research. Yet, Title V Section B raises the question: What is a rural community? The Census Bureau defines rural as any population, housing, or territory not in an urban area. Additionally, there is room for interpretation with that definition, raising another question: How does that include suburban areas? A possible resource that can be used to assist with these questions is the interactive map on “Mapping Rural Colleges”- a project of the Student Success Through Applied Research (SSTAR) Lab. “Mapping Rural Colleges” will assist in identifying the various levels of rurality and the institutes located there3.
Another theme threaded throughout the CHIPS Act is the requirement for increased collaboration with various stakeholders through private-public partnership (PPP), intergovernmental collaboration, and working groups. NIST has been provided more flexibility to partner with the private sector on research and development (Section 10242) and illustrates the drive for PPPs. Moreover, Title VI: Subtitle F outlines the creation of an interagency working group led by the Director of the Office of Science and Technology Policy under the National Science and Technology Council with the Department of Commerce, Department of Energy, and NSF. The increased collaboration will allow for more efficient and streamlined actions across the various stakeholders to address the cybersecurity workforce concerns.
A huge part of the increased collaboration is around data collection and its use. Title II: NSF Section 10317- Cybersecurity Workforce Data Initiative directs NSF to coordinate with NIST and the National Initiative for Cybersecurity Education (NICE) to establish a cybersecurity workforce data initiative and examine the data’s feasibility. Further, the NICE Workforce Framework for Cybersecurity (NIST Special Publication 800–181) will be used as the workforce measurement to determine the data requirements needed to enhance the cybersecurity workforce.
Given these points, there will be a large restructuring in how the government approaches cybersecurity workforce development. Nonetheless, the government's focus on STEM education, increased diversity, collaboration, and the use of data collection surrounding the previous topics supports the growing need to increase the number of cybersecurity professionals to meet the present and future needs of the public and private sectors.
[2] CHIPS and Science Act of 2022- Congress.gov
[3] https://mappingruralcolleges.wisc.edu/map
Additional suggested reading: