Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE eNewsletter Winter 2021-22 Government Spotlight

Creating a Community of Practice for Workforce Development in Industrial Cybersecurity

by Ralph Ley, Department Manager, Workforce Development and Training, Idaho National Laboratory

A recent report by Purdue University found there is only one degree program in the United States dedicated to producing industrial cybersecurity professionals -- those would be the individuals tasked to securely design, build, operate, and maintain the critical cyber-physical infrastructures that provide reliable electricity, clean drinking water, and affordable manufactured goods ranging from toilet paper to Tesla.  Eleven years after Stuxnet, a computer worm, it appears that almost no one has had the vision to push beyond a single university or college course dedicated to the topic. If cybersecurity is among the top national security concerns faced by the nation, industrial cybersecurity must be the single most critical overlooked educational topic.

When Dr. Sean McBride of Idaho State University and Dr. Shane Stailey of Idaho National Laboratory got together for a brainstorming session in August 2020, they wondered, “What can we do to get the ball rolling on this important issue?”  Their idea: to create a Community of Interest – no, a Community of Practice (COP) – that would bring together interested parties from government, academia, and industry to act on the challenge.

“When I think about preparing a workforce to defend our critical industrial control environments from cyber incidents like Colonial Pipeline, it strikes me that there are two grave misconceptions out there: 1) that if we can just teach cybersecurity students and professionals what Programmable Logic Controllers are, that will solve the problem; and 2) that if we can just get instrumentation technicians to think about confidentiality, integrity, and availability, we will secure these critical systems. Those are gross oversimplifications of a challenge that it is past time to seriously address. In a nutshell, that’s why we created the Community of Practice,” said Sean McBride, who has run Idaho State University’s Industrial Cybersecurity degree program since 2017.

We’re seeking your input to inform and improve global efforts to educate and train professionals in this critical field!

Take the Industrial Cybersecurity (ICS) Knowledge Survey

 

“We’ve had great grass-roots enthusiasm,” explained Shane Stailey, Industrial Control Systems (ICS) Cybersecurity Training and Development Strategy Lead for Idaho National Laboratory (INL). “More than 175 individuals representing 110 different organizations across industry, academia (traditional colleges, universities, and training providers), and government have participated in the workshop events.”

The community is led by a steering and advisory committee consisting of experts from industry, academia, and government that meets quarterly. Two working groups have formed, one dedicated to workforce development and another dedicated to standards and curriculum development. These meet monthly to work on key deliverables.  “While the Idaho National Lab has kindly provided resources to facilitate the meetings, this is truly a community effort which will require greater resources”, said Stailey.

ICS COP Subgroups
Figure 1.  ICS COP Subgroups and Industrial Cybersecurity Workforce Development Lifecycle Needs
Credit: Ralph Ley

Several outstanding collaborations have emerged from the Community. One is the input the group has been able to provide the National Institute of Standards and Technology (NIST), as it continues to develop industrial cybersecurity content for the National Initiative for Cybersecurity Education (NICE) Workforce Framework for Cybersecurity.  Another critical collaboration is that of the International Society for Automation (ISA). ISA is a non-profit professional association of engineers, technicians, and management engaged in industrial automation that creates standards, including cybersecurity standards for industrial control systems. ISA provides a crucial link to automation technology firms and industry practitioners. Also, ISA is an ANSI Accredited Standards Developer. A third collaboration to occur as a result of community meetings is a partnership among Siemens Energy, Idaho State University, MISI Academy, SANS Institute, REDI, ICS Village, and Capitol Technology University to create a registered apprenticeship for industrial cybersecurity.

“We have great plans for 2022”, said McBride “In April we plan to release a truly consensus-based curricular guidance recommendation for industrial cybersecurity co-authored by the INL, Idaho State University, and the ISA. That document, built with input from more than 100 industry experts, will establish a firm foundation for industrial cybersecurity education and training programs across the country.”

“Please join us!” added Stailey “We need your ideas.”

More information is available at the Industrial Cybersecurity Workforce Development Community of Practice web site at https://inl.gov/icscop/.

NICE eNewsletter Winter 2021-22

 

Created January 21, 2022