August 7, 2017

CLTC Responds to Federal Request for Information on Cybersecurity Workforce

View the CLTC Letter

On July 12, the National Institute of Standards and Technology (NIST) issued a Request for Information (RFI) to “gain public input about the scope and sufficiency of efforts to educate and train the nation’s workforce to meet current and future private and public sector cybersecurity needs.”

Last week, the UC Berkeley Center for Long-Term Cybersecurity responded to this request with a four-page letter outlining a variety of ideas and recommendations, drawing upon the Center’s unique approach to the cybersecurity challenge. Written by CLTC’s Faculty Director Steve Weber, Executive Director Betsy Cooper, and Research Fellow Sean Brooks, the letter highlights diverse approaches the government could take in key areas outlined in the RFI, including research, metrics, and data; education; and policy solutions.

CLTC’s recommendations on metrics include addressing fundamental structural questions related to the current shortage of professionals in the field. “It is indeed clear that the cybersecurity talent pipeline suffers from some kind of market failure, in the sense that demand and supply are visibly and significantly mismatched,” the authors write. “But, before we can analyze important questions about what policy shifts are required in this space, we believe NIST should first break down and analyze the precise causes and sources of market failure.”

Weber, Cooper, and Brooks suggest that the government consider asking core questions such as: What are the measures of a healthy labor economy for cybersecurity? What are the most pressing threats the cybersecurity workforce is likely to address in the next five years, and how do the skills currently present in the labor market compare to those that will be needed? And what peripheral positions are needed to support a healthy cybersecurity workforce (legal, HR/hiring specialists, policy), and what impact does cybersecurity literacy have on building effective teams?

Addressing the need for improved education programs, the authors also note that CLTC is partnering with the School of Information and the College of Engineering in developing a new Master of Information and Cybersecurity at UC Berkeley. “The program, which is currently pending university approval, aims to address the technical aspects of cybersecurity while preparing students to consider policy making on the national, international and organizational levels.”

In considering possible policy solutions, CLTC suggests that federal leaders employ “innovative solutions outside the box of those normally approached by government” to address the “structural, bureaucratic, and cultural factors that have contributed to the acute government labor shortage.” Specifically, the authors encourage the development of a “Cyber Workforce Incubator,” a program proposed by CLTC in 2016 that would “replicate the environment, culture, and pace of West Coast startups, dramatically increasing the benefits and reducing the costs for private-sector technology talent to engage in national service.”

Weber, Cooper, and Brooks invite NIST to hold a workshop at UC Berkeley, following on the success of the Center’s 2016 hosting of the White House Commission on Enhancing National Cybersecurity’s West Coast forum. “As NIST considers policy recommendations, we urge it to think outside the box, in the way that Silicon Valley entrepreneurs often do, in thinking of policy solutions that may not reflect the traditional way that things are done within the Beltway,” the authors suggest. “We would be more than happy to provide support as NIST considers these options.”

A report based on responses to the Request for Information is scheduled to be delivered to the President on September 8, 2017. Stay tuned to the CLTC newsletter and website for updates on these initiatives.