Setting its sights on bolstering the cyber workforce to improve U.S. national security, the National Institute of Standards and Technology's (NIST) National Initiative for Cybersecurity Education (NICE) released its five-year strategic plan on Tuesday.
NICE presents new strategic plans every few years to redefine its goals and vision for the future. The 2020 iteration adds new objectives prioritizing modernizing cyber talent management, expanding workforce frameworks, and driving research on cyber workforce development.
The updated plan offers an opportunity for businesses to work with the government on closing the cybersecurity skills gap, said Rodney Petersen, director of NICE, said in a press release.
Trouble finding talented cybersecurity professionals to fill mission-critical roles spans across all sectors. NICE is looking for collaborators to help shrink the skills gap in its 2020 strategic plan.
Previous versions of the strategic plan lacked modernization initiatives around the processes of recruiting and retaining members of the cyber workforce. It missed efforts to integrate NICE guidelines with more holistic NIST frameworks and embrace opportunities to conduct more research on the cybersecurity workforce.
The 2014 Cybersecurity Enhancement Act requires NIST to update the NICE strategic plan every five years to guide upcoming national cybersecurity awareness and education programs. NICE released the latest update at its annual NICE Conference and Expo, but the plan is only the beginning of its efforts.
NICE will consult with its federal and nongovernmental partners on implementation plans and corresponding metrics to update its goals and objectives over time.
"Closing the cybersecurity skills gap necessitates a community effort," Petersen said.
The public and private sectors must work together to embrace the plan NICE outlined and come up with community-developed solutions, according to Petersen.
In the 2020 update to its strategic plan, NICE streamlined its values and renovated its vision for the future to accommodate changing needs. NICE previously envisioned a digital economy enabled by the cybersecurity workforce but aspired for broader reach over the next five years.
The update expands on previous NICE goals. In 2016, NICE set out to accelerate learning and skills development, nurture a diverse learning community and guide career development and workforce planning.
The 2020 plan reframes past goals into new categories, promoting the discovery of cybersecurity career pathways and transforming learning to build and sustain a diverse and skilled workforce.
It also adds three new goals to the institute's plan:
Modernize the talent management process to address skills gaps
Expand use of the workforce framework for cybersecurity
Drive research on effective practices for cybersecurity workforce development
NICE plans to connect with more diverse stakeholders and more collaboration on cybersecurity research.
Cybersecurity employers will be involved in NICE efforts to explore cybersecurity career opportunities, use learning and employment records to document cyber skills and implement emerging technologies to increase cyber job connections.
Strengthening the cybersecurity workforce has been a priority during the current administration. A May 2019 Trump executive order called on agencies to "enhance the workforce mobility of America's cybersecurity practitioners to improve America's national cybersecurity."
The federal government struggles to recruit and retain cyber talent as it lacks resources to offer pay and benefits comparable to the private sector. But industry hurts to fill cyber roles, too.
The cybersecurity industry needs a 62% talent-increase to meet business demands, according to an international (ISC)² survey released last year. This means that while there's almost no unemployment among cybersecurity professionals, businesses are struggling to fill crucial roles.
Right now, there are just over 500,000 total cybersecurity job openings in the U.S., according to CyberSeek's heat map of the workforce. On average, there are only about 1.8 existing cybersecurity workers to each cybersecurity job opening — the national average for all jobs is 3.7 workers per opening, according to CyberSeek.
In the updated plan, NICE is also expecting more integration with the popular NIST cybersecurity and privacy frameworks.
"Align the NICE Framework to the NIST Cybersecurity Framework, NIST Privacy Framework, and other cybersecurity, privacy, and risk management publications," an objective in the publication states.
While NIST frameworks are voluntary, the institute uses the guidelines to help organizations identify and manage cybersecurity and privacy standards. Stakeholders have commended the frameworks for standardizing practices across industry and increasing understanding of cyber's role in business.