National Cyber Security Alliance In Partnership with Government Education Councils

• Oct 31, 2011

The National Cyber Security Alliance (NCSA) – a non-profit public-private partnership focused on cybersecurity awareness and education for all digital citizens – recently announced that on behalf of the National Cybersecurity Education Council (NCEC) it has signed a memorandum of understanding (MOU) with the U.S. Department of Education (ED) and the National Institute of Standards and Technology (NIST) to formally institute and promote cyber security education programs in K-12 schools, higher education, and career and technical education environments nationwide.

The new agreement paves the way for the continuation of the recently established public private partnership known as the National Cybersecurity Education Council to build a consensus on the future of cyber education in the United States. The multi-stakeholder effort will bring together government, industry, nonprofit, academia and other educational organizations to make recommendations and suggest guidelines on cyber education.  The collaboration will also include all parties participating in a working group to identify the cyber education needs of all young people and the foundational knowledge, skills and competencies needed by government and industry to build a workforce that can protect America's vital digital assets.

The MOU's partnership supports many of the educational efforts responding to President Obama's 2009 Cyberspace Policy Review, which called for the nation to "build an education system that will enhance understanding of cybersecurity and allow the United States to retain and expand upon its scientific, engineering, and market leadership in information technology." Toward this end, in the spring of 2010, the National Institute of Standards and Technology (NIST) within the U.S. Department of Commerce led a team involving many departments and agencies across the government in launching the National Initiative for Cybersecurity Education (NICE). The goal of NICE is to establish an operational, sustainable and continually improving cybersecurity education program for the nation to use sound cyber practices that will enhance the nation's security. NICE includes four focus areas, or tracks:  cybersecurity awareness, formal cybersecurity education, cybersecurity workforce structure, and cybersecurity workforce training and professional development.The public/private partnership, which the MOU fosters, will advance efforts of the formal education track, particularly responding to the needs identified in the Cyberspace Policy Review for a K-12 cybersecurity education program for digital safety, ethics, and security and for expanded university curricula.

NCEC members are also cognizant of the inherent demand for improved cybersecurity education in bolstering America's future workforce. Today, the U.S. faces a deficit in the number of cybersecurity professionals in our country, and predictions of our future needs are worrisome. Estimates from a recent study by (ISC)2 and Frost and Sullivan reveal a need of more than 700,000 new information security professionals in the Americas by 2015. What's more, the U.S. Bureau of Labor Statistics estimate that there will be 295,000 new IT jobs created in the U.S. between 2008 and 2018 – many of which will require cybersecurity expertise. This data points out a great responsibility within the U.S. education system and other industry groups to help produce cyber capable citizens.

"Our children live in an interconnected technology-based world with a growing need for digital skill sets," said U.S. Secretary of Education Arne Duncan. "An education that incorporates tools to understand, navigate and operate technology will encourage students to exercise awareness when using digital platforms while helping better prepare them for the jobs of the future."

"This important MOU will add another dimension to the public/private partnership that is key to cybersecurity awareness and formal cyber education," said Special Assistant to the President and Cybersecurity Coordinator, Howard Schmidt.  "Through the partnership, we will continue to increase public awareness of safe cyber behavior, as well as expanding the availability of the cyber education so vital to the future of our workforce."

"Our future depends on a digital citizenry that can use the Internet safely, securely, ethically and productively," said Michael Kaiser, executive director of the National Cyber Security Alliance. "Today, the United States faces a daunting challenge. We need to build a cybersecurity ready workforce trained to deal with a constantly changing digital infrastructure that is protected against a broad range of cyber threats. This broad effort is critical because cybersecurity and digital safety touches everyone."

"With cyber threats on the rise, career opportunities in cybersecurity will continue to grow and students need to have the access to the necessary foundational STEM education and other prerequisites needed to pursue them," said NICE National Lead, Dr. Ernest McDuffie. "Higher education and technical training must lead to skills and competencies that meet the hiring requirements of government and industry to fill the growing need for cybersecurity professionals. This working group will help pave the way to achieving this goal."

"We are proud to convene and lead this new nationwide effort to help make cybersecurity education widely available and accessible," said John Havermann, of EMC Corporation and president of the NCSA Board of Directors. "There is no organization or government agency that can tackle this problem alone. It's going to take a diverse partnership between government, industry, academia and others to work together to develop shared priorities and a path forward."

Cyber education is also critical to our nation's economic growth as evidenced by a recent survey, conducted by Zogby International for NCSA and Symantec, of U.S. small business owners that shows a high portion of businesses need employees with cybersecurity skills. When employers were asked to rate skills necessary for new hires, U.S. small businesses report the following skills are very relevant or essential:

•     Understanding privacy (51 percent);
•     Importance of protecting intellectual property (49 percent);
•     Basic knowledge of using technology ethically (47 percent);
•     Basic knowledge of Internet security practices (passwords, identifying secure websites) (44 percent).

In addition, NCSA and Microsoft recently conducted research on the state of cybersecurity education and the results make clear better cyber education is needed in America's K-12 classrooms. More than one-third of U.S. K-12 teachers (36 percent) received zero hours of professional development training by their school districts in issues related to online safety, security and ethics in the past year. (86 percent received less than six hours of related training).

Only 51 percent of teachers agree their school districts do an adequate job of preparing students for online safety, security and ethics. Few K–12 educators are teaching topics that would prepare students to be cybercapable employees or cybersecurity-aware college students. In the past year, a mere 4 percent taught about careers in cybersecurity; 20 percent taught about knowing when it is safe to download files; 23 percent taught about using strong passwords; and just 7 percent taught about the role of the Internet in the U.S. economy.