Cybersecurity is a practice, not a product. It requires constant advancements and innovations to remain effective and ahead of malign actors seeking to breach information systems. Each cybersecurity intrusion puts the integrity of financial markets, government defenses, and utility services at risk, threatens businesses, especially small businesses, and violates people’s civil liberties through personal data theft and stolen identity.
As we’ve seen in recent months, the need to protect critical U.S. infrastructure is urgent, and according to Accenture, a TechNet member, 68 percent of business leaders feel that their organization’s cybersecurity is at risk. Cybersecurity is one of the top areas of concern according to the Office of the Director of National Intelligence’s annual 2021 Threat Assessment of the U.S. Intelligence Community. Emerging and disruptive technologies, as well as the proliferation and permeation of technology in all aspects of our lives, pose unique challenges, according to the study, and show how cyber capabilities are intertwined with threats to our critical infrastructure and against our democracy.
In order to meet the cybersecurity needs of today’s increasingly interconnected digital world, policymakers and industry leaders must focus efforts on educating and training a highly-skilled workforce, modernizing government InformationTechnology (IT), and building long-lasting public/private partnerships.
Having adequate cybersecurity practices in place requires a high-skilled, talented workforce comprised of trained IT and cybersecurity professionals. Currently, however, there are more than464,000 unfilled cybersecurity employment opportunities across the country. These openings will only grow as the number of cybersecurity jobs is projected to increase by nearly one-third over the next decade, the fastest among tech occupations. To close that gap and ensure the U.S. develops, recruits, and retains the world’s best cyber workforce, a dual-pronged approach is necessary. To address the immediate demand for talent, high-skilled immigration reform is needed and the number of visas allotted for high-skilled immigrants must be increased. In addition, key strategic federal investments should be made in retraining programs for existing workforce participants. While these solutions can fix our short-term needs, in the long run, the U.S. must significantly increase STEM education funding for students across the academic spectrum who will lead the next generation of innovation.
The U.S. government recognizes the importance of increasing our cybersecurity capabilities and has implemented or proposed policies that aim to improve the protection of our nation’s critical infrastructure. Recently, Congress established the Office of the National Cyber Director, an elevated position housed within the Executive Office of the President responsible for coordinating and implementing our nation’s cyber policy and strategy. In addition, President Biden issued an Executive Order aimed at strengthening U.S. cybersecurity practices. Notably, the bipartisan Infrastructure Investment and Jobs Act includes funding to create a grant program at the Department of Homeland Security (DHS) to provide $1 billion to government entities over four years to be used to strengthen state-level and local municipalities' cyber defenses. A quarter of those funds would go to particularly vulnerable rural communities.
The private sector also remains a key in our country’s overall cybersecurity strategy. The government understands that the breadth of talent in the private sector can be used to help shape government processes. Recognizing the benefits that come from partnering with businesses, the U.S. government has unveiled the Joint Cyber Defense Collaborative. With the help of technology companies, includingTechNet members Amazon and Google, the Cybersecurity and Infrastructure Security Agency (CISA) intends for this joint collaboration to initially focus on combating ransomware and cyberattacks on cloud-computing providers. The goal is to ultimately improve defense planning and information sharing between the government and the private sector.
Another measure that is currently being debated in Congress is the National Digital Reserve Corps Act (H.R. 4818), which aims to bring the ingenuity and expertise of the private sector to the federal government. TechNet strongly endorses this legislation and calls on Congress to include it in the 2022 National Defense Authorization Act (FY22 NDAA). This bipartisan bill, introduced by Representatives Tony Gonzales (R-TX) and Robin Kelly (D-IL), aims to bridge federal government needs and private sector capabilities by establishing a program within the General Services Administration (GSA) that manages a reserve of individuals with the credentials to address the digital and cybersecurity needs of Executive Agencies across the federal enterprise. Think of it like the Army or Navy Reserve, but for cybersecurity professionals. While there are many cybersecurity bills currently being negotiated in Congress, this proposed legislation is a prime example of the outside-the-box thinking that is required to combat the challenges that lie ahead.
TechNet applauds Rep. Gonzales and Rep. Kelly for their commitment to this important issue. The nation is at a critical juncture, and the need to strengthen cybersecurity practices through both the federal and private lens will require dedication and commitment by our policymakers on both sides of the aisle. The safety and security of our digital information is not a political discussion – it’s essential to our national defense.