15/11/2024 | Press release | Distributed by Public on 15/11/2024 20:08
"Every minute our cyber workforce is unprepared to meet the moment gives malicious cybercriminals the upper hand"
WASHINGTON, D.C. -- This week, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) penned an op-ed for The Tennessean that highlights the homeland security threat posed by America's cybersecurity workforce shortage to U.S. networks and critical infrastructure and offers the 'Cyber PIVOTT Act,' recently passed out of the Committee by a unanimous vote, as a commonsense solution to create the talent pipeline America needs now.
A Strong and Competent Cyber Workforce is the Best Way to Protect Tennessee
The Tennessean
Chairman Mark Green
November 14, 2024
Every day, Americans rely on having safe drinking water, food on their tables, and access to emergency services to keep their families and communities healthy and safe.
But these goods and services are not a given. These features of our society are considered critical infrastructure, meaning our access to them depends on cybersecure information and operational technology.
Yet the single most important resource for ensuring the security of our critical infrastructure and, by extension, defending our way of life has become dangerously scarce: our people.
As America faces growing threats from sophisticated and dedicated cybercriminals, the country needs more people to detect and quickly respond to intrusions. Improved hardware and software will certainly help our ability to respond, but these tools are only as good as the people who know how to build and use them.
Despite the importance of our people, the United States currently has more than 500,000 vacant cybersecurity jobs. Even more concerning is that 85% of organizations don't believe cyber skills and education will improve any time soon.
In a national survey, less than half of cyber professionals felt that their organization had the resources to respond to cyberattacks in the near future. This is highly concerning, as data breaches caused by cyber intrusions increased more than 70% from 2021 to 2023.
The list of threats to our networks and infrastructure is long and astonishing.
The Chinese threat actor 'Volt Typhoon,' compromised U.S. critical infrastructure for at least five years before discovery. Similarly, another Chinese actor, 'Storm-0558,' compromised the Microsoft Exchange accounts of U.S. officials in 2023, putting government networks in jeopardy.
Iranian-backed actors have launched heightened attacks on our water sector and the Trump campaign, undermining key services and U.S. sovereignty.
Ransomware attacks are rampant. For example, a hack on the Ascension Health hospital system this year impacted patient privacy and even care across the country, including in Nashville, Tennessee. And don't forget, a ransomware attack on a meatpacking plant in 2021 shut down operations at every JBS-owned plant in America.
Even the recent global IT outage caused by an errant CrowdStrike update showcased the vulnerabilities in the critical infrastructure we rely on every day.
To mitigate these growing risks and increase threat visibility across industries and agencies alike, we need strong public-private collaboration to strengthen and develop a new cyber workforce. This is not an easy challenge, but it is one I am committed to addressing.
Time and time again, public and private sector partners have highlighted the need for fresh thinking about how we attract, train, and retain our people. In fact, witnesses from across industries have testified to the House Homeland Security Committee that they need more creative ways to educate students and re-skill workers in the field, and cyber position requirements may fail to match the skill sets required.
One important solution is to increase the availability of skills-based cyber training outside of a traditional four-year degree.
Embracing the needed shift to skills-based cyber education, I introduced legislation earlier this fall to ensure all levels of government have the best and brightest cyber professionals on the frontlines of America's cyber border.
The Cyber PIVOTT Act would increase the accessibility of cyber training and education by establishing a new full-scholarship program for two-year degrees at community colleges and technical schools, which are granted in exchange for required government service.
The military has used Reserve Officer Training Corps (ROTC) programs for decades to offer a valuable pathway for individuals who do not have the opportunity to attend a military academy to begin a lifetime of dedicated military service.
Likewise, the 'Cyber PIVOTT Act' would open doors for professionals seeking to "pivot" to the cybersecurity field without a traditional bachelor's degree -- rewarding and supporting those who use their valuable skills to protect government networks.
We know there is a growing desire for these opportunities. According to a 2023 workforce study, only 31% of new cyber workers said they entered the field with a four-year degree in cybersecurity.
While one bill or program isn't going to solve this problem on its own, my legislation would create a pipeline for at least 10,000 new professionals to enter the field. In order to ensure they continue to succeed; the legislation also provides opportunities for re-skilling and up-skilling as their government service progresses.
During their government service, these professionals will be a key resource for the private sector as advisors.
Following their government service - whenever they make that transition -they will add invaluable experience and expertise to the private sector. They will be vital to securing all our critical infrastructure sectors, from telecommunications and financial services to the energy and agricultural sectors.
Every minute our cyber workforce is unprepared to meet the moment gives malicious cybercriminals the upper hand.
With the Cyber PIVOTT Act, we can focus on the most valuable asset to protect our networks and our critical infrastructure: the right people in the right jobs, with the right skills, where our country needs them most.
###