A bill to create a $10 million fund for cybersecurity education, a response to rising digital threats, is drawing rare bipartisan cooperation in the House.
Reps. Jim Langevin (D-RI) and Glenn Thompson (R-PA) recently introduced the Cybersecurity Skills Integration Act . The bill would distribute grants of up to $500,000 per year from the Department of Education to universities, trade schools, and other institutions that “incorporate cybersecurity education and prepare individuals to meet workforce needs in critical infrastructure sectors.”
Some estimates suggest there’s a shortage of more than 700,000 cybersecurity professionals in the United States alone. The bill’s grants would be in addition to other federal cybersecurity training efforts, including programs at the Cybersecurity and Infrastructure Security Agency and the National Security Agency .
The bill, which Langevin and Thompson also introduced in March 2019, may be difficult to pass in the lame-duck special session of Congress. The 2019 version of the bill, however, had a bipartisan group of seven additional co-sponsors. Although Langevin is retiring from Congress in January, he said he hopes the bill will pass before then.
“Protecting our critical infrastructure from malicious hackers is a top national security priority, but we need a workforce equipped with the proper skills to do it,” Langevin said in a statement . “Now is the time to double down on our investments in [technical] and cybersecurity education, so that we can develop the critical infrastructure workforce needed to meet the challenges of the 21st century.”
Several cybersecurity experts praised the legislation, saying more cybersecurity education is needed in the U.S., while some suggested that more money is needed.
Federal support for cybersecurity training is needed, said James Hayes, CEO and co-founder of Cyber Legends , an online safety training platform for children. Annual grants of $500,000 to educational institutions would come at a critical time and is “a great start,” he said.
“This bill is helpful because it is targeting the root cause of the massive cybersecurity skills gap in America,” Hayes told the Washington Examiner. “We must change the ways that we attract, train, and advance cybersecurity talent.”
He also suggested that cybersecurity training start earlier than after high school. “This will enable our children to enter the world of cybersecurity with a leg up and fill the void in attracting our youth into cybersecurity roles,” Hayes said.
Because of the shortage of qualified cybersecurity professionals in the U.S., there is a “desperate need” for a cybersecurity education program like the one in the legislation, added Amir Tarighat, co-founder and CEO of cybersecurity company Agency .
However, Tarighat raised concerns about the quality of cybersecurity education currently available in post-secondary occupational training programs. The bill is a “great first step, but I’d like to see high-quality standards from the secretary of education included in the pilot program should the bill move forward,” Tarighat told the Washington Examiner.
The bill would require grant applicants to answer several questions, including how the proposed curriculum and the educational materials to be used will be updated to meet current cybersecurity threats.
Others questioned if the funding is enough to meet the needs. The funding is “very small” by federal government standards, said Kall Loper, vice president of digital forensics and incident response at cybersecurity provider Cyderes .
However, “this does not mean that there is no value in the package,” Loper told the Washington Examiner. “It can draw attention to the gap recognized by Congress in cyber skills training.”
To be successful, the bill’s approach should differentiate itself from existing cybersecurity training programs, such as by recognizing the contributions of several academic disciplines and by recognizing the role of private companies in cybersecurity, Loper said.
“The package could be used to bring more security to the fields outside of traditional cybersecurity disciplines, such as accounting through audit functions or finance through planning,” he said. “There are many others.”