The Government Accountability Office (GAO) has recently released a report highlighting the efforts made by the National Institute of Standards and Technology (NIST) to strengthen the cybersecurity workforce through the National Initiative for Cybersecurity Education (NICE) program. While the NICE program has shown positive outcomes, the report also points out several areas where improvements are needed to effectively assess its performance and ensure its long-term success.The NICE program, led by NIST, aims to bolster the cybersecurity workforce in both government agencies and private sector organizations. With an annual budget of $4 million and a dedicated staff, the program has made significant strides in establishing an inventory of essential cybersecurity skills and work roles, with valuable input from stakeholders. It has also fostered collaborations between public and private entities to promote cybersecurity training and education through working groups and communities of interest.The GAO report praises the NICE program for organizing webinars, forums, and conferences to disseminate valuable cybersecurity information. Focus group participants generally commended NICE for its customer service, community benefits, and useful products. However, some challenges were raised during the review, including an unclear scope, a lack of performance metrics, limited communication and outreach, and inconsistent internal communication.One critical aspect where NIST’s performance assessment fell short was the development of performance measures for the program. While the practice of involving stakeholders was fully implemented, other key practices necessary for establishing a program-level performance process were not. As a result, NIST relied on volunteer working groups to develop performance measures, leading to inconsistencies due to varying skills and approaches among volunteers. Consequently, NIST could not demonstrate significant program progress, hindering its ability to effectively identify challenges and opportunities for improvement.To address these issues and ensure the long-term success of the NICE program, the GAO has put forth eight recommendations for NIST. These recommendations include fully developing goals and performance measures, assessing the program’s environment and identifying strategies, tracking reliable information and reporting results to stakeholders, and leveraging data to assess progress and identify improvement opportunities.The report emphasizes that implementing these recommendations is crucial for NIST to effectively manage and strengthen the NICE program. By developing reliable performance measures and assessing progress, NIST can identify potential obstacles and opportunities, leading to sustainable improvements and enhanced outcomes for the cybersecurity workforce.The Department of Commerce, which oversees NIST, has agreed with the GAO’s recommendations, indicating its commitment to enhancing the NICE program’s effectiveness and impact. As the cybersecurity landscape continues to evolve, the successful implementation of these recommendations will be pivotal in building a robust and resilient cybersecurity workforce capable of addressing emerging cyber threats and challenges.
Subscribe to our mailing list to get the new updates!
October 20, 2023
October 20, 2023