Those who read my Security Debrief posts or my Tweets will recognize (maybe with a groan) that one of my issues is the lack of action in Awareness and Education with regard to cybersecurity. It is not a sexy, nor a potentially lucrative issue, but I believe with all my heart that it is the foundational piece of any eventual solution to our cyber woes. We will never really solve this, but if we are to remain in the game with the bad guys, we must do better than we are now.
Last week I participated in a conference hosted by NIST. It was designed to progress forward with the National Initiative for Cybersecurity Education (NICE -- a really unfortunate acronym). For two days, we discussed the Awareness efforts being led by DHS, examples of seemingly successful education efforts in the Maryland area and some points of view from industry.
The NICE program has four pillars:
* Awareness (for the general population);
* Education (aimed mostly at K-12);
* Training of the Federal Work Force; and
* Professional Certification.
I will comment on the first three, as I do not consider myself truly qualified to opine on the Professional Certification program.
In regard to Awareness, DHS clearly recognizes the importance of the program. They have put some serious assets against this need, but frankly, it is way too little and way too slow (one hopes it is not too late). They are planning six town hall-style events for the coming year. Yes, I said SIX. When I questioned Bruce McConnell, the counsel to the Deputy Under Secretary for National Plans and Programs, as to this paucity of engagements, he sheepishly admitted that it was not enough, but it was all they could do at this time.
Subscribe to this comment's feed
| < Prev | Next > |
|---|
Company