1. Federal Cyber Service Training and Education Initiative CICG Personnel, Training and Education Subgroup Mark Montgomery National Security Council November 9, 1999 202-456-9361

2. CIAO.0147 - Mar. 99 - 2 Five Initiatives to Train Federal IT Personnel IT Occupational Study Centers for IT Excellence Scholarship for Service Program (Cyber Corps) High School and Secondary School Programs IT Security Awareness Program for the Federal workforce

3. CIAO.0147 - Mar. 99 - 3 IT Occupational Study Continue the funding of the OPM study which is: Providing an estimate and description of the types federal IT jobs Better defining the information security competency requirements of federal IT jobs Identifying the training needs of federal IT personnel Estimating the number of IT jobs and vacancies When completed OPM will use the study to: Develop new IT “job family” and IT specialty titles Develop competency based job profile pilot for IT personnel Use the data to review and design IT compensation system

4. CIAO.0147 - Mar. 99 - 4 Center(s) for IT Excellence Purpose is to train and certify USG IT workers. We need to establish the standards to which we will train and certify our IT workers on security issues, in doing so we should leverage both the DOD work in developing IT certification and training programs, the NSTISSC standards, non-DOD agency IT programs and respected civilian certification programs. Many agencies have excellent IT training programs, and many workers have certifications. Ensure the new standards account for and accredit existing federal agency IT training programs and workers Courses should be mix of classroom and CD-ROM or web-based distance learning Planned initial courses and certification are for System Administrators and ISSO’s. This will later expand to include other IT worker certifications/ training. The Centers could be USG activities (NIST/OPM/USDA/DISA..), private sector, or universities. All must be accredited to meet the established standards. Estimated initial throughput is 5,000 IT security students per year, this will grow. Costs will decrease as quality/quantity of web based training programs grow.

5. CIAO.0147 - Mar. 99 - 5 Scholarship for Service Program Program to recruit information systems specialists into USG service as IT security managers and experts. First step is to develop standards for program and identify universities to work with. Will use the model of the NSA Centers of Academic Excellence program (itself based on NSTISSC standards) to identify universities/colleges with IT security programs which can be accredited. Up to 300 students per year - mix of undergraduate and graduate students Pay for junior and senior years of undergraduate work, or both years of M.S. Will examine 2-year colleges for potential AS/AA programs This includes summer work programs at federal agencies/Labs, certification programs, conferences for students (a significant cost) May look towards universities with existing IA R&D relationships with USG to leverage this investment Will look to develop programs at historically black and hispanic schools Will examine alternatives for funding university IT security faculty development

6. CIAO.0147 - Mar. 99 - 6 High School and Secondary School Programs Purpose of this program is to identify possible USG IT security employees who could be hired directly from high school. Also will attempt to improve the quality of computer security education in high school and secondary schools High school junior and seniors would be recruited for summer camps and internship programs that could lead to USG IT training and certification and federal job offers. Support for programs such as the National Educational Technology Standards (already supported by Department of Education) for implementing standards in teaching secondary school students computer security practices and ethics. Develop web sites to provide teachers with suggested IA curriculums.

7. CIAO.0147 - Mar. 99 - 7 IT Awareness Program for Federal Workforce This program will provide tools for each agency to administer an IT security awareness program to its entire federal workforce Develop IT awareness tools, leveraging existing DOD and federal agency programs (Some outstanding programs exist/in development). Provide IT awareness program tools at an available web-site or via CD-ROM Ensure the course content is periodically reviewed and upgraded Many agencies already have existing programs that provide satisfactory workforce IT security awareness

8. CIAO.0147 - Mar. 99 - 8 Budget Breakdown FY 2001FY2002 Center for IT Excellence10.9m7.9m Scholarships for Service12.9m23.4m High School Programs1.3m0.8m IT Occupational Study0.7m0.0m TOTAL24.8m32.1m

9. CIAO.0147 - Mar. 99 - 9 Proposed FY 2000 Amendment PROGRAMNEW MONEYAGENCYCURRENT Center for IT Excellence5.75mOPM Scholarships for Service8.5mOPM/NSF1.0 High School Programs1.3mOPM IT Occupational Study1.3mOPM1.0 TOTAL16.85m

10. CIAO.0147 - Mar. 99 - 10 Next Steps Establish Standards for Training and Certifying USG IT workers - use NSTISSC –Solicit potential CITE –Evaluate Existing Federal IT Training Programs - determine if integration is possible –Solicit agency participation (funding for first year?) Establish requirements for accrediting Universities to train SFS program members - use NIETP (derived from NSTISSC standards) –Solicit potential Universities (start with NIETP - 16) –Initiate student recruitment –Evaluate methods for supporting/promoting IT Faculty development Using existing models, develop a federal IT awareness training tool, and distribute to Agencies (web based) Complete OPM IT Occupational Study - develop recommendations for IT job descriptions, training and retention