Virginia Gov. Terry McAuliffe declared Thursday that Virginia is the first state to adopt the National Initiative for Cyber Security Education (NICE) Framework, developed by the National Institute of Standards and Technology, in an official capacity.
The latest version of the framework —also known as NIST Special Publication 800-181— was published earlier this month with the intention of providing a “common, constant lexicon” for a fast-growing industry in which everyone seems to have a different name for the same thing. The state is not the first to consult the framework, nor is it mandating that any organization within the state use it, but rather Virginia is the first state to officially endorse the guideline as an important ingredient for any university, business or government organization interested in supporting a coherent cybersecurity ecosystem.
McAuliffe, who has positioned himself as a leader of states-driven cybersecurity initiatives since taking office in 2014, said Virginia’s integration of the NICE Framework into existing hiring and education efforts will help meet the demand for the state’s some 36,000 unfilled cybersecurity positions. The governor’s announcement makes official and is expected to unify pockets of adoption throughout the state, which already include the state’s apprenticeship programs and some community colleges.
The hope, said Virginia Secretary of Technology Karen Jackson, is that organizations will begin picking up this workforce framework, just as they did following the state’s adoption of NIST’s National Cybersecurity Framework in 2014.
“Everything we do in the cyber world, through the CIO, CISO ? Nelson [Moe] and Mike [Watson] ? all of it somehow ties back and has a nexus to that [2014] framework,” Jackson said. “This [announcement] will allow us to have a much broader and more integrated conversation about the framework. We’re going to use it for tagging our own jobs, we’re going to use it for workforce development, we’re going to use it for curriculum development and when you start getting those three together, if we can manage to promote this to industry, then we can start having a very powerful conversation.”
In speaking with industry commissioners, Jackson said she learned that everyone brags on their resume about being a “cybersecurity expert” but without precise and widely-adopted terminology to describe skill sets, there will continue to be confusion as workers move between and collaborate across university, government and private industry.
NICE Director Rodney Petersen told StateScoop the organization does not track which states have adopted the NICE Framework or to what extent ? only that there are anecdotes of states having referenced it. It is also gaining popularity through adoption by the National Centers of Academic Excellence operated by the National Security Agency and the Department of Homeland Security, Petersen noted.
“It is also being used by training and certification organizations to map industry-recognized certifications to the knowledge, skills, and abilities contained within the NICE Framework,” Petersen said in an email to StateScoop. “The more it is used across government (federal and state), academia, training organizations, and private sector employers, the more we can move as a nation towards a common definition of the problem and solution for addressing our nation?s cybersecurity workforce shortage.”
Source: statescoop.com