Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
DoD Cyber Workforce Management
Cyber Workforce Demands
2
Trends and key challenges impacting cyber workforce:
Inconsistent Lexicon
While strides have been made, the language used to discuss
cyber work and skill requirements is inconsistent. This hinders
the nation’s ability to assess capabilities, identify skill gap, and
prepare the pipeline of future cyber talent.
A recent report by the Partnership for Public Service stated,
“There is a nationwide shortage of highly qualified
cybersecurity experts, and the government has fallen behind
in the race for this talent.
Lack of Cybersecurity Professionals
Disjointed Professional Development
There is a lack of clearly defined roles and career paths for
cyber work. Efforts to establish accreditation standards for
cyber curricula and certifications have been inconsistent.
Cybersecurity Viewed as Separate Function
There is often a perception that cybersecurity is a stand alone
function performed by specific cybersecurity professionals. As
a result, cybersecurity is not recognized by many in the
broader cyber workforce as being a part of their own daily
work.
Office of the DoD Chief Information Officer (CIO) 3
DoD Cyber Workforce Framework Overview
UNCLASSIFIED//FOUO
NICE Cybersecurity Workforce Framework DoD JCT&CS Lines of Operation
The language used to discuss cyber work and skill requirements is inconsistent and hinders the Nation’s ability to assess capabilities, identify
skill gaps, and prepare the pipeline of future cyber talent.
On behalf of the Department of Defense, the DoD CIO led the development of the DoD Cyber Workforce Framework (DCWF) to establish a
common lexicon based on the work an individual is performing, not their position title, occupation series, or Designator.
The DCWF leverages the original National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) and the DoD
Joint Cyberspace Training & Certification Standards (JCT&TS)
The DCWF is built using the same hierarchical structure as the NCWF, and includes work role descriptions, as well as,
baseline tasks, knowledge, skills, and abilities (KSAs) by work role.
The DCWF has been adapted at the national level in NIST Special Publication 800-181, and was used to develop an
international workforce framework under the North Atlantic Treaty Organization (NATO) Multinational Cyber Defense
Training and Education Project.
The DCWF will facilitate uniform identification, tracking, and reporting required by the Federal Cybersecurity Workforce
Assessment Act (FCWAA) of 2015; develop qualification requirements for cyber work roles outlined in DoD Manual(s)
8140.XX; and support a number of other DoD-wide workforce management & planning activities.
DoD CYBER WORKFORCE FRAMEWORK (DCWF) OVERVIEW
DoD 8140 Issuances: Policy to Enable Workforce
4
DoD Instructions 8140 (currently in draft) will cover the identification, tracking, and reporting of the
cyber workforce in accordance with the DCWF
DoD Directive 8140, signed August 2015, establishes a definition for the cyber workforce and
outlines Component roles and responsibilities for the management of the DoD cyber workforce
NOTE: 8570.01-M is still in effect until such a time as it is replaced
DoD Cyberspace Workforce Strategy
DoD Directive 8140.01Cyberspace Workforce Management
Draft: DoD Instruction 8140Cyber Workforce Identification, Tracking & Reporting Requirements
DoD Cyber Workforce Framework(Lexicon of Cyber Work Roles)
Draft: DoD Manual(s) – Cyber Workforce Qualification and Management Program
CertificationsContinuous
Professional Development
TrainingEducation
Qualifications Model: Establishes qualification criteria for each DCWF work role
On-the-Job Qualification
Qualifying the Cyber Workforce
5
AdvancedIntermediateBasic
Option
Option
Option
AlwaysRequired
ComponentDiscretion
> Of 20 Hours/YearOr Cert. Rqmt.
Option
Option
Option
AlwaysRequired
ComponentDiscretion
> Of 20 Hours/YearOr Cert. Rqmt.
Option
Option
Option
AlwaysRequired
ComponentDiscretion
> Of 20 Hours/YearOr Cert. Rqmt.
-or-
-or-
-or-
-or-
-or-
-or-
Continuous
Professional
Development
Environment
Specific
Requirements
On-the-Job
Qualification
Personnel
Certification
Training
Education
• Leverage and improve upon standards established in 8570
• Focus on demonstration of capability and increase flexibility for efficient implementation
• Allow for a rand of alternatives for achieving qualification
The DoD 8140 Cyber Workforce Qualification Program is designed to:
DoD 8140 Issuances: An Enterprise Construct
6
Technology, Tool, & Environment
Requirements
Components will be expected to add additional
requirements to enhance readiness based on
environment specific factors
Enterprise Baseline Requirements
Aligned to Work Role(s)
The 8140 series issuances will establish
enterprise baseline standards and requirements
according to DCWF work role(s)
Organizational
Requirements
Mission
Requirements
This structure will enable reciprocity while
enhancing interoperability and cyber
readiness
EN
TE
RP
RIS
E (
OS
D)
FU
NC
TIO
NA
L O
WN
ER
S (
CC
/S/A
/FA
)
Defining the Cyber Workforce
7
CYBERSPACE WORKFORCE
Personnel who build, secure,
operate, defend and protect DoD
and US cyberspace resources;
conduct related intelligence
activities; enable future
operations; and protect power in
or through cyberspace. It is
comprised of personnel assigned
to the areas of Cyber Effect,
Cybersecurity, Cyber IT, and
portions of the Intelligence
Workforce (shown below).
CYBER EFFECTS: Personnel who plan, support, and execute cyberspace capabilities where the primary
purpose is to externally defend or conduct force projection in or through cyberspace.
CYBERSECURITY: Personnel who secure, defend, and preserve data, networks, net-centric capabilities,
and other designated systems by ensuring appropriate security controls and measures are in place, and
taking internal defense actions. This includes access to system controls, monitoring, administration,
and integration of cybersecurity into all aspects of engineering and acquisition of cyberspace
capabilities.
INTELLIGENCE: Personnel who collect, process, analyze, and disseminate information from all sources
of intelligence on foreign actors’ cyber programs, intentions, capabilities, research and development, and
operational activities.
CYBER IT: Personnel, who design, build, configure, operate, and maintain IT, networks, and capabilities.
This includes actions to prioritize portfolio investments; architect, engineer, acquire, implement,
evaluate, and dispose of IT as well as information resource management; and the management,
storage, transmission, and display of data and information.
CYBER WORKFORCE
CYBER WORKFORCE AREAS
Success in cyberspace is dependent on
having a knowledgeable and skilled workforce
that can adapt to the dynamic environment
and adjust resources to meet missions
requirements.
Identifying the Cyber Workforce
8
FEDERAL CYBERSECURITY
WORKFORCE ASSESSMENT ACT:
The FCWAA of 2015 requires all
Federal Agencies to develop
procedures and code positions (both
civilian and military) performing
information technology (IT),
cybersecurity, and other cyber-related
functions. This effort will facilitate:
• Interoperability & Reciprocity
• Accurate workforce analytics, to
include supply and demand
analysis
• Targeted talent management
practices
DoD Instruction 8140 will provide direction for the identification and tracking and reporting of DoD cyber positons
and establish and implement the DCWF as the authoritative lexicon of the DoD cyber workforce. For each
identified cyber position, Components will assign 1-3 work role codes for each cyber position
Primary: Encompasses the majority of a position’s responsibilities; Typically indicates a performance
percentage of 50% or greater of time is spent in this work role
Additional: Captures other key cyber functions required of the position; Typically indicates less than
50% of time is spent performing the functions of this work role
DCWF ALIGNMENT DISTRIBUTION
34 991
21 628
10 795
153
Aggregate Sum; 67 567
DCWF PrimaryNon-DCWF Additional
DCWF PrimaryDCWF Additional
DCWF AdditionalNon-DCWF Primary
Non-DCWF PrimaryNon-DCWF Additional
Illustrative
Office of the DoD Chief Information Officer (CIO)
DoD Cyber Workforce Team
For additional information about Department of Defense Cyber Workforce
Initiatives contact:
Ms Bobbie Sanders
Chief, Cyber Workforce Management Division
Office of the DoD Chief Information Officer
703-697-3426
OR
9