President Biden signed an Executive Order on May 12, 2021, marking a significant milestone, focusing on enhancing the nation’s cybersecurity landscape. This executive order outlines a national united strategy to improve the federal government’s cybersecurity and critical infrastructure in the United States. In the wake of several major cyber attacks that have disrupted crucial sectors like energy and transportation, protecting America’s digital networks has become a top priority for the Biden administration.
The executive order establishes several key goals and initiatives, including establishing baseline cybersecurity standards for government agencies, standardizing security practices across the federal civilian government, improving information sharing about cyber threats, and establishing a cybersecurity safety review board to study major incidents. In addition, it lays out plans to strengthen the cybersecurity workforce by expanding education and training programs. This focus on workforce development aligns with a growing need for cybersecurity professionals across all sectors of the economy.
Cybersecurity Threat Landscape
Security breaches affecting government agencies and private companies have underscored the severity of the nation’s cyber risks. The past year saw several high-profile incidents like the SolarWinds supply chain hack that compromised numerous federal agencies and Fortune 500 companies. Other attacks that have disrupted critical infrastructure include the Colonial Pipeline ransomware incident that shut down fuel delivery along the East Coast and the Kaseya ransomware attack that affected hundreds of small businesses worldwide.
These attacks highlight how cybercriminals increasingly target supply chain software as an entry point to spread malware and how infrastructure systems remain vulnerable to digital threats. They have caused real-world disruptions and underscored the interconnected nature of networked systems – an attack on one weak link can rapidly impact many other organizations and end users. As more of our lives and economy become digitized, cybersecurity is a matter of national security, public safety, and economic security. Effectively addressing these threats will require coordinated efforts across government, industry, and the cyber workforce.
Federal Cybersecurity Standards
The executive order establishes a standard playbook for cybersecurity across all non-national security federal agencies within 200 days. This includes baseline requirements and security safeguards around identity management, encryption, software updating, log retention, and response planning. It aims to shore up defensive posture and critical asset protections through standardizing minimum requirements.
In addition, federal chief information security officers will be responsible for approving major IT modernization projects, ensuring security resources are paired with projects from the outset. Agencies will also need to appoint cybersecurity program officials to oversee these activities. The goal is to institute more accountability and uniformity in how different departments and agencies approach cyber defense, setting a strong baseline for the civilian side of government operations.
Standardizing practices will also streamline threat information sharing between government entities and the private sector. This cross-organizational cooperation on cyber intelligence proved lacking in responses to SolarWinds and other intrusions that impacted numerous entities using compromised software or infrastructure providers. Cutting through bureaucratic silos will help speed the identification and warning of active threats.
Centralizing certain security functions under a national cyber director is another key initiative. This new position will help coordinate cyber policies, incident responses, recruitment programs, and threat analysis initiatives on a national scale across government and critical infrastructure. Cyberattacks increasingly disregard organizational boundaries and jurisdictions, so a centralized leadership function facilitating joined-up responses will strengthen national resilience.
Expanding the Cybersecurity Workforce
A major component of the executive order focuses on developing, upskilling, and recruiting the cyber workforce necessary to ensure national cyber defense and protect our digital infrastructure and economy. There is already a shortage of cybersecurity professionals, with some estimates projecting over 500,000 open roles in the US by 2025. Growing this talent pool to meet rising needs is critical.
The order directs the national cyber director to assess workforce demands and establish a national cybersecurity education and training strategy. It aims to expand STEM education programs in high schools and support cybersecurity higher education by establishing scholarships and fellowship programs. Within the government, it calls for expanding focused training efforts and recruiting directly out of academia.
Complementing these initiatives, the Cybersecurity and Infrastructure Security Agency (CISA) will establish a cybersecurity career pathway program to attract and advance talent. This will include apprenticeship efforts and boosting cyber opportunities through programs like CISA’s Centers for Academic Excellence. Broadening participation in cyber fields to women and minority groups will also be an area of focus under the new diversity, equity, and inclusion strategy outlined.
Private sector workforce needs are addressed by establishing sector-specific councils to partner with education institutions to develop curriculums aligned with industry requirements. At the same time, the order promotes publishing tools and best practices to support small business cybersecurity skills development. Providing resources and training for small companies lagging in dedicated security functions can bolster overall sector cyber defenses.
Career Opportunities in Cybersecurity
Given ongoing initiatives to strengthen national cyber defenses and workforce development, exciting career opportunities are emerging across many cybersecurity domains. A few top areas with significant projected job growth include:
-
Cybersecurity Engineers/Analysts – Designing, implementing, and testing security protocols. Analyst roles focus on threat detection, incident response, and forensic investigations. Areas include vulnerability assessment, network security, and compliance auditing.
-
Cybersecurity Program Managers – Overseeing security operations, risk mitigation strategies, technical controls implementation and compliance programs. Manage budgets, vendor relationships, and procurement of cyber tools.
-
Cybersecurity Architects – Designing security architecture and frameworks aligned with business needs. Ensure new technologies and applications are deployed securely.
-
SOC Analysts – Working within Security Operations Centers monitoring networks, detecting anomalies and threats in real-time. Log and triage security alerts research incidents.
-
Penetration Testers – Conducting simulated social engineering and technical hacking to identify organizational vulnerabilities from an attacker’s perspective. Recommend defenses.
-
Cryptanalysts – Focusing on cryptography techniques, digital forensics and malware reverse engineering skills. Break codes and analyze malware to support threat hunting.
-
Risk Management Specialists – Managing organizational risk postures, conducting risk and impact assessments of threats. Develop business continuity plans and disaster recovery programs.
-
Incident Responders – Leading crisis management of active intrusion data breaches through analysis, containment, eradication and recovery. Work with legal public relations on breaches.
-
Cyber Education/Training Specialists – Designing technical and awareness curriculums. Roles in academia, vocational programs, and corporate training functions.
With significant expansion anticipated across the cybersecurity workforce, now is an ideal time for professionals and students to consider careers in these growing domains. Salaries are competitive, and job prospects are strong due to chronic skills shortages. Government initiatives aim to support this evolving industry through education investments and coordination with private sector needs.
Conclusion
President Biden’s Cybersecurity Executive Order sets a unified national strategy for securing government networks, protecting critical infrastructure and addressing challenges like the cyber workforce gap through new education and career development programs. Coordinating standards and collaboration across the public and private sectors aims to strengthen national resilience against persistent cyber threats. Cybersecurity will remain a priority as we become ever more reliant on technology in all aspects of society, requiring a whole-of-nation response. Proactive efforts to defend networks, share intelligence and develop cyber talent pools are prudent investments to safeguard national security, public health and the economy in today’s digital age.
