Cyber Training For Every US Federal Employee

Organisations across the US Governmnent are working with the Department of Homeland Security to enhance their own security awareness training and promote it in their communities. 

A California legislator, Representative Ro Khanna (pictured)wants to make sure every federal employee knows how to securely interact with technology, including the Internet-connected devices that are proliferating throughout the government.

Khanna will introduce legislation that would mandate that all federal employees receive training in basic cybersecurity practices. The training, overseen by the Office of Management and Budget, would also teach feds to identify and mitigate security risks associated with the internet of things.Specifically, the bill would revise title 44 section 3554 of US Code, which outlines federal agencies’ various responsibilities for protecting their information security. 

While the amendment is only 17 words long, it could go a long way in elevating the importance of cyber hygiene across the federal government, especially as more of its physical infrastructure connects to the Internet, according to Khanna.
Many federal employees already receive some form of cyber-security training as part of their jobs, but Khanna said the scope and quality of instruction varies across organisations. 

Through the bill, Khanna intends to provide all federal employees with a baseline understanding of cyber hygiene, especially in relation to the internet of things.

Specifically, the training programs should teach every employee to avoid behavior that could allow intrusions into federal networks, like connecting network-enabled devices to systems containing sensitive data. If a breach does occur, Khanna said, it’s also important that employees know what they should do to minimise the damage.  “The stakes are very high,” he said, although he doesn’t want the training to take a one-size-fits-all approach to cyber-security. While all programs should cover a set of “core basics,” he said, government leaders would be able to tailor their efforts to address the security risks that are most relevant to their organizations’ line of work.

Khanna has yet to recruit any co-sponsors for the bill, though he expects more lawmakers to sign on in the near future. He said leaders at the White House’s Office of American Innovation have previously expressed their support for mandatory cyber training for federal employees.

Khanna isn’t the first lawmaker to take a stab at improving security for the US government’s Internet of things. Earlier this year, members of both the House and Senate introduced legislation that would set minimum security standards for Internet-connected devices purchased by federal agencies, though neither bill has been put to a vote.

NextGov:          US Congress - Khanna Bill:         CSO Online

You Might Also Read: 

Less Than Half Of Employees Get Regular Cyber Security Training:

 

 

« GDPR Lessons Learned
Cyber Security Training That Employees Don’t Hate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Landry & Associates

Landry & Associates

Landry & Associates is a multidisciplinary firm specializing in risk management, performance and technology management.

Nordic IT Security

Nordic IT Security

Nordic IT Security is a cyber security business forum in Scandinavia bringing together the converging worlds of IT, Cyber and Information Security.

IdenTrust

IdenTrust

IdenTrust enables organizations to effectively manage the risks associated with identity authentication.

Learning Tree International

Learning Tree International

Learning Tree's comprehensive cyber security training curriculum includes specialised IT security training and general cyber security courses for all levels of your organisation including the C-suite.

ReliaQuest

ReliaQuest

ReliaQuest’s GreyMatter solution connects existing technology, people, and process – then equips security teams with unified, actionable insights across their entire environment.

Cyber@StationF

Cyber@StationF

Cyber@StationF is an up to 6 months international startup acceleration programme, whose members provide solutions for the Cybersecurity industry.

Grip Security

Grip Security

Grip Security provides comprehensive visibility, governance and data security to help enterprises effortlessly secure a burgeoning and chaotic SaaS ecosystem.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

Data Defenders

Data Defenders

Data Defenders provide information security technology solutions that empower consumers, businesses and governments with safe and secure IT and cybersecurity infrastructures.

Mercury Systems

Mercury Systems

Mercury Systems is the leader in making trusted, secure mission-critical technologies profoundly more accessible to aerospace and defense.

Opal Security

Opal Security

Opal is an identity and access management platform that offers a consolidated view and control of your whole ecosystem from on-prem to cloud and SaaS.

Kahootz

Kahootz

Kahootz is a highly secure cloud collaboration platform helping teams to work together across organisations.

LMNTRIX

LMNTRIX

LMNTRIX eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent and respond to cyberattacks.

When Group

When Group

World Health Energy Holdings, Inc. (d/b/a WHEN Group) is a High Tech Holding Company that specializes in the Cyber, Security and Telecom area.

Symbiotic Security

Symbiotic Security

Symbiotic Security revolutionizes code security by integrating an AI-driven security coach directly within developers' IDEs.