Cyber Training For Every US Federal Employee

Uploaded on 2019-11-01 in JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

Organisations across the US Governmnent are working with the Department of Homeland Security to enhance their own security awareness training and promote it in their communities. 

A California legislator, Representative Ro Khanna (pictured)wants to make sure every federal employee knows how to securely interact with technology, including the Internet-connected devices that are proliferating throughout the government.

Khanna will introduce legislation that would mandate that all federal employees receive training in basic cybersecurity practices. The training, overseen by the Office of Management and Budget, would also teach feds to identify and mitigate security risks associated with the internet of things.Specifically, the bill would revise title 44 section 3554 of US Code, which outlines federal agencies’ various responsibilities for protecting their information security. 

While the amendment is only 17 words long, it could go a long way in elevating the importance of cyber hygiene across the federal government, especially as more of its physical infrastructure connects to the Internet, according to Khanna.
Many federal employees already receive some form of cyber-security training as part of their jobs, but Khanna said the scope and quality of instruction varies across organisations. 

Through the bill, Khanna intends to provide all federal employees with a baseline understanding of cyber hygiene, especially in relation to the internet of things.

Specifically, the training programs should teach every employee to avoid behavior that could allow intrusions into federal networks, like connecting network-enabled devices to systems containing sensitive data. If a breach does occur, Khanna said, it’s also important that employees know what they should do to minimise the damage.  “The stakes are very high,” he said, although he doesn’t want the training to take a one-size-fits-all approach to cyber-security. While all programs should cover a set of “core basics,” he said, government leaders would be able to tailor their efforts to address the security risks that are most relevant to their organizations’ line of work.

Khanna has yet to recruit any co-sponsors for the bill, though he expects more lawmakers to sign on in the near future. He said leaders at the White House’s Office of American Innovation have previously expressed their support for mandatory cyber training for federal employees.

Khanna isn’t the first lawmaker to take a stab at improving security for the US government’s Internet of things. Earlier this year, members of both the House and Senate introduced legislation that would set minimum security standards for Internet-connected devices purchased by federal agencies, though neither bill has been put to a vote.

NextGov:          US Congress - Khanna Bill:         CSO Online

You Might Also Read: 

Less Than Half Of Employees Get Regular Cyber Security Training:

 

 

« GDPR Lessons Learned
Cyber Security Training That Employees Don’t Hate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

National Cybersecurity Agency (ANCS) - Tunisia

National Cybersecurity Agency (ANCS) - Tunisia

ANCS (L'Agence Nationale de la Cybersécurité) is the national cybersecurity agency for Tunisia.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

OASIS Open

OASIS Open

OASIS Open is where individuals, organizations, and governments come together to solve some of the world’s biggest technical challenges through the development of open code and open standards.

National Association of State Chief Information Officers (NASCIO)

National Association of State Chief Information Officers (NASCIO)

NASCIO's Cybersecurity Committee focuses helps state CIOs to formulate high-level security and data protection policies and technical controls.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

SecureDevice

SecureDevice

SecureDevice is a Danish IT Security company.

Bit4id

Bit4id

Bit4id provides software and systems for security and identification based on PKI technology.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

PeopleSec

PeopleSec

PeopleSec specializes in the human element of cybersecurity with a comprehensive set of services designed to maximize your security by educating your workforce as a whole.

NetNordic Group

NetNordic Group

NetNordic is a Nordic system integrator focusing on solutions and services in the area of networking, smart data centers, cybersecurity, and unified communication.

Appsec Phoenix

Appsec Phoenix

Appsec Phoenix is an end to end vulnerability management platform that focuses on workflows, threat feed, and real time data.

Path Forward IT

Path Forward IT

Path Forward IT has been troubleshooting, architecting, migrating, protecting, and securing IT environments for businesses across the USA since 2002.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

RB42

RB42

RB42 (formerly Nexa Technologies) provide cyber defense solutions (ComUnity, secure and encrypted messaging, detection of interception tools, etc) and cyber defense consultancy service.

ANSSI Burkina Faso

ANSSI Burkina Faso

ANSSI is responsible for managing the security of information systems and cyberspace in Burkina Faso.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.