Cyber Training For Every US Federal Employee

Organisations across the US Governmnent are working with the Department of Homeland Security to enhance their own security awareness training and promote it in their communities. 

A California legislator, Representative Ro Khanna (pictured)wants to make sure every federal employee knows how to securely interact with technology, including the Internet-connected devices that are proliferating throughout the government.

Khanna will introduce legislation that would mandate that all federal employees receive training in basic cybersecurity practices. The training, overseen by the Office of Management and Budget, would also teach feds to identify and mitigate security risks associated with the internet of things.Specifically, the bill would revise title 44 section 3554 of US Code, which outlines federal agencies’ various responsibilities for protecting their information security. 

While the amendment is only 17 words long, it could go a long way in elevating the importance of cyber hygiene across the federal government, especially as more of its physical infrastructure connects to the Internet, according to Khanna.
Many federal employees already receive some form of cyber-security training as part of their jobs, but Khanna said the scope and quality of instruction varies across organisations. 

Through the bill, Khanna intends to provide all federal employees with a baseline understanding of cyber hygiene, especially in relation to the internet of things.

Specifically, the training programs should teach every employee to avoid behavior that could allow intrusions into federal networks, like connecting network-enabled devices to systems containing sensitive data. If a breach does occur, Khanna said, it’s also important that employees know what they should do to minimise the damage.  “The stakes are very high,” he said, although he doesn’t want the training to take a one-size-fits-all approach to cyber-security. While all programs should cover a set of “core basics,” he said, government leaders would be able to tailor their efforts to address the security risks that are most relevant to their organizations’ line of work.

Khanna has yet to recruit any co-sponsors for the bill, though he expects more lawmakers to sign on in the near future. He said leaders at the White House’s Office of American Innovation have previously expressed their support for mandatory cyber training for federal employees.

Khanna isn’t the first lawmaker to take a stab at improving security for the US government’s Internet of things. Earlier this year, members of both the House and Senate introduced legislation that would set minimum security standards for Internet-connected devices purchased by federal agencies, though neither bill has been put to a vote.

NextGov:          US Congress - Khanna Bill:         CSO Online

You Might Also Read: 

Less Than Half Of Employees Get Regular Cyber Security Training:

 

 

« GDPR Lessons Learned
Cyber Security Training That Employees Don’t Hate »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

Cyber Technology Institute - De Montfort University

Cyber Technology Institute - De Montfort University

The Cyber Technology Institute provides training and high quality research and consultancy services in the fields of cyber security, software engineering and digital forensics.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

IberLayer

IberLayer

IberLayer is the company behind the Email Guardian service, a cloud based Email Total Protection system that filters and blocks email threats.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Rhino Security Labs

Rhino Security Labs

Rhino Security Labs is a top penetration testing and security assessment firm, with a focus on cloud pentesting, network pentesting, web application pentesting, and phishing.

Network Intelligence

Network Intelligence

Network Intelligence are a global cybersecurity provider offering services across 6 broad spectrums - Assessment, BCMS, GRC, Professional Services, MSSP & Training.

Comcast Business

Comcast Business

Comcast Business keeps businesses ready for what’s next with powerful connectivity, advanced cybersecurity solutions, and the right people at your side.

Software Improvement Group (SIG)

Software Improvement Group (SIG)

Software Improvement Group helps business and technology leaders drive their organizational objectives by fundamentally improving the health and security of their software applications.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Bastion Networks

Bastion Networks

Bastion are a security-focussed managed solution provider and consultancy. We work with advanced cyber security vendors to produce managed security solutions to protect from online threats.

Munio

Munio

Munio is a leading Fortified IT Support and Cyber Security companies in the south east of the UK.