Cyber Training For Every US Federal Employee

Uploaded on 2019-11-01 in JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

Organisations across the US Governmnent are working with the Department of Homeland Security to enhance their own security awareness training and promote it in their communities. 

A California legislator, Representative Ro Khanna (pictured)wants to make sure every federal employee knows how to securely interact with technology, including the Internet-connected devices that are proliferating throughout the government.

Khanna will introduce legislation that would mandate that all federal employees receive training in basic cybersecurity practices. The training, overseen by the Office of Management and Budget, would also teach feds to identify and mitigate security risks associated with the internet of things.Specifically, the bill would revise title 44 section 3554 of US Code, which outlines federal agencies’ various responsibilities for protecting their information security. 

While the amendment is only 17 words long, it could go a long way in elevating the importance of cyber hygiene across the federal government, especially as more of its physical infrastructure connects to the Internet, according to Khanna.
Many federal employees already receive some form of cyber-security training as part of their jobs, but Khanna said the scope and quality of instruction varies across organisations. 

Through the bill, Khanna intends to provide all federal employees with a baseline understanding of cyber hygiene, especially in relation to the internet of things.

Specifically, the training programs should teach every employee to avoid behavior that could allow intrusions into federal networks, like connecting network-enabled devices to systems containing sensitive data. If a breach does occur, Khanna said, it’s also important that employees know what they should do to minimise the damage.  “The stakes are very high,” he said, although he doesn’t want the training to take a one-size-fits-all approach to cyber-security. While all programs should cover a set of “core basics,” he said, government leaders would be able to tailor their efforts to address the security risks that are most relevant to their organizations’ line of work.

Khanna has yet to recruit any co-sponsors for the bill, though he expects more lawmakers to sign on in the near future. He said leaders at the White House’s Office of American Innovation have previously expressed their support for mandatory cyber training for federal employees.

Khanna isn’t the first lawmaker to take a stab at improving security for the US government’s Internet of things. Earlier this year, members of both the House and Senate introduced legislation that would set minimum security standards for Internet-connected devices purchased by federal agencies, though neither bill has been put to a vote.

NextGov:          US Congress - Khanna Bill:         CSO Online

You Might Also Read: 

Less Than Half Of Employees Get Regular Cyber Security Training:

 

 

« GDPR Lessons Learned
Cyber Security Training That Employees Don’t Hate »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Prim'X Technologies

Prim'X Technologies

Prim'X Technologies provides information protection solutions to prevent unauthorised access to sensitive data.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

App-Ray

App-Ray

App-Ray provides fully automated security analysis of mobile applications to find security issues, privacy breaches and data leaking potentials.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Secarma

Secarma

Secarma provides penetration testing, security assessments, consultancy, and training services to ensure your digital infrastructure is secure from cybersecurity threats.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

VIQU Recruitment

VIQU Recruitment

VIQU Recruitment was formed with the primary focus of providing 'Smarter People Solutions' to the UK’s professional IT & Cyber Security markets.

UltraSoC Technologies

UltraSoC Technologies

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky Industrial CyberSecurity (KICS)

Kaspersky addresses all the cybersecurity needs of industrial organizations in its Kaspersky Industrial CyberSecurity (KICS) portfolio.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

EDGE Group

EDGE Group

EDGE is one of the world’s leading advanced technology groups, established to develop agile, bold and disruptive solutions for defence and beyond.

Cognisys Group

Cognisys Group

Cognisys provides cyber security penetration testing and compliance services from its offices in Leeds and Manchester.