Certification Survey Extra: The role of government in cybersecurity, Part 2
Posted on
November 16, 2017

Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.

Our discussion continues: Is there a part to play for government in cybersecurity policy and culture?

Last week in this space we took our first look at data from our recent Security Certification Survey regarding the role of government in cybersecurity. If you think about cybersecurity as being, to some extent, part of the essential infrastructure of a modern society, then it's logical to expect that government should have a role in maintaining that infrastructure.

One problem that affects nearly all infrastructure projects is the issue of personnel. Once a network of roads, or a water treatment plant, or whatever it is, has been put in place, people are required to maintain and expand the original undertaking. That, in turn, requires that specialized knowledge be transferred to a constantly changing pool of experts.

What happens if there aren't enough people who pursue that branch of specialized knowledge to preserve and expand critical infrastructure? We're finding out right now, as corporations and other prospective employers compete with government to retain the services of an ever-dwindling supply of skilled information security professionals.

There already aren't enough skilled personnel to satisfy everyone's demand. So here's another point where the presence of government in cybersecurity policy is in question. Will the problem eventually work itself out? Or do we need a few judicious nudges from the legal system to help create a solution?

There's a strong sentiment among many that cybersecurity training should be an element of public education. Kids who learn the basics of cybersecurity at a young age are both more likely to reinforce needed overall awareness of sound cybersecurity practices, and more likely to eventually take an interest in cybersecurity careers. Should government help to  push that agenda along?

Here's what learned by asking survey respondents to rate their level of agreement with two key statements:

Statement 1: Government should aggressively promote cybersecurity curriculum in public education.

Strongly Agree: 42.2 percent
Agree: 35.7 percent
Neither Agree nor Disagree: 16.9 percent
Disagree: 4.5 percent
Strongly Disagree: 0.6 percent

Statement 2: Government should mandate cybersecurity curriculum in public education.

Strongly Agree: 22.2 percent
Agree: 31.4 percent
Neither Agree nor Disagree: 33.3 percent
Disagree: 10.5 percent
Strongly Disagree: 2.6 percent

Perhaps the first thing to note here is that, among the certified information security professionals who responded to the survey — people on the front lines of an increasingly chaotic struggle to maintain order — almost no one disagrees that government should either strongly encourage or directly mandate the inclusion of cybersecurity curriculum in public education. For most of these men and women, getting cybersecurity into the schools is clearly an idea whose time has come.

There is, it would appear, a degree of hesitation about having direct input from government in cybersecurity and public education matchmaking. As indicated by comparing the numbers of those choosing to neither agree nor disagree, a notable chunk of certified IT professionals are much more comfortable with government leading the charge but not necessarily laying down the law. "Aggressively promote" is clearly more acceptable to some than "mandate."

In essence, however, there's a deomstrably strong belief that teaching children cybersecurity is an important element of addressing shared cybersecurity concerns. And since government already has a leading role in determining the course of public education, it would seem that many are looking to established channels to bring about the needed increase in security focus.

Note: Click here to read Part 1 in this series.

About the Author

Certification Magazine was launched in 1999 and remained in print until mid-2008. Publication was restarted on a quarterly basis in February 2014. Subscribe to CertMag here.

Posted to topic:

Important Update: We have updated our Privacy Policy to comply with the California Consumer Privacy Act (CCPA)

CompTIA IT Project Management - Project+ - Advance Your IT Career by adding IT Project Manager to your resume - Learn More