The following is an excerpt of the National Initiative for Cybersecurity Education (NICE) Winter 2021-22 Government Spotlight e-newsletter article entitled, "Creating a Community of Practice for Workforce Development in Industrial Cybersecurity," written by Ralph Ley, Department Manager for Workforce Development and Training at Idaho National Laboratory (INL).
The article touches on the Industrial Control Systems (ICS) Community of Practice (COP), where several outstanding collaborations have emerged:
- One is the input the ICS COP group has been able to provide the National Institute of Standards and Technology (NIST) as it continues to develop industrial cybersecurity content for the NICE Workforce Framework for Cybersecurity.
- Another critical collaboration is that of the International Society for Automation (ISA). ISA is a non-profit professional association of engineers, technicians, and management engaged in industrial automation that creates standards, including cybersecurity standards for industrial control systems. ISA provides a crucial link to automation technology firms and industry practitioners. ISA is an American National Standards Institute (ANSI)-Accredited Standards Developer (ASD).
- A third collaboration to occur as a result of community meetings is a partnership among Siemens Energy; Idaho State University (ISU); Maryland Innovation & Security Institute (MISI) Academy; SysAdmin, Audit, Network and Security (SANS) Institute; REDI; ICS Village; and Capitol Technology University to create a registered apprenticeship for industrial cybersecurity.
The excerpt starts below:
A recent report by Purdue University found there is only one degree program in the United States dedicated to producing industrial cybersecurity professionals -- those would be the individuals tasked to securely design, build, operate, and maintain the critical cyber-physical infrastructures that provide reliable electricity, clean drinking water, and affordable manufactured goods ranging from toilet paper to Tesla. Eleven years after Stuxnet, a computer worm, it appears that almost no one has had the vision to push beyond a single university or college course dedicated to the topic. If cybersecurity is among the top national security concerns faced by the nation, industrial cybersecurity must be the single most critical overlooked educational topic.
When Dr. Sean McBride of Idaho State University and Dr. Shane Stailey of Idaho National Laboratory got together for a brainstorming session in August 2020, they wondered, “What can we do to get the ball rolling on this important issue?” Their idea: to create a Community of Interest – no, a Community of Practice (COP) – that would bring together interested parties from government, academia, and industry to act on the challenge.
“When I think about preparing a workforce to defend our critical industrial control environments from cyber incidents like Colonial Pipeline, it strikes me that there are two grave misconceptions out there: 1) that if we can just teach cybersecurity students and professionals what Programmable Logic Controllers are, that will solve the problem; and 2) that if we can just get instrumentation technicians to think about confidentiality, integrity, and availability, we will secure these critical systems. Those are gross oversimplifications of a challenge that it is past time to seriously address. In a nutshell, that’s why we created the Community of Practice,” said Sean McBride, who has run Idaho State University’s Industrial Cybersecurity degree program since 2017.