In today’s world, information systems and technology are becoming increasingly more complex and evolving rapidly. To ensure the Navy and Marine Corps data, networks, and critical services are protected, we must have a highly skilled and qualified workforce that adapts to a dynamic cyber environment and meets mission requirements.
The Federal Cybersecurity Workforce Assessment Act (FCWAA) of 2015 requires all federal agencies to develop procedures and to code positions using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Framework as described in National Institutes of Standards and Technology (NIST) Special Publication 800-181. This huge effort impacted many functional communities and organizations.
In a cultural shift, the cyber workforce expanded beyond the legacy information technology and information assurance workforces, adding other cyber-related workforces, including key positions engaged in research and development, acquisition, test and evaluation, program management, software development, engineering, intelligence, and other relevant activities to the Cyberspace Workforce. (The terms “cyberspace workforce” and “cyber workforce” are interchangeable. This document will use the term cyber workforce.)
The NICE Cybersecurity Framework includes 52 cyber work roles covering a variety of technical (offensive and defensive) and cyber support work. The cyber workforce encompasses the skills required to build, secure, operate, defend, and protect technology, data, and resources; conduct related intelligence activities, enable future operations, and project power in or through cyberspace. Each component is responsible for coding billets and personnel who perform cyber functions, as listed in the NICE framework, allowing the Services, DoD components and departments to understand the variety and concentration of positions in their specific workforce and how they are deployed across organizations.
In response to the requirements set forth in the FCWAA, the Department of Defense (DoD) released its DoD Directive 8140.01, “Cyberspace Workforce Management” which authorizes and establishes the Defense Cybersecurity Workforce Framework (DCWF) (See Figure 1, DoD Cyber Workforce Framework Model).
The DCWF utilizes the NICE Framework, with the addition of two DoD-specific work role codes (WRC) and groups the work roles by common cyber functions, or elements. The DoD cyberspace workforce elements are: Cyberspace Information Technology (Cyber IT), Cybersecurity, Cyberspace Effects, Intelligence Workforce (Cyberspace), and Cyber Enablers. The work role coding is based on cyber position requirements and standardizes cyber work within the DoD and rest of the federal government. The coding framework facilitates developing a workforce with the right skills, in the right place, with the right people protecting our networks and information, ready to address attacks and protect national security.
Each work role code includes technical and non-technical tasks, knowledge, skills, and abilities which are the basis for determining qualifications and training. The foundational and residential training requirements that will align to each of these work role codes is critical to ensuring we maintain our competitive edge. A combination of education, certification, training, experiential learning, and continuous learning will support successful performance for each work role code. DoD is currently developing the qualification requirements for each. Maturing cyberspace workforce policy is a high priority for the DoD CIO. The DoD CIO office recently released an updated directive and is working to publish the corresponding instruction and manual.
All civilian and military positions performing cyber-related work within the Department of the Navy must have an associated cyber work role code assigned. In January 2019, Assistant Secretary of Navy Manpower & Reserve Affairs (ASN M&RA) directed the Navy and Marine Corps to review and update cyber work role codes for personnel and positions in the DON Civilian Personnel Data System (DCPDS) and Total Force Manpower Management System (TFMMS), respectively, aligning DON coding with the Defense Cybersecurity Workforce Framework.
The DON is transitioning in phases to align with the DoD cyberspace workforce management program. The major efforts include significant workforce coding accuracy and aligning foundational qualification requirements.