1 Protecting Energy s Infrastructure and Beyond: Cybersecurity for the Smart Grid
2 Which is it? Cyber Security ~or~ Cybersecurity?
3 Dr. Ernie Lara President Presenters Estrella Mountain Community College Dr. Clay Goodman VP Occupational Education Estrella Mountain Community College Consortium Director Arizona Sun Corridor-Get Into Energy Consortium
5 Estrella Mountain Community College A Maricopa Community College 2014 Aspen Award Winner Only Arizona College to be named all three rounds Enrollment Demographics Lead College TAACCCT Round 2 Grant
6 Arizona Sun Corridor -Get Into Energy Consortium
7 Transformative Change Initiative The Transformative Change Initiative (TCI) capitalizes on the window of opportunity created by the Department of Labor s Trade Adjustment Assistance Community College and Career Training (TAACCCT) program.
8 Innovations Supply & Demand Model Working closely with industry to identify employee needs Colleges understand capacity and ensure adequate supply of qualified candidates Competency Model Expand across multiple industries Common, stackable credentials
9 Competency Models
10 Power Systems and IT Security AAS Track Credits Certifications Program Pre-Reqs & Gen Ed 25 Security Core 22 Network+; Linux+; Windows 7; MCTS; Configuration; Security+; GSEC; CNSS 3011; SSCP (test) Power Systems IT Security Track 18 NCRC/NCRC+; Employability Skills; Energy Industry Fundamentals; Certified SCADA Security Architect (CSSA) Network Security 20 CCENT; CCNA-Routing and Switching; CCNA-Security; CCNA- Wireless Systems Security-Linux Track Systems Security- Microsoft Track 18 RHCSA; RHCE; CEH 18 MCTS: Windows Server 2012; Network Infrastructure, Configuration; MCTS: Windows Server 2008 Active Directory, Configuration; MCSA: Windows Server 2008; CEH; MCSA-Server Admin
11 Advisory Council FBI Cyber Operations Unit (PHX Field Office) Association for Computing Machinary Arizona Counter Terrorism Intelligence Center Arizona Public Service Palo Verde Nuclear Generating Station Arizona Department of Homeland Security Arizona Cyber Threat Response Alliance Arizona InfraGard American Express
12 Partners CyberWatch West The Center for Cybersecurity Education National Cybersecurity Institute Excelsior College InfraGard Partnership between the FBI & the private sector including academic institutions
15 Cyber Security Competencies Competency Level Career Readiness Content Basic Employability Skills STEM Industry Certification National Career Readiness Certificate; National Career Readiness Certificate Plus Employability Skills Education Level (example) High School/College Professional Experience Required Career Preparation
17 Cyber Security Competencies Competency Level Technician Content Information security principles Access control Risk Management Information Technology principles Information security compliance Threats, attacks and vulnerabilities Security tools and techniques Encryption and cryptography Security operations, and activities Audit, testing and monitoring strategies Malicious code activity Information technology protection mechanisms Information technology Ethics Operating System Security Network Security Industry Certification CompTIA Security Plus CNSS 4011 GIAC GSEC ISC2 SSCP (Test) Education Level Associate Degree Professional Experience Required Entry Level
19 Cyber Security Competencies Competency Level Practitioner Content Access Controls Cryptography Malicious Code and Activity Monitoring and Analysis Networks and Communications Risk, Response and Recovery Security Operations and Administration Risk Management Framework (RMF) Categorization of Information Systems Selection of Security Controls Security Control Implementation Security Control Assessment Information System Authorization Monitoring of Security Controls Industry Certification Certified Authorization Professional (CAP) Systems Security Certified Practitioner(SSCP) Education Level (example) Bachelors Degree Professional Experience Required 1-5 years
21 Cyber Security Competencies Competency Level Expert/Senior Practitioner Content Access Control Telecommunications and Network Security Information Security Governance and Risk Management Software Development Security Cryptography Security Architecture and Design Operations Security Business Continuity and Disaster Recovery Planning Legal, Regulations, Investigations and Compliance Physical (Environmental) Security Research & Analysis Integration of Computing, Communications, and Business Disciplines Industry Certification Certified Information Systems Security Professional (CISSP) CompTIA Advanced Security Practitioner (CASP) Education Level (example) Masters Degree Professional Experience Required 5-10 yrs
22 Homeland Security Academic Advisory Council s (HSAAC) Subcommittee on Cybersecurity 1. How to attract students, student veterans and recent graduates to cybersecurity jobs at DHS; 2. How can DHS better promote the DHS/National Security Agency National Centers of Academic Excellence cybersecurity programs tothe higher education community; 3. How to define the core elements of cybersecurity degree and certificate programs to prepare graduates for mission-critical cyber jobs at DHS; 4. How DHS can facilitate and strengthen strategic partnerships with industry, national labs, colleges, universities and others to build the cybersecurity workforce; 5. How DHS can partner with academia to build a pipeline of diverse students in STEM; and 6. How key subcategories in cybersecurity such as policy, critical infrastructure, human factors intellectual property, and others can inform academic pathways to meet national needs.
23 HSAAC Recommendations DHS should launch an internal campaign to educate program managers on the new Pathways Programs hiring authority for internships, including the options it presents for providing community college students with work experience. The summer 2013 Secretary s Honors Program Cyber Student Volunteer Initiative, in which community college students served in U.S. Immigration and Customs Enforcement cyber forensics labs, should be expanded and cited as a best practice. DHS should ensure that its cyber internship programs include a structured career path where participants have the opportunity to be hired for permanent entry-level positions upon completion of the program.
24 HSAAC Recommendations DHS should expand its internship opportunities to include virtual internships and mentorships, in order to engage additional students and strengthen the Department s cybersecurity recruitment efforts. DHS and NSA should align the KUs used as criteria for CAE designations to a set of learning outcomes to help institutions of higher education developing cyber-related degree and certificate programs better meet workforce needs. DHS and NSA should formally deputize CAEs to act as representatives of the program at higher education conferences and meetings to conduct outreach and promote the program s benefits to academic institutions.
25 NSA Center of Academic Excellence 2Y 1. Outreach and Collaboration 2. Center for Information Assurance (IA) and Cyber Defense (CD) Education 3. IA/CD Student Development 4. IA/CD as a Multidisciplinary Science 5. Practice of IA/Cybersecurity Encouraged Throughout the Institution 6. IA/CD Faculty
26 Questions? Ernie Lara Clay Goodman Arizona Sun Corridor-Get Into Energy Consortium (az.getintoenergy.com) Estrella Mountain Community College (www.estrellamountain.edu)