The new cybersecurity licensing proposal
Here's how a Senate proposal to require certification or even licensing for cybersecurity professionals would work.
Q. What does this Senate cybersecurity proposal seek to do?
A. It would require that all government employees and contractors be certified and licensed if they provide cybersecurity services to an agency or for an information system the president designates as critical infrastructure.
Q. How many cybersecurity workers would be affected by the new requirement?
A. Certainly tens of thousands, though precise numbers are difficult to determine because the government does not have a separate job classification for cybersecurity workers.
Q. Is there a difference between certification and licensing?
A. IT certifications traditionally are created and administered by companies and nonprofit industry organizations. Licensing entails some government role in developing or approving the program.
Q. What kinds of training would be included in certification or licensing?
A. The Senate proposal does not state whether the government should use existing commercial programs or develop its own.
Q. Are there any similar requirements already in place in the government?
A. There are no governmentwide programs, but in 2004, the Defense Department started requiring certifications — but not licensing — for all workers who handle information assurance tasks. The requirement applies to 90,000 employees, but only about 30 percent of them have been certified through the program so far.
NEXT STORY: Mandatory cyber certification: What good is it?