Energy Industry Cybersecurity: Will Federal Grants Close Talent Gap? -

Newly introduced bipartisan legislation would create a grant program for postgraduate university students to help develop a skilled cybersecurity workforce specific to the energy industry.

The Energy Cybersecurity University Leadership Program Act is intended to address a rise in cybersecurity threats against energy infrastructure in the U.S. by providing grants and other financial assistance to graduate and postdoctoral researchers studying cybersecurity and energy infrastructure. The bill is sponsored by Congressional representatives Mike Carey (R-OH) and Deborah Ross (D-NC).

The program, which would be overseen by the Department of Energy, would provide the following:

Financial assistance for scholarships, fellowships, and research and development projects at colleges and universities to support graduate students studying the convergence of cybersecurity and energy infrastructure.

Students and postdoctoral researchers with traineeship research experiences at the Department of Energy’s National Laboratories and utilities.

Expands outreach to Historically Black Colleges and Universities, Minority Serving Institutions, and Tribal Colleges and Universities.

The bill requires that the Secretary of Energy submit a report to Congress on the development and implementation of the program no later than one year after bill is enacted.

Both of the bill’s sponsors suggested that the legislation was prompted in part by the ransomware attack on the Colonial Pipeline and an attempted water poisoning at a Florida treatment plant. “Cyber threats on America’s energy sector have never been greater and must be met with urgent action to protect the critical infrastructure that makes modern life possible,” said Carey. “Establishing the Energy Cybersecurity University Leadership Program will strengthen our resilience by further developing a high-skilled workforce with energy-specific cybersecurity expertise.” For her part, Ross said the legislation will "better equip our brilliant students and researchers in North Carolina and beyond to tackle this changing cybersecurity landscape."

In addition to proposed legislation to build a skilled cybersecurity workforce, there are a number of ongoing initiatives in the private sector. For example, Microsoft is expanding its cybersecurity skills program, first launched in the U.S. in October, 2021, to 23 additional countries globally. Microsoft estimates the demand for qualified cybersecurity staffers will number some 3.5 million people worldwide by 2025. In the initial rollout last year, Microsoft partnered with U.S. community colleges to help skill and recruit into the cybersecurity workforce 250,000 people by 2025, representing half of the country’s workforce shortage.

Closing the Cybersecurity Talent Gap: Additional Education Programs

Meanwhile, multiple organizations are striving to close the cybersecurity talent gap across the MSP ecosystem.

One example involves Level Up, an MSP security training challenge organized by The CyberCall’s Andrew Morgan and Black Hills Information Security‘s John Strand.

Also of note: MSPAlliance partnered with Boise State University and Stellar Cyber to create MSP-specific business, technical, and cybersecurity training, along with job placement tools, according to a March 2022 announcement. Stellar Cyber has been particularly active on the MSP training front. Similar to Apple’s focus on college-level relationships, Stellar Cyber is building partnerships to educate students on Open XDR (eXtended Detection and Response) technologies and associated capabilities.

A recent Splunk study found that nearly nine in 10 organizations contend it is more difficult to recruit and retain cybersecurity talent in the past year. Roughly six in 10 suffered from an inability to hire talent with the right skill set to do the job.