Pursuant to Section 549 of the FAA Reauthorization Act of
2018, a National Academies consensus study committee will (1) examine the
Federal Aviation Administration's (FAA's) cybersecurity workforce challenges,
(2) review FAA's current strategy for meeting those challenges, and (3) provide
recommendations related to strengthening FAA's cybersecurity workforce,
including consideration of its size, quality, and diversity. The study will consider cybersecurity
workforce challenges agency-wide, including in such major functional areas as
National Airspace System management, enterprise computing and communications
infrastructure, air traffic control system acquisition and modernization,
unmanned aircraft systems, and safety regulation. The study will take into account how the
FAA's cybersecurity workforce needs are likely to change over time.
Areas to be explored include the following:
and future cybersecurity landscape for the FAA and its mission areas;
and human resources approaches and strategies to achieve current and future
desired outcomes that meet cybersecurity
workforce needs, including recruitment and flexibilities, selection, retention,
training, education, certification, and compensation considerations;
organization structure, workforce strategies, and best practices of other
government and private sector organizations with relevant missions, including
air traffic management and aviation safety assurance;
regulatory, and other institutional constraints on recruitment and
flexibilities, hiring, retention, and compensation of cybersecurity workers;
to strengthen the cybersecurity workforce by attracting and retaining
candidates from diverse backgrounds, including age, race, gender, and geography;
organizational structure, culture, and norms that affect the cybersecurity
- The U.S.
labor market in cybersecurity expertise and commercial competition for
qualified candidates; and
existing structure used by the FAA to define the diverse set of workforce cyber
knowledge, skills, and abilities, and its alignment with frameworks such as the
National Initiative for Cybersecurity Education.
The committee's evidence base, analysis, findings,
conclusions, and recommendations will be set forth in a final report.