Should federal cyber pros be licensed?

A growing concern that the federal IT workforce lacks the sophisticated cybersecurity skills needed to protect the government's
computer networks has prompted renewed debate about the need for creating mandatory certification and licensing programs.

The debate has gained some traction with the introduction of legislation sponsored by Sens. Jay Rockefeller (D-WV) and Olympia
Snowe (R-ME) that would direct the Commerce Department to "develop, coordinate and integrate a national licensing, certification and periodic recertification program for cybersecurity professionals."

The bill would require everyone, including contractors, to meet the certification and licensing requirements in order for work on
cybersecurity functions for the federal government. Certifications are often used today for hiring and placement, but there is no mandatory licensing. And the quality and effectiveness of the current certifications vary, with some considered worthy and others of little real value.

Not everyone agrees that the Rockefeller plan is a good idea, with some warning that it could create a new bureaucracy that would delay confronting emerging cyber threats rather than improving things. Supporters argue that it will go a long way to ensuring better training and creating a more effective and professional workforce.

The Defense Department already has its own certification program in place, but the federal government, as a whole, has been
struggling without success regarding how to define and classify cybersecurity job functions. Nothing is likely to happen quickly on
this issue, but it has produced a vigorous debate, and that may prove to be valuable.

For more on licensing and certifications:
- see this Federal Computer Week article