“NCSF” National cyber security skills framework in Sri Lanka

Abstract

A competent cybersecurity workforce is vital in securing a country’s information systems, critical infrastructure, digital infrastructure and citizen data. Cybersecurity education has been a major priority in many countries as it paves the way to cybersecurity professionals in future so the country’s cybersecurity concerns are fulfilled. It has been evident that numbers of cyber-attacks per year have gone exponentially high throughout the last decade. To counter these intrusions, a country must have a cybersecurity savvy work force who understands cyber related threats that they would encounter while at work which could adversely result in their organizations. The National Cybersecurity Skills Framework (NCSF) has been developed to cater this long-lasting deficit in Sri Lanka. The NCSF framework discusses the Knowledge, Skill, Ability (KSA) cybersecurity elements government officers should possess in 6 different modules. Though this type of frameworks available in other countries, a framework that suits to Sri Lankan requirements has not been developed yet. The reason why the NCSF framework has been developed for 6 modules is, there are approximately 1.5 million government officers in Sri Lanka with a distributed level of educational qualifications and experience levels. Hence, defining a one module would not be enough for the whole government cadre. The National Cybersecurity Strategy Bill of Sri Lanka got the Cabinet approval and it is now pending the Parliament approval. Once the Parliament approval is given, the bill will be fully enacted. Creating a competent cybersecurity workforce is a main concern raised in the bill and NCSF framework will be a key component in the National Cybersecurity Strategy. The NCSF framework provides a baseline for minimum KSAs expected from government officers. The educational institutes can refer to those expected KSAs and design cybersecurity related courses for each module mentioned in the framework. Then the interested parties can follow those introductory courses, diploma level courses, degree programs, international certifications to become competent cybersecurity professionals."