The Cybersecurity and Infrastructure Security Agency (CISA) has released a new guide for university cybersecurity clinics.
University cybersecurity clinics aim to train students from diverse backgrounds and academic expertise to strengthen the digital defenses of non-profits, hospitals, municipalities, small businesses, and other under-resourced organizations, while also developing a talent pipeline for cyber civil defense.
In a blog post, CISA stressed that university cybersecurity clinics are an important piece of the toolkit intended to help small and local organizations combat the growing threat of cyberattacks.
“University, college, and community-college based cybersecurity clinics are filling an essential gap in cybersecurity defense in their communities,” said Ann Cleaveland, co-chair of the Consortium of Cybersecurity Clinics and executive director of the UC Berkeley Center for Long-Term Cybersecurity. “The Consortium and our members are tremendously grateful for CISA’s support for these clinics and their clients around the country. This kind of partnership is critical for advancing cybersecurity for the public good.”
CISA said that it is “well positioned to support university cybersecurity clinics” and as a result is releasing a new guide with “helpful information, resources, and services.”
“The clinics act as force-multipliers for our mission to strengthen target-rich, resource-poor organizations,” CISA said in a blog post. “Clinics can also provide valuable information to CISA regarding the state of cybersecurity and challenges in the field. They play an important role in training the next generation of cybersecurity practitioners and leaders and can act as a recruiting channel for CISA.”
In addition to the new guide, CISA announced a handful of other actions to support university cybersecurity clinics:
- Increasing community awareness – CISA will help raise awareness for clinics to increase support for clinics nationally and locally. Specifically, CISA will spotlight the valuable experience of students who have participated in clinics and help existing clinics connect with local and Federal resources.
- Direct engagement with the clinics – CISA said it will increase its engagement at the local level with clinics through its regional Cybersecurity Advisors. The region-based Cybersecurity Advisors provide a wide range of subject matter expertise and serve as a link with CISA’s programs and services. At the national level, CISA said it will work with organizations like the Consortium of Clinics.
- Funding grants – CISA said it is taking steps to leverage its State and Local Cybersecurity Grant Program (SLCGP), which aims to address cyber risks to information systems owned or operated by state and local governments. CISA said that in some cases clinics may be a source for states and local governments for needed services in carrying out the scope of work under SLCGP grants and subgrants. In the resource guide, CISA said it encourages clients and clinics to work with their State Cybersecurity Planning Committee to understand available funding resources. As CISA looks toward future rounds of grants, it is exploring how to encourage states to consider clinics in their grant-related work.
- Recruiting – CISA noted that clinics can serve as a talent pipeline for the entire cybersecurity community. At CISA, we are working to include them in our recruiting efforts.
“In the long-term, clinics have the potential to be a nationally scalable solution to support target-rich, resource-poor organizations,” CISA said. “We are excited to take these first steps and look forward to ongoing engagement and support as more cybersecurity clinics spread across the country.”
