On building cybersecurity expertise in critical infrastructure protection

Cybersecurity professionals need training in critical infrastructure protection (CIP) to prepare them for solving problems in design, implementation, and maintenance of infrastructure assets. However, two major roadblocks exist: (1) the lack of necessary skills sets and (2) the frequent need for updates due to rapid changes in computing disciplines. To address these issues and build the needed expertise, this paper proposes a flexible training framework for integrating CIP into cybersecurity training. The foundation of this framework is a set of self-contained training modules; each module is a distinct unit for use by an instructor. Modules are meant to be integrated at different levels, with subsequent modules building on those presented earlier. As these modules are designed for frequent updating and/or replacement, the proposed approach is flexible. This paper develops the generalized CIP module-based training framework and outlines sample introductory and advanced training modules.