A U.S. government agency is working on new cybersecurity initiative aimed at better countering evolving information technology security threats.

In a statement Monday, the National Institute of Standards and Technology said it’s planning to upgrade a federal initiative on cybersecurity education and workforce training. NIST, which is responsible for developing a range of computer and network security specifications, said it wants to update the National Initiative for Cybersecurity Education, which is a government-industry created framework that aims to “promote a robust network and an ecosystem of cyber-security education, training, and workforce development.”

NIST said the idea is to match skills and training with the security requirements of companies that generally rely on security tools rather than humans to protect themselves against cyberthreats.

The NICE framework should be welcomed by enterprises that have largely struggled to stay one step ahead of cyberattackers, as evidenced by the clumsy responses to a number of recent high-profile hackings and ransomware attacks. It addresses some of the most obvious but often overlooked steps involved in the creation of security teams, such as assessing workforce skills and identifying certification and training requirements. It also specifies tasks used in job descriptions, and ultimately seeks to match these tasks with people who possess the right knowledge, skills and abilities.

“Cybersecurity is a rapidly changing and expanding field,” NIST said in a statement. “This expansion requires a cadre of skilled workers to help organizations perform cyber-security functions. As organizations identify what is needed to adequately manage current and future cyber-security risk, leaders need to consider the cyber-security workforce capabilities and capacity needed.”

One of the main aims of the NIST effort is to raise awareness of the need for a “ground-up” approach to cybersecurity strategies, in order to ward off evolving security threats such as ransomware. Such an approach could be well be helpful, as industry analysts generally agree that most U.S. firms are simply not ready to deal with today’s most sophisticated threats.

For example, an International Data Corp. report from last year concluded that only a small minority of large U.S.-based enterprises have managed to create cybersecurity teams that reflect recommended best practices. One of NICE’s goals is to expand and institutionalize integrated and certified security teams.

“The best practitioners view cyber security as a human-versus-human challenge, where having the best people is more important for combating ‘bad guys’ than having the right technology,” IDC said in its report.

NIST added that it’s planning to host a conference to discuss its progress with NICE in Dayton, Ohio, this November.

Image: Free Images/Flickr