(Cyberwar.news) A newly released report by the Congressional Research Service found that Congress has little information about the federal cybersecurity workforce and whether legislation crafted to bolster recruitment is actually helping.
As reported by FedScoop, the hiring of federal cybersecurity employees has been made a priority by Congress, but the CRS report noted that lawmakers have little real data about that workforce and worse, no way of being able to gauge how effective its own initiatives or those of the Obama administration have been to head off a looming workforce crisis in the field.
FedScoop reported further:
Legislation enacted over the past two years has provided special hiring flexibility — like the chance to pay higher salaries, or promote on an accelerated timeline — to U.S. Cyber Command, the Pentagon and the Homeland Security Department to help them recruit the cybersecurity talent they need.
However, according to the CRS report that was posted online notes there are overlapping and inconsistent congressional authorities and reporting requirements within those three pieces of legislation. Also, lawmakers have no way of accurately measuring whether the hiring efforts are effective because Congress has never been given an effective measurement formula for the federal cybersecurity force.
“Efforts to define and identify federal cybersecurity workforce positions have largely been undertaken by [the Office of Personnel Management]. OPM, however, is not currently required to report on its progress in identifying and coding all federal cybersecurity positions to Congress, nor has it released its cybersecurity dataset or a government-wide count of the cybersecurity workforce to Congress,” the report states.
Congress’ focus on cybersecurity was heightened following discovery of the massive breach of OPM last summer, a breach that the administration has not publicly blamed on anyone but which analysts deemed was most likely carried out by hackers associated with the Chinese government.
“Developing and maintaining a robust federal cybersecurity workforce, however, has been an ongoing challenge,” the report states. “The Chief Human Capital Officers Council Working Group found skills gaps in cybersecurity positions (and other positions) government-wide, which prompted the Obama Administration to create a Cross-Agency Priority (CAP) to reduce however, efforts to close these cybersecurity gaps were at an ‘early stage of maturity.’”
Cybersecurity experts say in any case it will likely be difficult for Uncle Sam to recruit the cyber workforce necessary to protect its systems.
“The federal government…faces stiff competition from private industry when it comes to cybersecurity professionals,” Joseph Steinberg, CEO of SecureMySocial, the world’s first system to warn people in real time if they are making inappropriate social-media posts, told Cyberwar.news in an email. “There is a shortage of skilled labor, creating an imbalance of supply and demand; private industry often pays significantly more in such situations, but the federal government cannot easily raise wages due to standard pay brackets used across its various organizations.”
“Obviously, it’s increasingly important for the U.S. to increase protections and focus on cybersecurity in the future,” added Ron Schlecht Jr., managing partner at BTB Security, noting that the U.S. government’s shortage of cybersecurity personnel exists as threats to IT systems are increasing.
“Most importantly (and scariest) is that the infrastructure to support nefarious actors in areas where enemies of the state are dense, has continued to mature,” he told Cyberwar.news. “So, the ‘bad’ folks who are trying to hurt us all through terrorism will have increasingly better access to the means to carry out cyber attacks. In the years to come, those bad actors will also continue to mature.”
Adds Beau Adkins, co-founder and CEO of Lightpoint Security, “The U.S. government already takes extraordinary measures to protect classified information in its networks, especially in the intelligence community. The most effective of these measures is full network isolation, so there is no path for an attacker from the outside to attack these classified networks. However, this is only half of the story. There is still an enormous network of public facing network assets that cannot be isolated the same way.”
Cyberwar.news is part of the USA Features Media network of sites. For advertising opportunities, click here.Submit a correction >>