The government needs to create and fund new hiring programs to fill Federal cyber vacancies, according to experts testifying before the House IT Subcommittee on Tuesday.
“The approach we’re taking to hiring cyber talent is well intended but it gets in the way of actually filling an awful lot of these vacancies across the Federal enterprise and retaining that talent,” said former Commerce Department CIO Steven Cooper.
For example, appropriations requirements often force CIOs hire cyber professionals with their agency’s money, which limits the talent that each department can pull from, he said. But if that money could be pooled from many different agencies under a recruiting team, then agencies like Commerce wouldn’t have to compete with the more “exciting” jobs at the departments of Defense and Homeland Security, and the resulting cyber team could be deployed where there is the most need.
During the hearing, IT subcommittee chairman Will Hurd, R-Texas, floated the idea of creating a Cyber National Guard that would pull workers from the private sector for short stints of work in the government.
“During one of our last hearings on this subject, one witness testified that 209,000 cybersecurity jobs went unfilled in 2015. That is a pretty large number. That is why I have been advancing the idea of a Cyber National Guard,” said Hurd. “This is really a way to talk about how do we recruit and hire qualified individuals to the Federal IT workforce and then retain their skills in the future on a rotational basis?”
According to the witnesses, a Cyber National Guard could be useful in accomplishing less intensive cyber initiatives in the government, such as testing new systems for vulnerabilities or training non-IT employees in proper cyber hygiene.
Lisa Depew, head of industry and academic outreach at McAfee, said that there is also a value to industry in having employees with direct government experience to tell them exactly what their government customers need.
Though many of the witnesses expressed support for the idea of a Cyber National Guard, many were more concerned with expanding the scope and funding for the CyberCorps scholarship program, which pays for part of college students’ cyber education in exchange for service in the government.
“The CyberCorps Scholarship for Service program is designed to increase and strengthen the cadre of Federal information assurance specialists that protect government systems and networks by supporting collegiate students with funding, internships, and work opportunities. Policymakers should expand funding for this initiative,” said Depew. “We highly recommend that it be expanded to include community colleges.”
“I couldn’t agree more,” said Dan Waddell, managing director of (ISC)2. He said the program should also reach outside the traditional STEM fields, as arts and communication majors versed in cybersecurity can provide a valuable bridge between the people doing cybersecurity work and leadership. Waddell told MeriTalk in March that the 2015 Office of Personnel Management breach provides a classic example of how lack of effective cybersecurity communication can harm an organization.
According to Depew, the proposed investment for the CyberCorps program for 2017 is $70 million, but this number will not truly make a dent in the 10,000 vacant Federal cybersecurity positions, as estimated by former Federal CIO Tony Scott.
“I think on the order of $180 million would be necessary to put a sufficient dent in the problem,” said Depew, estimating that this would provide for approximately 6,400 scholarships.
According to Nick Marinos, assistant director of information technology at the Government Accountability Office, the Federal government does not always take a strategic approach to filling the IT talent gap.
A GAO report released on Tuesday said that the government’s key challenges in addressing the cybersecurity workforce shortage include identifying and planning for skills gaps, recruiting and retaining the needed staff, and reducing the burdensome hiring process.
The report also named three initiatives that could “further agencies’ efforts to establish the cybersecurity workforce needed to secure and protect federal IT systems”:
- Promote STEM education.
- Advance cybersecurity scholarships.
- Boost DHS’s National Initiative for Cybersecurity Careers and Studies, which provides online cybersecurity resources.