The expert group calls on the Office of the National Cyber Director at the White House to manage a nationwide cybersecurity strategy in the workforce to address long-term labor shortages.
The reportpublished on Thursday, comes from a branch of Congress-chartered cyberspace commission called CSC 2.0, which is part of the nonprofit Democracy Foundation.
“It’s a plan to help solve the problem,” said Mike Gallagher (R-Wis.), Co-chair of CSC 2.0.
The panel wants National Director of Cybernetics Chris Inglis to use his position to review agencies ’cyber budgets, restructure government hiring mechanisms and perhaps even work with Congress to create the expected authority to service cyber staff in government.
“I think we should be concerned about jobs that have cyber [or] They have IT that remains unfilled, ”said Inglis, who himself was a member of the original tanning bed commission, during a panel discussion Thursday held by the Foundation for the Defense of Democracy.
His role, he continued, is to ensure that power and resources are coordinated in government.
“We need to make sure that first we have a strategy that identifies what is missing,” Inglis said. “Then we have to use all the parts that already exist and connect them to that strategy.”
Across the country, there are nearly 600,000 vacancies in cyber, and for the government alone there are nearly 39,000 vacancies, according to the National Institute of Standards and Technology CyberSeek.
Currently, the government’s strategy is ad hoc. Federal hiring practices are hampered, and requirements for degree and level of work experience often block entry-level hiring. The government’s existing cyber workforce is also less diverse than the rest of the federal workforce.
As in another report on the cyber workforce published this year by another expert group of the National Academy of Public Administration (NAPA), the latest recommendations call on Inglis to coordinate existing, disparate efforts with new management and coordination structures.
One of the main focuses is chronic problems with hiring cyber workers to the government using outdated and cumbersome processes.
“We all know how many jobs we would like to fill, but there are no cars or many vehicles that would, in fact, fulfill this aspiration and help people a lot,” to be hired for public office, – said Inglis, continuing. to show. to qualification requirements and stating that the government needs to be more flexible and invest in early hiring. “People who appear today at the front door of a government organization with a bachelor of science in computer science, but have no experience, are usually denied,” he said.
The report’s authors recommend various fixes, such as working with the Office of Personnel Management to upgrade cybersecurity work codes or expand existing direct hiring powers.
We prefer the third option, which co-author of the report and director of CSC 2.0 Mark Montgomery called “Rosetta Stone”.
This recommendation is that Inglis push Congress to empower the state’s exclusive service for cyber personnel, a category different from the competitive service – most ordinary federal services governed by special public service rules for hiring, firing and paying higher executive service.
The report cites the Department of Homeland Security’s cybersecurity talent management system, an exceptional service system for cyber professionals that was launched last fall but is struggling to scale until only a few new staff have been recruited.
The Ministry of Defense has similar recruitment powers.
“In essence, this option would be accepted by the authorities that support CTMS and CES, and extended to the entire federal government,” the report said. “This option will increase the federal government’s flexibility in hiring and managing cyber talent by creating systems designed for the cyber workforce.”
Such a move is likely to face opposition, Montgomery said on Thursday.
“It will be difficult. There will be people fighting it both in Congress and in federal government organizations. And it will cost money, but … no one ever thought that fixing the federal cybersecurity workforce would be a cheap affair,” he said. he said. . “We really need to come up with a new hiring mechanism.”
A recent NAPA report also mentioned CTMS, saying it should be evaluated and, if successful, transferred to other agencies.
CSC 2.0 also encourages Inglis to use the mandate of his office in Congress to evaluate the effectiveness of cyber policies and annual budget proposals from agencies, and double the appreciation of one of the top officials, Chris DeRush, as deputy director of cyber and federal director of information security. from the Office of Management and Budget to “view and reconcile” the budgets of the cybersecurity agency staffs together with OMB.
Finally, one of the main problems is data on the government’s cyber workforce, which is inconsistent and hidden in departments, Montgomery said.
The NAPA study recommended a cybersecurity data bureau, while this latest report urges Inglis to focus on existing data mandates, and Congress to expand and amend the law governing data collection on government cyber workers, the Federal Cybersecurity Assessment Act from 2015.