The cybersecurity challenge has a number of dimensions, not the least of which is finding enough qualified people who truly understand the problem and potential solutions. But the administration has a plan.
Building the cybersecurity workforce has been a major goal of many federal initiatives including, most recently, President Barack Obama's Cybersecurity National Action Plan (CNAP) released in February with the administration's 2017 budget proposal.
On July 12, the White House issued a new Cybersecurity Workforce Strategy to help agencies meet this need and build a reliable stable of cyber professionals for the future.
The new strategy was announced in a blog post authored by Shaun Donovan, director of the Office of Management and Budget, Beth Cobert, acting director of the Office of Personnel Management, Michael Daniel, White House cybersecurity coordinator and special assistant to the president, and Federal CIO Tony Scott.
"The supply of cybersecurity talent to meet the increasing demand of the federal government is simply not sufficient," they wrote. "Recent industry reports project this shortfall will expand rapidly over the coming years unless private sector companies and the federal government act to expand the cybersecurity workforce pipeline to meet the increasing demand."
This problem manifests in two ways:
- Federal agencies’ lack of cybersecurity and IT talent is a major resource constraint that impacts their ability to protect information and assets.
- A number of existing federal initiatives address this challenge but implementation and awareness of these programs are inconsistent.
The new workforce strategy involves four initiatives intended to build the federal cybersecurity workforce and retain top talent for the future.
Expand the cybersecurity workforce through education and training
The first step will be to build the workforce nationally through scholarships and other educational opportunities designed to entice students to go into cybersecurity. The plan includes the CyberCorps: Scholarship for Service program, in which tuition is covered in return for a tour in the public sector; working with colleges to develop strong cybersecurity programs; and provide funding to help those institutions hire and retain top teaching staff.
Recruit the nation's best cyber talent for federal service
The strategy promotes hiring a more diverse cyber workforce, including tapping minority groups, as well as non-traditional pipelines, like apprenticeships and programs that loan experienced cyber professionals from the private sector for tours in government.
Retain and develop highly skilled talent
These efforts are moot if agencies can't hold onto employees long enough for them to be effective or, just as bad, they wither on the vine as the ever-changing cyber field evolves past them. To combat this, OPM is developing specific cybersecurity career paths, rotational assignments to keep the work fresh and continuing education to keep employees at the top of their field. The strategy also looks at special pay authorities and other means of attracting top talent in a competitive area.
Identify cybersecurity workforce needs
As with most problems, the key to overcoming is understanding the issues. The last step in the strategy asks agencies to review the National Cybersecurity Workforce Framework, which outlines 31 distinct areas and job specialties to consider when hiring for cybersecurity. These efforts have already led to 3,000 cyber hires so far in 2016, with another 3,500 planned before the end of the year.
"We must recognize that these changes will take time to implement, and the Workforce Strategy's long-term success will depend on the attention, innovation and resources from all levels of government," federal officials said. "The initiatives discussed in this strategy represent a meaningful first step toward engaging federal and non-federal stakeholders and provide the resources necessary to establish, strengthen and grow a pipeline of cybersecurity talent well into the future."