A recent flurry of reports underscores the cyber threats facing our nation, ranging from malicious hacking to state-sponsored cyber economic espionage and worse. In response, the president recently issued an executive order designed to protect our critical cyber infrastructure — all those cyber-dependent things we take for granted, like our power grid, transportation system and water supply. It also briefly mentions what may be the most crucial element of our cyber infrastructure: human capital. That mention must now be translated into action.
Cyber professionals are the one essential link in our nation’s vast and fragile information infrastructure. They stand watch over our networks, respond when they are attacked, recover and reconstitute them when the virtual dust settles, and then find out what and who was responsible.
However, in a world where cyber attackers enjoy an overwhelming asymmetric advantage, there is a well-documented cyber talent gap in the U.S. The good news: The supply of U.S. cyber professionals has increased, according to a recent study by the International Information Systems Security Certification Consortium, a nonprofit specializing in cybersecurity education and certifications (Booz Allen was a knowledge partner for the study). The bad news: Demand is increasing even faster, spurred by the latest cyber-attack headline.
Consequently, the competition for cyber talent is becoming super-heated. That couldn’t come at a worse time for federal agencies entrusted with the nation’s cybersecurity. They enter that competition at a disadvantage, with stringent citizenship and clearance requirements that shrink the pool of candidates. Their hiring efforts are also impeded by budget-driven pay and hiring freezes and slashed training budgets. And while contractors supporting the federal cybersecurity mission are not directly affected, they ultimately have the same declining bottom-line effect on the talent available to agencies.
Can anything be done to level the playing field? These ideas may help close the government’s cyber talent gap:
The White House should make this a cross-agency priority goal under the 2010 Government Performance and Results Modernization Act and designate a top senior executive and an interagency cyber all-star team to develop and oversee its execution. The Office of Personnel Management and the White House Office of Science and Technology Policy have already laid the foundation, but the effort needs more visibility and top-down muscle, and it needs to address the “total force’’ of civilian, military and contractor personnel.
To support that strategy, the Office of Management and Budget and OPM should exempt civilian cyber professionals from budget cuts and hiring freezes, and, with the Federal Chief Information Officers Council, they should establish governmentwide competitive special pay rates for them. With the consent of cyber applicants, they should also allow agencies to share their résumés so top candidates don’t need to apply for every single vacancy.
OPM should establish a separate occupational series for cybersecurity experts, based on the National Initiative for Cybersecurity Education cyber specialties framework, issue classification guidance making it easier for agencies to promote our best cyber ninjas to the highest GS grades without requiring them to become managers, and ask President Obama to create a Presidential Cybersecurity Fellows program to bring in talented cyber experts from universities and the private sector.
These actions will help protect our critical human capital infrastructure. But even bolder steps may be necessary.
For example, OPM could also seek authority to place cybersecurity pros in the “excepted’’ civil service — just like many of the Defense Department’s civilian cyber warriors — so agencies can take advantage of the same personnel flexibilities Defense enjoys.
This would also pave the way for an elite federal “cyber corps” that could attract the nation’s top talent, continuously invest in their training and education, and deploy them as an enterprise asset to meet government’s most critical needs. Over the long term, the government could even look to expand its available cyber talent pool by fast-tracking U.S. citizenship for legal residents who have the top-of-the-line skills it needs, something DoD has successfully piloted.
These are all things that can be done to expand the government’s cyber talent pool in the near and medium term. They are no substitute for even longer-term efforts that focus on the cyber talent pipeline from K-12 through higher education, but they can ensure that federal agencies have the human capital to fully execute the steps outlined in the new executive order until those longer-term efforts can bear fruit.
Ron Sanders is a vice president and fellow at Booz Allen Hamilton.