A report issued jointly by The Partnership for Public Service and consultants Booz Allen Hamilton asserts the U.S. federal government is, in essence, not prepared to cope with cyberattacks.
The problem boils down to a lack of enough skilled people, government administrative quagmire, outmoded approaches, and deficiencies in communication.
Many of the problems are systemic and require attention from Congress, the report states.
However, the report includes some recommendations for action that it says the government can implement now.
Longstanding concerns about the country’s vulnerability to cyberattacks were underscored earlier this month, when a denial of service attack was apparently directed at both American and South Korean Web sites. The attack shut down a few U.S. government sites temporarily.
In addition, President Obama has made cybersecurity one of his main priorities in office.
The Cyber Insecurity Report
Four primary challenges threaten the quality and quantity of the federal cybersecurity workforce, the joint report, “Cyber IN-Security: Strengthening the Federal Cybersecurity Workforce,” states.
They include a lack of potential new talent; fragmented governance and uncoordinated leadership; complicated processes and rules; and lack of communications between hiring managers and the federal government’s human resources (HR) specialists.
Forty-one percent of CIOs and CISOs (chief information security officers) and 38 percent of HR managers expressed dissatisfaction at the level of collaboration with OPM (Office of Personnel Management), the report found.
The report recommends that the White House cybersecurity coordinator to be designated by President Obama develop a government-wide strategic blueprint for meeting the current and future needs of cybersecurity employment.
The White House should encourage the development of technology, math and science skills much as the government did during the space race of the 1960s, the report urges.
This should be a joint effort between the government and the private and academic sectors. “We need a coordinated effort including them because we believe there’s a shortage of qualified people in the private sector as well,” Bob Lavigna, research vice president at the Partnership for Public Service (PPS), told TechNewsWorld.
The government should reach down into middle schools and high schools to encourage interest in science, technology, engineering and mathematics, Lavigna said.
Other recommendations include revamping job classifications for cybersecurity functions in government; the establishment of certification requirements to meet the new standards; and funding from Congress to train cybersecurity staff.
“This is about taking some very good practices that already exist in some departments and bolstering them up and making them more consistently applied,” Jeff Akin, a Booz Allen Hamilton principal, told TechNewsWorld.
Such practices exist in some of the more savvy departments, but they need to become the norm, he pointed out.
Get Congress Involved
Many of the cybersecurity challenges the Feds face are systemic and can only be addressed with the support of the White House and Congress, the report asserts.
However, it’s unclear whether Congress is up to the challenge. “I don’t think Congress is ready to tackle the situation,” Charles King, principal at Pund-IT Research, told TechNewsWorld. “The distance between decision making and implementation is very long sometimes.”
The PPS has legislative liaisons working with members of Congress on the cybersecurity issue, Lavigna said.
He also pointed to a cybersecurity bill tabled before Congress in April by Senator John D. Rockefeller, D-W.Va.
That bill, S.773, is the Cybersecurity Act of 2009. It has three co-sponsors — Senators Evan Bayh, D-N.J.; Bill Nelson, D-Fla.; and Olympia Snowe, R-Me. It is aimed at addressing America’s vulnerability to cybercrime, global cyber espionage and cyberattacks.
“We believe the bill would go a long way to resolve some of the workforce issues,” the PPS’s Lavigna said.
What Can Be Done
The report contains a number of recommendations for action to help resolve some of the issues right now.
One is that agencies should put someone in charge of hiring cybersecurity talent now, without waiting for instruction from the White House’s new cybersecurity coordinator.
This person should be given the authority and resources to meet hiring goals and be held accountable for achieving results, according to the report.
The report includes a checklist for cybersecurity talent management agencies can use as a reference point.
It also includes a four-phase Total Talent Management Model for hiring and managing personnel.
The government can dramatically improve its outcomes if it gets out and recruits more actively among the public like private companies do, and if HR works more closely with front-line hiring managers, Akin said.
The Presidential Imperative
In May, President Obama announced that he is creating a White House office for a cybersecurity coordinator.
This official will advise the president on all matters relating to cybersecurity and work closely with the Federal Chief Technology Office and CIO to coordinate the securing of America’s information and communications networks.
The cybersecurity coordinator must be given the authority to oversee the sourcing of applicants for cybersecurity jobs, according to Booz Allen’s Akin. “If he or she is, you’ll get crisp alignment between the supply and demand sides of things.”