A report published by the Partnership for Public Service and Booz Allen Hamilton reveals that an insufficient cyber security workforce is hampering the United States’ efforts to properly defend its networks.
According to the report, non-competitive pay and strict hiring practices are aggravated by a lack of pipelines that value computer security talent, not to mention the absence of a government-wide strategy that specifies how agencies can hire and retain skilled computer security individuals.
Some important findings of the report include the following:
- In 2014, there were 67,168 intrusions that negatively affected federal systems. This figure is up 1121% from 2006, according to a February Government Accountability Office (GAO) report.
- Government-wide, there are approximately 93,000 civilian cyber employees, meaning that one of every 22 workers works in this field.
- Entry-level federal software engineers make as much as $14,000 less than their private-sector counterparts. This difference jumps up to $33,000 at the senior level.
- Last year, the government hired 4,709 new civilian cyber security workers—about the same as it did in 2013.
For the federal government to adequately address these challenges, the report calls on the Obama administration to fast-track hiring in cyber security and create a ROTC-type program for computer security recruits.
Ken Westin, Senior Security Analyst at Tripwire, recommends that the U.S. government also create a cyber equivalent of the National Guard to overcome the issues of cost and time with respect to cyber security.
Under this program, as Westin explains,
“skilled security professionals in the private sector could volunteer their time to help with government cyber defense initiatives in exchange for training and accreditation and acknowledgment for their efforts.”
Employers who participate in this type of program would receive benefits to the extent that their employees could learn new tools, techniques, and strategies and then apply them to help secure their entities’ infrastructure.
While the report is primarily concerned with enhancing the government’s current cyber security workforce, Sara Ratcliff, the director of the Human Capital Management Office at the Office of the undersecretary of Defense (Intelligence) at the Defense Department, feels that it also has the long-term view of giving every employee at an agency some level of cyber security literacy. This focus, Ratcliff believes, would decrease the amount of security breaches caused by human error.
“It’s the productivity loss that we suffer when those things happen,” Ratcliff said. “And that’s just as damaging as that advanced persistent threat in our networks that we are trying to thwart.”
To download a copy of the report, please click here.