A big problem exposed by a massive data breach at the Office of Personal Management (OPM) is the woeful state of the federal government’s cybersecurity. It’s not comforting when the Obama administration’s chief information officer says Uncle Sam’s information technology needs bubble wrap and Band-Aids to help counter cyberattacks.
But even if the digital networks were magically modernized, the protection of personal information belonging to federal employees and many other records would still be at risk.
The reason: too few cyber experts.
The federal government has a serious shortage of cyber talent and the future is dim.
Recruiting digital specialists and plugging them into the right slots “is going to be one of our challenges,” Tony Scott, the U.S. chief information officer, told the National Council on Federal Labor-Management Relations last week. He plans to issue recommendations to confront that challenge soon. “It’s the hardest recruiting that there is on the planet today for people with those kinds of skills. . . . We’re going to have to take extraordinary moves to try to develop a broader set of talent and skill base in that area.”
Although the need is great, the amount of attention given to cyber talent too often is not.
After personal information for more than 22 million federal employees and others was stolen, the need for modern technology received far more scrutiny during a series of congressional hearings than the need for skilled people to work it. Search for “cyber” on the Government Accountability Office Web site and you’ll find dozens of related documents just this year. But if you ask for a study specifically on cyber talent, GAO will provide one, from 2011.
Overlooking the importance of people is a serious mistake, said Max Stier, president and chief executive of the Partnership for Public Service, a think tank on the federal workforce.
“At the end of the day, give me great talent over great technology,” he said, adding that talent will find a way to fix what technology lacks.
The partnership, along with the Booz Allen Hamilton consulting firm, published a report in April on closing the federal cyber talent gap. It said the government “lacks the cyber workforce it needs and still does not have a comprehensive, enterprise-wide strategy to recruit and retain that workforce. . . . Our nation is at risk as the number and sophistication of cyber-attacks continue to grow, but the government has failed to act with urgency.”
Among the report’s findings:
- Government compensation for cyber talent is not competitive, especially for experienced workers.
“As the compensation gap continues to widen, especially for the most talented professionals, the federal government will continue to fall further behind.” Ironically, Sam’s reliance on contractors can work against his ability to keep the best employees. Private cyber companies, not limited by federal pay scales, “can simply hire away the best cybersecurity talent and rent it back to the government at a higher hourly rate.”
- The government needs a master cyber workforce strategy to attract and retain top talent.
“Without this master strategy in place, agencies are operating largely on their own under a haphazard system.”
- A slow and ineffective government hiring process drives away top candidates.
The drawn-out security clearance process is an impediment and, “in some cases, recruits opt to seek employment opportunities with private industry rather than wait for the long process to be completed.”
- Training and development of cyber staffers is uneven across government.
Creating “a cybersecurity training academy focused on both technical and leadership skills” is among the report’s recommendations.
Similar issues were outlined in the GAO’s 2011 report and a related 2009 study by the partnership.
But years later, many of those same questions remain.
The Office of Management and Budget provided no answers to a series of questions the Federal Diary submitted to Scott, including:
How great is the need for federal cyber experts?
What is being done to attract them?
Can the government effectively compete with the private sector when recruiting cyber talent?
How have government operations been affected by the need for digital specialists?
Federal cyber talent problems reflect issues endemic to the federal workforce generally. Stier thinks changing the way the government recruits and retains that talent could be on the vanguard of broad-based civil service reform. The partnership urges a government-wide overhaul of the civil service system, but recognizes that would take time.
When it comes to protecting the personal information of federal employees, contractors, job applicants and their families, the OPM data breach demonstrates the time to hire the right people and provide modern technology has already past.
“Cybersecurity,” the partnership’s report said, “is one area that simply cannot wait.”