Strengthening the Federal Cybersecurity Workforce

Cyber In-Security: Strengthening the Federal Cybersecurity Workforce

The U.S. is facing a cyber war. Foreign powers, criminal groups, hackers, and terrorist organizations have launched cyber attacks on the White House, Pentagon, State Department, and New York Stock Exchange; stolen data from the Pentagon’s fighter aircraft; and hacked into the nation’s electrical grid. There were millions of attempts to penetrate defense digital networks in 2008. In 2009, the General Accountability Office reported weaknesses in the capabilities of 23 of 24 federal agencies to detect or prevent cyber attacks.

President Obama declared cybersecurity to be one of the nation’s most serious economic and security challenges. The federal government needs a coordinated, sustained effort to build the capability and caliber of the government’s cybersecurity workforce to combat these threats and ensure the nation’s safety.

Booz Allen Hamilton and the Partnership for Public Service examined the state of the federal cybersecurity workforce by interviewing federal experts, examining public testimony and reports, holding focus groups, and surveying chief information officers (CIOs), chief information security officers (CISOs), and human resource professionals at 18 federal agencies. Results of this research were published in the study, “Cyber In-Security: Strengthening the Federal Cybersecurity Workforce.”

The study found that the federal cybersecurity workforce is significantly challenged by serious shortages of highly skilled cybersecurity specialists and an absence of coordinated leadership on cybersecurity workforce issues. The study examines current agency approaches to finding, hiring, and retaining cybersecurity talent; discusses concerns faced by hiring and information security managers; highlights their successes; and recommends changes.

The analysis revealed four key challenges that inhibit the strength of our federal cybersecurity workforce:

• An inadequate pipeline of potential new talent. According to the survey, only 40% of CIOs, CISOs, and IT managers are satisfied with the quality of applicants applying for federal cybersecurity jobs. There are also concerns that America is not developing enough IT experts.
• Fragmented governance and uncoordinated leadership. Because no single entity or individual leads cybersecurity workforce planning or decision making, departments and agencies sometimes work at cross-purposes or in competition with each other.
• Complicated processes hamper recruiting and retention efforts. The federal government’s cumbersome hiring process, including outdated job classifications for information security, no government-wide certification standards for job categories, and no federal career path for cybersecurity specialists, deters talent from entering government service.
• A disconnect between hiring managers and human resources specialists. Frontline managers are consistently less satisfied with the effort to hire cybersecurity talent than their peers in human resources.

But some strategies to hire top IT talent have been successful. Based on these best practices, “Cyber In-Security” advises agencies on immediate approaches to attract and retain cybersecurity talent, and provides recommendations for the White House, Office of Personnel Management (OPM), and Congress to address the more systemic problems undermining the health of our federal cybersecurity workforce, including:

• A White House cybersecurity coordinator, OPM, and agency leaders should develop a government-wide strategic blueprint for meeting cybersecurity employment needs.
• The White House should lead a nationwide effort to encourage Americans to develop technology, math, and science skills, and Congress should fund expansion of scholarship programs in computer science and cybersecurity.
• Job classifications for government cybersecurity functions should be updated, certification requirements for job categories should be established, and OPM should create a cybersecurity career path.
• Congress should fund federal cybersecurity worker training to meet the new standards and invest in management skills.

Failure to address the government’s critical cybersecurity workforce needs could result in increased vulnerability of federal and civilian systems and their data. Bringing about needed cybersecurity workforce requirements will not be easy, but it must be a national priority.

Principal Jeffrey Akin led the Booz Allen team that helped author this study.

Learn More

Learn more about Booz Allen's cybersecurity capabilities or the firm's human capital capabilities.

study posted July 22, 2009