In 2014 alone, there were tens of thousands of cyber break-ins adversely affecting the private and public sectors, including 67,168 intrusions into federal systems alone, a 1,121 percent increase from 2006. In one instance, intruders from China broke into the U.S. weather system and satellite network, potentially comprising disaster planning, aviation, shipping and other critical uses; while in another case, the top security clearance application files of thousands of federal employees were breached.
All sectors rely on sophisticated technology and software to defend their data and networks, but more importantly they depend on highly skilled workers capable of dealing with complex and emerging cyber threats. Without these individuals, even state-of-the-art security controls will be of limited value. Unfortunately, there continues to be a nationwide shortage of highly qualified cybersecurity experts.
The Partnership and Booz Allen have argued that the best way to deal with this government-wide challenge is to reform the entire civil service system through market sensitive, performance-based pay that accounts for occupational differences; a new, modern job classification system; expectations and rewards for excellence; more flexibility to hire talented candidates and hold them accountable; and a new enterprise-focused leadership structure that engages its employees, all without comprising the core principles that have always anchored our civil service.
While such a government-wide overhaul may take time, cybersecurity is one area that simply cannot wait. The current federal personnel system is more than 60 years old, created decades before the Internet was a reality. With our national and economic security at stake, the cyber workforce is an ideal place to launch a comprehensive strategy that will address current and future cybersecurity workforce needs.
In this report, we outline the challenges faced by the federal government in building an enterprise-wide, first-class cybersecurity workforce and offer recommendations for a total workforce solution. Many of these recommendations are actions that the administration can take right now with existing authorities. Other recommendations may require legislation, but are worth the effort to address our vulnerabilities.