For years, agencies have talked about the need to hire and retain more trained and cleared cybersecurity experts. But is that possible? And would a shortage of cybersecurity workers threaten efforts to concentrate responsibility for cybersecurity in one agency?
During a recent oversight hearing, Rep. Zoe Lofgren (D-Calif.) expressed concern about whether it made sense to give more cybersecurity responsibility to the Homeland Security Department given the shortage of qualified workers.
“There’s been a discussion that the U.S. government’s authorities, DHS, or the Office of Management and Budget ought to have more authority, but it seems to me that without more capacity, we’re not in a position to be asking for more authority,” says Lofgren during a Homeland Security Committee hearing.
Lofgren also asks if outsourcing some cybersecurity functions to contractors might be the solution, despite current trends in the government to move away from using a predominance of contractors.
“I’m not as troubled,” she says, “about the idea of having contractors on board, provided they are adequately directed and supervised, for this reason. I see these kids walking over the line to graduate with their PhDs in computer science at Stanford, and I don’t know that we’re going to succeed in getting those young people to apply for a federal job, but we need them.”
In response, Greg Schaffer, DHS’s assistant secretary for cybersecurity and communications tells Lofgren that the agency was trying to hire as many cybersecurity experts as they were permitted to hire by law. DHS announced last October it planned to hire 1,000 cybersecurity workers to help improve the government’s ability to defend, detect attacks and protect its networks.
But Lofgren’s comments openly questioned the ability of DHS to handle any extra work on cybersecurity mandated by new legislation. The House is considering a bill similar to the Senate that would create a new office in DHS, called the National Center for Cybersecurity and Communications, to oversee all civilian agency networks.
Stan Soloway, the president of the Professional Services Council, a trade association representing companies providing services to the government, says Lofgren makes several valid points.
“I think Congresswoman Lofgren hit the nail on the head, not only in regard to cybersecurity, but to the broader challenge the government faces, and cybersecurity is a terrific example of that,” he says.
Soloway cites recent news articles about the challenges faced by DHS in trying to hire enough cybersecurity workers, echoing Lofgren’s concerns about the high demand by public and private sector organizations and the dearth of qualified workers.
One of the leading groups in the area of training and certifying cybersecurity experts in both the private and public sectors is ISC2. They’ve worked for years to not only make sure cybersecurity workers can do the work – they’ve also worked to get more students to pursue studies in the field.
While not commenting directly on Lofgren’s statements about being able to hire enough workers, ISC2’s executive director, Hord Tipton, says the numbers are telling.
“We recently completed a survey that indicated we had a need for well over 2 million IT security professionals in the world,” Tipton says. “In our case, we’ve produced 70,000 of them, so we’re making a small dent in that.”
Tipton notes that the government has been busy refining the requirements for what constitutes a well-trained IT security worker. And he says that with time, enough workers could emerge from schools and technical training to meet the demand. But in the meantime, he says there are still not enough students and workers who are interested in cybersecurity to mitigate the strong demand for IT security experts.
The Office of Personnel Management is considering whether IT security workers need their own General Schedule system job classification series. OPM surveyed agency technology offices earlier this year, but has not decided on their approach yet.
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)