U.S. cybersecurity efforts hobbled by shortage of cyber experts

Published 23 July 2009

New study finds that the U.S. government’s ability to cope with the growing wave of cyber attacks on government networks is hampered by shortage of cybersecurity experts

U.S. federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found. The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are “on their own and sometimes working at cross purposes or in competition with one another.” The report, scheduled to be released today, arrives in the wake of a series of cyber attacks this month that shut down some U.S. and South Korean government and financial Web sites.

The recruiting and retention of cyber workers is hampered by a cumbersome hiring process, the failure to devise government-wide certification standards, insufficient training and salaries, and a lack of an overall strategy for recruiting and retaining cyber workers, the study said. “You can’t win the cyber war if you don’t win the war for talent,” said Max Stier, president of the Partnership for Public Service, a Washington, D.C.-based advocacy group that works to improve government service. “If we don’t have a federal work force capable of meeting the cyber challenge, all of the cyber czars and organizational efforts will be for naught.”

The study was drafted by the partnership and Booz Allen Hamilton as the Obama administration struggles to put together a more cohesive strategy to protect U.S. government and civilian computer networks. AP reports that the size of the government’s cyber work force is largely unknown, because agencies often classify their employees differently. The Pentagon says it has more than 90,000 personnel involved with cybersecurity, while the non-defense department civilian cybersecurity work force has been estimated at 35,000 to 45,000. Intelligence community estimates are classified.

While President Barack Obama has declared cybersecurity a top priority, the White House so far has been unable to fill its new cyber coordinator position - a job regarded as critical.

The study recommends that the yet-unnamed federal cyber coordinator lay out a strategy to meet the government’s work force needs, set job classifications, enhance training, and lead a nationwide effort to promote technology skills, including through the use of scholarships. The federal government’s vulnerabilities have been underscored by cyberattacks that breached a high-tech fighter jet program and the electrical grid, although no classified material was compromised.

Earlier this month, unknown hackers knocked several U.S and South Korean government Web sites off line in a widespread and unusually resilient computer attack.

Ron Sanders, chief human capital officer for the national intelligence director’s office, said it is difficult to draw a link between the work force shortages and the increased cyber threats against the government. “It’s hard to say that there is any cause and effect there,” said Sanders, adding that the United States probably will have to live with the nearly constant attacks. But, he said, the intrusions have heightened awareness of the problem, forcing officials to focus on the hiring needs.

Experts inside and outside government, including officials at eighteen federal agencies, were interviewed for the study. The consensus, the review said, is that a majority of managers are not satisfied with the quality or quantity of job candidates they get, forcing them to rely heavily on contractors.

DHS, for example, said in September that contractors accounted for 83 percent of its chief information officer’s staff. A full 75 percent of those surveyed said that attracting skilled cyber talent will be a high priority for the next two years.

Competition among federal agencies has fueled the staffing problems. According to Stier, the Scholarship for Service Program, a federal scholarship program aimed at attracting entry-level cyber specialists, can churn out about 120 graduates a year.

Federal officials, however, say they need as many as 1,000. At a recent federal job fair, there were 69 job booths angling for the 120 graduates.

Right now, the scholarship program is funded at $12 million, but a proposed Senate bill would increase that amount to $300 million over five years, providing the 1,000 workers officials say they need each year.

The Pentagon and National Security Agency (NSA) often outbid other federal agencies and snag many of the eligible applicants. Between 2006-2009, the Defense Department and the NSA hired 205 of the 407 eligible students.

Sanders acknowledged that the intelligence community has more flexibility and resources to attract computer specialists but said there is still an overall shortfall of U.S. citizens with the needed expertise who can also meet security clearance requirements. “The labor pool is shrinking,” he said, adding that the government must work to better coordinate hiring across all the agencies to ensure that there is healthy but well-managed competition.