CybersecurityGovernment tries better to define cybersecurity needs

Published 5 November 2014

In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity. There is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.

In a science advisory board meeting on 23 October at the White House Office of Science and Technology Policy (OSTP), officials attempted to glean just where the government cybersecurity workforce stood in terms of talent and hiring necessity.

AsNextgov reports, there is currently no government-wide federal job description in the cybersecurity field, and that has led to meetings similar to the October summit.

“We always hear from agencies that they need more cybersecurity people, but they have a very difficult time pointing to what those positions are,” said Tim Polk, the assistant director for cybersecurity at OSTP.

More revealing, the meeting highlighted the fact that many agencies did not even have an accurate tally of the number of cybersecurity professionals they employ, much less the positions that they need to fill.

“One of the things that had concerned me was that it appeared as though we’ve neglected to professionalize the various levels of occupation within the cybersecurity framework,” added RepresentativeYvette Clarke (D-New York), adding to the fear in Washington that the overall disarray was impeding the government’s ability to function as a defender of cyber attacks.

Clarke has sponsored the Homeland Security Boots on the Ground Act, which was passed by the House this summer and which would require agencies to specify better the roles and demands of their cyber professionals.

Similarly, the National Initiative for Cybersecurity Education (NICE) has put forth a broad set of “cyber skills and specialties” which would serve as a guideline for agencies when they hire. Further, NICE will work to aid agencies in compiling a single database of federal cyber workers within the country.

Despite these moves, many agencies are still unable to comply with reorganizing and identifying their cybersecurity departments due to software problems, of all things.

As Polk detailed to members of the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board, much of the work completed by agencies also has holes in it.

“I’m pretty sure we have more than three mathematicians at NIST who do computer security work,” he said, citing one agency-wide report.

The biggest roadblock for the government remains keeping pace with the salaries in the more lucrative private sector. A large part of the recent database effort has been to harmonize the requirements of potential hires so that a sliding pay scale outside of the usual federal employment model could be adopted.

In the meantime, many administration officials are taking a middle ground by re-categorizing current cybersecurity jobs according to the new NICE outlines. Some are also trying to categorize other positions as “mission-critical” roles in order to emphasize the importance of the position in order to attract highly technical applicants and hackers that normally participate in government sponsored competitions.

Despite these hurdles, however, many agree that these early steps are a good bridge toward fixing these critical gaps.

“We need to be measuring the workforce we want,” Polk said.