DHS Needs More Cybersecurity Workers—It Just Doesn’t Know Where Or What Kind

By Aaron Boyd

February 8, 2018

Cybersecurity is one of the most difficult and most pressing challenges facing the nation and government is woefully understaffed to meet this threat. The Homeland Security Department—the lead agency on cyber issues—is taking steps to fill the gap but at least one of these efforts is coming up short and taking far too long, according to the Government Accountability Office.

Having identified the workforce shortfall, in 2014 Congress passed the Homeland Security Cybersecurity Workforce Assessment Act, which required the department to identify all cybersecurity functions and assign unique employment codes to all those positions.

The department has moved to meet this requirement, “however, its actions have not been timely and complete,” GAO analysts said in a Feb. 6 report.

In August, Homeland Security officials reported to Congress that they had identified 95 percent of cybersecurity positions. However, when GAO added vacant positions—a requirement of the legislation—that number dropped to 79 percent.

In addition, although DHS has taken steps to identify its workforce capability gaps, it has not identified or reported to the Congress on its departmentwide cybersecurity critical needs that align with specialty areas,” the report states, adding that Homeland Security has failed to report these needs to the Office of Personnel Management, as well.

Until DHS establishes plans and timeframes for reporting on its critical needs, the department may not be able to ensure that it has the necessary cybersecurity personnel to help protect the department’s and the nation’s federal networks and critical infrastructure from cyber threats,” the report reads.

Your report basically says DHS has missed all kinds of deadlines,” said Sen. Rob Portman, R-Ohio, addressing GAO Managing Director for Homeland Security and Justice George Scott during a Feb. 7 roundtable on the DHS Reauthorization Act. “I understand the need to help state and local [cybersecurity]. I understand the need to harden our own [cybersecurity]. But if you don’t have the personnel to do it, that makes it challenging,”

GAO recommended six actions for the homeland security secretary, all of which Homeland Security officials concurred with:

Not only did Homeland Security officials concur, but they provided plans and estimated completion dates for each.

By Aaron Boyd // Aaron Boyd is an award-winning journalist currently serving as senior editor for technology and events at Nextgov. He primarily covers federal government IT contracting and cybersecurity issues affecting both civilian and defense agencies. As a lifelong nerd and policy wonk, he feels right at home covering the intersection of technology and policy in the nation's capital.

February 8, 2018