Strengthening the Federal Cybersecurity Workforce
JULY 12, 2016 AT 10:00 AM ET BY SHAUN DONOVAN, BETH COBERT, MICHAEL DANIEL, TONY SCOTT
As directed by the Cybersecurity National Action Plan and 2017 Budget, today we are releasing the first-ever Federal Cybersecurity Workforce Strategy.
Today the Administration is directing a series of actions to identify, recruit, develop, retain, and expand the pipeline of the best, brightest, and most diverse cybersecurity talent for Federal service and for our Nation.
Every day, Federal departments and agencies face sophisticated and persistent cyber threats that pose strategic, economic, and security challenges to our Nation. Addressing these cyber threats has required a bold reassessment of the way we approach security in the digital age and a significant investment in critical security tools and our cybersecurity workforce. And these threats demand that we continue to enhance the security of the Federal digital infrastructure and improve the ability to detect and respond to cyber incidents as they occur. That is why, in 2009, President Obama initiated a comprehensive strategy to confront this ever-evolving challenge. The strategy brings all levels of government together with private industry, academia, international partners, and the public, to raise the level of cybersecurity in both the public and private sectors; deter and disrupt adversary activities in cyberspace; improve capabilities for incident response and resilience; and enact legislation to both incentivize and remove legal barriers to cybersecurity threat information-sharing among private entities and between the private sector and the Government. While we have made significant progress, we must do more.
The Federal cybersecurity workforce has the exciting and challenging mission of protecting government information technology (IT) systems, networks, and data from sophisticated adversaries; safeguarding sensitive data; supporting our Nation’s financial, energy, healthcare, transportation, and other critical systems; and securing our critical infrastructure and intelligence systems . However, the supply of cybersecurity talent to meet the increasing demand of the Federal Government is simply not sufficient. As part of a broad-sweeping review of Federal cybersecurity policies, plans, and procedures, the Cybersecurity Sprint launched by the Office of Management and Budget last year revealed two key observations about the Federal cybersecurity workforce:
- Federal agencies’ lack of cybersecurity and IT talent is a major resource constraint that impacts their ability to protect information and assets; and,
- A number of existing Federal initiatives address this challenge, but implementation and awareness of these programs are inconsistent.
Moreover, this shortfall affects not only the Federal Government, but the private sector as well. Recent industry reports project this shortfall will expand rapidly over the coming years unless private sector companies and the Federal Government act to expand the cybersecurity workforce pipeline to meet the increasing demand.
To address these and other cybersecurity challenges, earlier this year the President directed his Administration to implement the Cybersecurity National Action Plan (CNAP) – a capstone of more than seven years of determined effort – which takes near-term actions and puts in place a long-term strategy that builds on other cybersecurity efforts while calling for innovation and investments in cybersecurity education and training to strengthen the cybersecurity talent pipeline. As directed by the CNAP and the President’s 2017 Budget, today we are releasing the first-ever Federal Cybersecurity Workforce Strategy to grow the pipeline of highly skilled cybersecurity talent entering federal service, and retain and better invest in the talent already in public service. And it sets forth a vision where private sector cybersecurity leaders would see a tour of duty in Federal service as an essential stop in their career arc.
The Strategy establishes four key initiatives:
- Expand the Cybersecurity Workforce through Education and Training . The Cybersecurity Workforce Strategy supports the CNAP initiatives that propose investing $62 million in Fiscal Year (FY) 2017 funding to expand cybersecurity education across the Nation. This funding will lay the foundation needed to ultimately address the shortage of cybersecurity talent across the country. These initiatives include offering competitive scholarships and covering full tuition for college and university students through the CyberCorps®: Scholarship for Service program; collaborating with academic institutions to develop guidance for cybersecurity core curriculum and allow colleges and universities to expand their course offerings; and providing program development grants to academic institutions to hire or retain professors, adopt a cybersecurity core curriculum and strengthen their overall cybersecurity education programs.
- Recruit the Nation’s Best Cyber Talent for Federal Service . The Workforce Strategy initiates efforts to implement a government-wide recruitment strategy that includes enhanced outreach efforts to diverse cyber talent —including women, minorities, and veterans— from apprenticeship programs, colleges, universities, and private industry, as part of a comprehensive plan. Over the coming months we will partner with agencies to find ways to streamline hiring practices consistent with current statutes and leverage existing hiring authorities, as appropriate, to quickly bring on new talent. We will explore opportunities to establish a cybersecurity cadre within the Presidential Management Fellows program that leverages the recent success of the Presidential Innovation Fellows program and other dynamic approaches for bringing top technologists and innovators into government service. Additionally, we will explore opportunities to expand the use of new or revised pay authorities that can serve as a model for future government-wide efforts.
- Retain and Develop Highly Skilled Talent . To improve employee retention and development efforts, the U.S. Office of Personnel Management (OPM) will work with Federal agencies to develop cybersecurity career paths, badging and credentialing programs, rotational assignments, and foster opportunities for employees to obtain new skills and become subject matter experts in their field. Additionally, the Workforce Strategy directs the development of a government-wide cybersecurity orientation program for new cybersecurity professionals to improve information sharing and employees’ knowledge of upcoming developmental and training opportunities. The Workforce Strategy also looks to increase the use of special pay authorities, and improve training and development opportunities for cyber and non-cyber employees.
- Identify Cybersecurity Workforce Needs . Cybersecurity is a dynamic and crosscutting field, and effective workforce planning requires a clear understanding of the gaps between the workforce of today and the needs of tomorrow. The Workforce Strategy directs agencies to adopt a new approach to identifying their cybersecurity workforce gaps by using the National Cybersecurity Workforce Framework developed by National Initiative for Cybersecurity Education (NICE) partner agencies, which identifies 31 discrete specialty areas within cybersecurity workforce. Agencies are now able to better identify, recruit, assess, and hire the best candidates with specific cyber-related skills and abilities, and we are already making progress in this effort. The Federal Government has already hired 3,000 new cybersecurity and IT professionals in the first 6 months of this fiscal year. However, there is clearly more work to do, and we are committed to a plan by which agencies would hire 3,500 more individuals to fill critical cybersecurity and IT positions by January 2017.
Cybersecurity is a shared responsibility among agency leadership, employees, contractors, private industry, and the American people. And the Workforce Strategy details numerous initiatives to harness this collective power and help strengthen the security of Federal networks, systems, and assets. To address cybersecurity challenges in the immediate future, the Administration will invest in the existing Federal workforce through initiatives focused on training and retaining existing talent. At the same time, the Government will adjust the way it recruits, including the way it approaches talented students and potential employees in the cybersecurity workforce outside Federal service.
We must recognize that these changes will take time to implement, and the Workforce Strategy’s long-term success will depend on the attention, innovation, and resources from all levels of government. The initiatives discussed in this Strategy represent a meaningful first step toward engaging Federal and non-Federal stakeholders and provide the resources necessary to establish, strengthen, and grow a pipeline of cybersecurity talent well into the future.
Shaun Donovan is the Director of the Office of Management and Budget.
Beth Cobert is the Acting Director of the U.S. Office of Personnel Management.
Michael Daniel is Special Assistant to the President and Cybersecurity Coordinator.
Tony Scott is the U.S. Chief Information Officer.
- FACT SHEET: Cybersecurity National Action Plan
- FACT SHEET: Strengthening and Enhancing Federal Cybersecurity for the 21st Century
- FACT SHEET: Administration Cybersecurity Efforts 2015
- FACT SHEET: Enhancing and Strengthening the Federal Government’s Cybersecurity
- FACT SHEET: White House Summit on Cybersecurity and Consumer Protection
- FACT SHEET: FY 2016 Budget – Cybersecurity