Cybersecurity factors to be added to federal job descriptions
Discussions surrounding federal cybersecurity initiatives typically focus on the tools and strategies deployed by agencies to protect their assets from external threats. This isn't unreasonable – as numerous recent incidents have demonstrated, federal groups must ward off constant attacks from cybercriminals, state-sponsored hackers and others. However, quite possibly the single most important resource the federal government possesses when it comes to cybersecurity is its workforce. Employees will often be the deciding factor between a successful defense and a data breach.
Acknowledging the significance of the human factor when it comes to cybersecurity, and the need to modify its current approach, the Office of Personnel Management announced plans to label every federal government position with a description of how its job functions pertain to cybersecurity, Federal Times reported.
The new policy, which the OPM hopes to have in place by the end of 2015, will apply to every federal position that requires cybersecurity-related responsibilities. Currently, these positions account for 4 percent of the total federal workforce, according to the news source.
However, until recently, there were no definitive definitions pertaining to cybersecurity in the context of federal positions, meaning that there was no way to determine precisely how cybersecurity-related skills were distributed throughout the federal government. This made it difficult to achieve and maximize the efficiency of inter-agency cooperation.
"We needed to collaborate and coordinate our stakeholder efforts to more accurately answer the question: So what is the DNA of the federal cybersecurity workforce?" said Lucy Antone, human capital strategist for the OPM, the news source reported. "We knew it was not a single occupation but rather a work function of many federal occupations."
With a better understanding of the distribution of cybersecurity skills across the federal government, agencies can work together more effectively, pooling their human resources to better protect sensitive government information across the board.
In addition to helping agencies to plan collaborative initiatives, these new cybersecurity-related job descriptions will help agency leaders make superior hiring decisions, Antone told the news source.
To highlight this potential, Atone used the position of park ranger as an example. She pointed out that despite popular belief, park rangers don't just roam throughout national parks – they are also frequently responsible for protecting national parks' networks and other critical infrastructure. As a result, cybersecurity may be an important qualifier for applicants. Once these job description tags are fully rolled out, hiring managers will be able to easily determine precisely which cybersecurity-related skills are necessary, and then pick the most qualified candidate for the position.
A broader move
This move can be seen as part of a broader shift among federal agencies to acknowledge the importance of human resources in achieving cybersecurity.
This extends beyond cybersecurity professionals. Critically, studies have shown that federal workers of all kinds are frequently responsible for data breaches, thanks to a range of unsafe practices. To fully protect government assets from these threats, agencies need to not only hire more qualified personnel, but also ensure their non-IT workers better understand the nature of the risks they face, and how to avoid them.