Heavy turnover hampers DHS cybersecurity efforts

As numerous recent incidents have made clear, the U.S. government's cybersecurity leaves much to be desired. Successful cyberattacks by state-sanctioned hackers and criminals suggest that an upgraded approach is necessary.

There are many reasons why the federal government has struggled so much in this area. One of the most significant of these is the lack of human resources. Numerous agencies are in dire need of more cybersecurity professionals. 

Highlighting this problem, The Washington Post recently reported that heavy turnover at the Department of Homeland Security hampers that agency's ability to combat threats, including cyberthreats, against the U.S. government.

Cybersecurity experts needed
The news source reported that over the past four years, the DHS has lost employees at twice the average rate for the federal government as a whole. This trend shows no sign of stopping, and may actually be accelerating. Notably, six different directors have run the DHS' terrorism intelligence arm during the Obama administration alone. 

Departing employees have cited a variety of factors that led them to leave the DHS. These included poor morale and a dysfunctional work environment, The Washington Post noted.

Additionally, the DHS and other government agencies simply cannot match the private sector when it comes to cybersecurity experts' salaries. The news source pointed out that a high-level career official will typically earn around $180,000 at the DHS, but can command two or three times this much by working for private companies.

Naturally, this makes it difficult for the agency to dissuade highly skilled personnel from seeking out more lucrative opportunities. Demonstrating this effect, the department lost five senior cybersecurity officials between June 2011 and March 2012, all of whom then took up positions in the private sector.

The constant turnover forced many DHS cybersecurity personnel to divert their focus from their mission.

"My cyber folks were spending more time on human resource issues and acquisition than they were analyzing technical data to defend and protect networks," a former senior official with the DHS told The Washington Post.

These personnel issues have caused serious cybersecurity complications for the department. The news source reported that rapid turnover has delayed the implementation of various key cybersecurity initiatives, such as a new program designed to preemptively block malware before it can reach government computers. 

Additionally, the National Cybersecurity and Communication Integration Center has had difficulty analyzing attacks on federal and private computer systems, the source explained. The director of this center left the DHS for a private company position in August.

Furthermore, turnover hurts the DHS' cybersecurity abilities by disrupting operations and forcing personnel to move into new positions and adopt new responsibilities. This causes clashes between colleagues.

"Absolutely, it's a problem for consistency and continuity," said Michael Brown, a former high-level DHS cybersecurity official, the source reported.

Finally, the news source emphasized that these internal problems have complicated DHS efforts to push Congress to pass new cybersecurity legislation. Specifically, the DHS has for some time wanted Congress to clarify the agency's jurisdiction in this area, but nothing has come of this.

Cybersecurity solutions
Clearly, the DHS' cybersecurity struggles are deep-rooted and unlikely to be resolved in the near future. Considering the important role the DHS plays in protecting other federal agencies from hackers and cybercriminals, this presents a major problem for the federal government at large.

One possible strategy for agencies worried about this issue may be to work with third-party cybersecurity solutions providers. These firms can help agencies design, implement and maintain robust, comprehensive cybersecurity strategies, protecting key government information from the threats posed by attackers. However, for this approach to work, agency leaders must be careful to work only with trusted service provides with robust public sector experience.