New bill would help identify federal cybersecurity personnel shortages
One of the biggest cybersecurity challenges facing the U.S. government today is the lack of experts among federal agencies. Departments simply do not have enough cybersecurity professionals on staff to adequately defend their organizations within the evolving threat landscape. The most significant issue here is that the private sector offers better compensation and career opportunities to the most qualified personnel in this field. However, federal cybersecurity efforts are further hampered by ambiguity regarding their workforce needs. It is not clear how many of these IT experts are employed by agencies, nor which departments are the most short-handed.
A new proposed piece of legislation aims to improve this situation, at least within the Department of Homeland Security. As The Ripon Advance reported, the bill, which recently received Senate approval, should help the DHS to determine cybersecurity staff levels, identifying areas most in need of additional assistance and improvement.
Cybersecurity at the DHS
The relevant provision, provided by Sen. Rob Portman (R-Ohio) is part of a broader piece of legislation. Key to this effort is a stipulation that introduces a classification system for identifying cybersecurity staff among agencies within the DHS, the news source explained.
Currently, the lack of a classification system makes it difficult, or even impossible, to accurately determine how many cybersecurity professionals are on staff at any given agency. This is due to the various different ways that cybersecurity-related work is defined, The Ripon Advance reported. Without a standardized understanding of what qualifies as cybersecurity, neither the DHS nor any other agency can make the best decisions when it comes to allocating its human resources.
"I applaud the passage of this critical legislation because it will make it easier for the Department of Homeland Security to have world-class, highly-trained cybersecurity employees in place to secure a vast array of sensitive information and support the protection of our critical infrastructure," said Portman, according to the news source. "This is an important first step and I hope the Senate will now pass our broader, government-wide version of this legislation."
In addition to defining cybersecurity roles more precisely, the provision establishes related milestones, timelines and responsibilities for DHS agencies to abide by. The Department will also have to deliver a report to Congress regarding its cybersecurity workforce weaknesses, the news source explained.
Protecting the government
While this provision would mark an important step forward for the DHS' cybersecurity efforts, it does not address the more significant underlying issues. This may help the DHS to distribute its cybersecurity staffers more effectively, but there will still be a severe shortage of qualified professionals employed both here and throughout the federal government.
To truly protect agencies from the threats posed by cybercriminals and state-sanctioned hackers, department leaders need to consider alterative approaches. One key option is to partner with a third-party cybersecurity firm. These organizations can offer a robust, customized strategy, along with the IT tools and personnel to execute the plan.