Ripon Forum


Vol. 52, No. 4

View Print Edition

In this edition

With polls showing that over 80% of the American people view cyberterrorism as one of the top threats facing the United States, the latest Ripon Forum examines what is being done to prevent a “Cyber 9/11.”

In Memorian: “An Enduring Peace”

In tribute to the life and accomplishments of the late John McCain, we republish his 2008 interview with the Forum that not only remains remarkably relevant today, but reminds us why he will be missed.

THE NEW OFFENSIVE

America has played defense long enough when it comes to cybersecurity. In the face of an increasing multitude of threats, it is time to go on offense.

Elevating Cyber Command:

The elevation of CYBERCOM earlier this year is a move whose time has definitely come. In fact, the only possible criticism could be: “What took you so long?”

The Magnitude of the Cyber Threat Facing America

With an estimated 40 billion new devices expected to be interconnected by 2020, the American people — and the U.S. economy — are more vulnerable than ever before to a cyber attack.

Defending the Grid

With cyber threats continuing to grow and evolve, the public & private sector are working together to protect America’s supply of electric power.

Closing the Federal Cyber Workforce Gap

A recent OMB report highlighted the fact that Three quarters of federal agencies lack the capability “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

Paper Ballots & Election Security:

Eliminating the human element from filling out paper ballots is as essential to election security as ensuring election machines produce a voter verifiable paper ballot.

Safeguarding the Mid-Terms

There’s a mixed bag of actions being taken by election officials in states across the country in order to mitigate the infiltration of election systems during the 2018 mid-terms.

Troubling Trends in the Federal Budget

Elected leaders profess to be concerned about the nation’s long-term economic growth. You’d never know it, however, by looking at the federal budget.

A Failure on 9/11, and a Lesson Finally Learned

Prior to 2001, the ability to communicate over commercial wireless carriers would routinely be unavailable during major incidents — times when first responders need it the most.

Ripon Profile of Jackie Walorski

The Indiana Congresswoman discusses, among other topics, the importance of farmers and manufacturers in her District, and how tariffs will impact their work.

Closing the Federal Cyber Workforce Gap

The exodus of about 20 top FBI cybersecurity leaders in the past five years is a troubling development given the serious threats faced by our election systems, financial networks, the electric power grid, and the vast trove of sensitive data held by federal agencies.

Unfortunately, the FBI’s cyber workforce predicament is emblematic of the experience across the federal government. Agencies are routinely losing out in the competition with higher-paying private-sector employers for scarce cyber talent, often lacking employees with the skills needed to detect and prevent cyber-attacks, and failing to take full advantage of the authority they have to hire and retain information security professionals.

A recent report in May by the Office of Management and Budget found that three quarters of the federal agencies lack the capability in terms of manpower, skill level and technology “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

According to recent estimates, there were 301,873 cybersecurity job openings in the U.S. between April 2017 and March 2018, including 13,610 jobs in the public sector that includes the federal government. Attempts to address the talent gap in government have been made by Congress along with the Obama administration and now President Trump, but agencies have displayed a glaring lack of urgency to identify their talent needs and take steps to make up for the deficiencies.

A recent report by the Office of Management and Budget found that three quarters of the federal agencies lack the capability “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

In 2014, for example, Congress passed the Homeland Security Cybersecurity Workforce Assessment Act that directed the Department of Homeland Security to identify all of its cybersecurity positions and assess where it was falling short. The Government Accountability Office reported in March that after nearly four years, the Department still did not have a full understanding of its cyber workforce or the skills it needed to protect its networks and the public at large.

In addition, Rep. Michael McCaul (R-Tex.), Chairman of the House Homeland Security Committee, earlier this year chastised DHS for being far too slow in using a special hiring authority provided by Congress to more quickly bring new cyber talent on board.

Government-wide, the GAO reported in June that the process federal agencies are supposed to use under the Federal Cybersecurity Workforce Assessment Act of 2015 to categorize and account for cybersecurity workforce skill gaps has been plagued by missed deadlines and delinquent reporting. The GAO said the Office of Personnel Management fell behind schedule in establishing a structure to track government cybersecurity positions, but it also noted that some of the cyber workforce assessments made by the major agencies have been unreliable or incomplete.

To its credit, the Trump Administration’s plan to reorganize government operations has recognized that reducing agency vulnerability to malicious actors requires investing in the cybersecurity workforce. It has offered several ideas that my organization, the Partnership for Public Service, previously recommended. These proposals include scaling hiring flexibilities across government, promoting employee mobility among agencies, government-wide cyber training programs, and use of retention incentives for entry- and mid-level cyber professionals.

To its credit, the Trump Administration’s plan to reorganize government operations has recognized that reducing agency vulnerability to malicious actors requires investing in the cybersecurity workforce.

Making real progress on these and other initiatives, however, will require determined and sustained leadership from the White House and agency leaders.

As a start, agency leaders need to comply with the Cybersecurity Workforce Assessment Act to fully understand their needs and begin to recruit and hire qualified people. At the same time, the administration should facilitate faster hiring by standardizing job descriptions, reforming the lengthy security clearance process that is now a major barrier to getting people on board, and directing human resources professionals and hiring managers to immediately start using available special hiring authorities.

OPM has granted agencies what is known as direct-hire authority for cybersecurity jobs, but a lack of awareness by some hiring managers combined with the rule-bound hiring process still limits its effectiveness. One notable authority, the Competitive Service Act of 2015, enables agencies to share lists of qualified, ready-to-hire candidates who have not been hired by a particular agency, but it has yet to be used in any significant way.

Agencies also should expand their use of cybersecurity internships and fellowships that provide additional opportunities for younger cybersecurity specialists to enter public service, and they should take a page from the United States Digital Service recruitment playbook. To attract talented tech experts into government, USDS has focused on building the government’s brand, engaging subject matter experts in recruiting, and assessing talent by using specialized recruiters and proactively communicating with candidates throughout the hiring process.

The Trump Administration has the opportunity to make significant progress in closing the federal cyber workforce gap, but strong leadership, a serious commitment, and a sense of urgency are essential. There are clearly obstacles to overcome, including the nationwide shortage of skilled cyber professionals and competition from the higher-paying private sector. But federal leaders must take full ownership and begin to solve a serious workforce problem that is central to protecting our government’s digital infrastructure.

Max Stier is the president and CEO of the Partnership for Public Service.