Federal agencies should implement new procedures to ensure their workforce is prepared for new cybersecurity threats, warned a federal report Tuesday.
The current digital era has brought about technologies that have radically changed society, and allowed for a more convenient way to complete tasks and share information. They’ve also brought new threats that make cybersecurity an important component to protecting private information.
The Government Accountability Office (GAO) looked at how federal agencies should better prepare their cybersecurity workforce for the ever-evolving threats. The report suggests federal agencies should identify skill gaps, recruit a qualified workforce, and review their hiring guidelines to ensure they aren’t losing needed talent.
“Threats to federal IT infrastructure continue to grow in number and sophistication, posing a risk to the reliable functioning of our government,” the report said. “Compounding the risk, systems used by federal agencies often have security vulnerabilities.”
The GAO has designated federal information systems as a high-risk area since 1997. The report was submitted as testimony during a recent congressional hearing. The House Oversight and Government Reform committee is examining how to best train and recruit a qualified cybersecurity workforce.
“Having cybersecurity professionals in the federal workforce to help to prevent or mitigate vulnerabilities in federal IT systems that can be exploited by the increasing number of threats from a variety of sources is essential,” the report said. “However, achieving a resilient, well -trained, and dedicated cybersecurity workforce to help protect our information and infrastructure has been a long-standing challenge for the federal government.”
More people are sharing information online, making cybersecurity an ever-increasing necessity. Online banking and other services make tasks easier, but also expose personal information. The International Data Corporation found businesses worldwide are expected to spend $101.6 billion on cybersecurity software in 2020.
The GAO first suggests federal agencies should work to better identify skill gaps. Federal agencies have struggled to effectively define cybersecurity staffing needs over the last several years. The Office of Personnel Management should also improve its efforts to close government-wide skills gaps.
Federal agencies could also improve how they recruit and retain qualified cybersecurity staff. Federal chief information security officers face significant challenges in recruiting and retaining those with needed skills. Agencies could offer incentives like loan repayment plans and relocation to better obtain needed skills.
The GAO also suggests the federal hiring process might need to be retooled. It notes the hiring process may cause agencies to lose out on qualified candidates. The federal government has lost top candidates due to a slow and an ineffective hiring process delayed by outdated assessment methods.
The Federal Communications Commission has recently softened its tone when it comes to cybersecurity. Former Chairman Tom Wheeler pushed for increase cybersecurity before leaving. New Chairman Ajit Pai described the agency as more consultative as opposed to establishing uniform rules.
The GAO also sees opportunities in educational programs. Career and study programs alongside scholarships could help ensure upcoming generations have the needed skills to overcome future of digital threats. The National Initiative for Cybersecurity Careers and Studies, for instance, was launched in 2013 as an online resource to connect government employees, students, educators, and industry with cybersecurity training providers.
The GAO notes it’s made numerous recommendations to federal agencies over the past several years, and that those agencies are in various stages of implementing its suggestions.