Vote Set on DHS Cybersecurity Workforce Plan

Bill Aims to Enhance DHS Cybersecurity Readiness

By , October 28, 2013.
Bill sponsor Rep. Yvette Clarke
Bill sponsor Rep. Yvette Clarke

The House Homeland Security Committee will vote Oct. 29 on legislation aimed at strengthening the cybersecurity workforce at the Department of Homeland Security.

See Also: Automate and Standardize your IAM to Radically Reduce Risk

The legislation, HR 3107, is known as the Homeland Security Cybersecurity Boots-on-the-Ground Act, and would require DHS to develop:

  • Occupation classifications for individuals performing activities to advance its cybersecurity mission. DHS would be required to ensure that the classifications be made available to other federal agencies.
  • A workforce strategy that enhances the readiness, capacity, training, recruitment and retention of the DHS cybersecurity workforce, including a multi-phased recruitment plan and a 10-year projection of federal workforce needs.
  • A process to verify that employees of independent contractors who serve in DHS cybersecurity positions receive initial and recurrent information security and role-based security training commensurate with assigned responsibilities.

The bill also directs DHS's chief human capital officer and chief information officer to assess the readiness and capacity of the department to meet its mission to protect government and private-sector IT. It requires the DHS secretary to provide Congress with updates on the development and implementations of cybersecurity strategies, assessments and training.

Jane Holl Lute, who stepped down in April as DHS deputy secretary, says provisions in the bill would reinforce steps taken by the department. Lute, chief executive of the Council on Cybersecurity, a not for profit promoting a secure Internet, says DHS had designated each of some 1,500 positions in the department into one of 11 critical cybersecurity skills.

Lute says future hiring will be based on those designated skills. "DHS has refined the job descriptions, standards of competency performance and other requirements of each of these positions," she says. "The plan was to offer this material to all federal departments."

Evolving InfoSec Workforce

Diana Burley, associate professor at George Washington University's Graduate School of Education and Human Development, says recruitment plans are valuable but they depend, in a large part, to the ability of each agency to define occupations (see Pitfalls of Professionalizing InfoSec).

But Burley says it will be very difficult for DHS to develop a 10-year projection for a cybersecurity workforce. "The full scope of the workforce has yet to be defined, and the nature of the work - and thus, the workforce - is constantly evolving."

The sponsor of the bill, Rep. Yvette Clarke, a New York Democrat who is the ranking member of the panel's cybersecurity subcommittee, says the legislation is aimed at helping battle cyberthreats "by establishing a process for recruiting and retaining high-level specialists in cybersecurity at the Department of Homeland Security that other federal agencies and private companies will have the ability to access."

DHS has had problems recruiting qualified IT security personnel. In September, the Government Accountability Office reported that DHS's National Protection and Programs Directorate's Office of Cybersecurity and Communications, which houses much of the department's cybersecurity personnel, had a vacancy rate of 22 percent as of June (see DHS's Huge Cybersecurity Skills Shortage).

Lack of Clearly Defined Skills

David Maurer, GAO director of homeland security and justice issues, says IT security recruitment at DHS is hampered by the lack of clearly defined skill sets or a unique occupational series. Maurer says DHS officials told the congressional auditors that they're working to better define and strengthen the required skills set for cybersecurity personnel, including pursuing a specific cybersecurity personnel jobs series, which could help improve recruiting and hiring.

Karen Evans, national director of U.S. Cyber Challenge, a group focused on building America's IT security workforce, says defining specific IT security occupations would help agencies, including DHS, determine what skills should be applied to particular jobs.

Follow Eric Chabrow on Twitter: @GovInfoSecurity

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE What's the President's Influence on EMV?

While fraud-fighting experts are debating the long-term impact President Obama's "BuySecure...

Latest Tweets and Mentions

ARTICLE What's the President's Influence on EMV?

While fraud-fighting experts are debating the long-term impact President Obama's "BuySecure...

The ISMG Network