Bill Aims to Strengthen DHS InfoSec Staff

Granting DHS Same Cyber Hiring Privileges as DoD
Bill Aims to Strengthen DHS InfoSec Staff
Senate Homeland Security Committee Chairman Tom Carper

A Senate committee is set to debate and vote on a bill to help beef up the Department of Homeland Security's cybersecurity workforce.

See Also: The Future of Evolving Workplace Passwords

The DHS Cybersecurity Workforce Recruitment and Retention Act of 2014, if enacted, would give the department the authority to designate specific cybersecurity jobs and set higher-than-usual salaries and furnish other benefits for those positions. The Department of Defense already takes those steps.

The legislation's sponsor and chairman of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, scheduled a committee debate and vote on the measure for May 21, a day after introducing it.

"The demand for cybersecurity experts in the government greatly outpaces the supply, and many agencies have had difficulty attracting the best and brightest and retaining those already in service," Carper, D-Del., says in a statement accompanying the introduction of the bill. "This legislation would help address this problem by giving the secretary of Homeland Security the personnel authorities the department needs to improve their ability to compete with the private sector and other agencies to hire and retain the most skilled cyber workforce."

Under existing law, the defense secretary can designate cybersecurity positions, set basic pay rates and provide additional compensation, benefits, incentives and allowance that enable the Defense Department and National Security Agency to hire faster, pay more and offer retention bonuses. The Senate bill would grant those same authorities to the DHS secretary.

The bill also would require DHS to report to Congress annually on the progress of the program.

Help Desperately Wanted

A GAO audit on DHS recruiting and hiring, issued last September, reported that more than one in five mission-critical cybersecurity-related jobs at a key Department of Homeland Security unit are vacant (see DHS's Huge Cybersecurity Skills Shortage).

David Maurer, GAO director for homeland security and justice issues, says the National Protection and Program Directorate's Office of Cybersecurity and Communications - the DHS unit that houses cybersecurity personnel - had a 22 percent vacancy rate as of last June.

"In attempting to fill cybersecurity positions, NPPD officials reported facing some challenges because of the length of time taken to conduct security checks needed to grant top secret/sensitive compartmented information clearances when needed, low pay in comparison with that of private sector positions and lack of clearly defined skill sets or a unique occupational series for these positions," Maurer said in the GAO audit.

At his confirmation hearing last year, DHS Secretary Jeh Johnson pledged to make it a priority to fill the large number of senior management vacancies, including cybersecurity positions (see Johnson Pledges InfoSec Fixes at DHS).

Another, more comprehensive cybersecurity bill, the National Cybersecurity and Critical Infrastructure Protection Act of 2013, includes provisions to permit the DHS secretary to adjust pay and benefits to attract qualified cybersecurity personnel. That measure, which earlier this year cleared the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies, is awaiting action by the full committee (see Cybersecurity Bill Advances in House).

Carper says he looks forward to working with House Homeland Security Committee Chairman Michael McCaul, R-Texas, sponsor of the House bill, and other lawmakers "to cultivate a strong workforce that can better secure our nation from the evolving cyber threat."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.