DHS Cybersecurity Workforce

Posted on September 10, 2018
Secure federal computer systems depend on the federal and contractor workforce who design, develop, implement, secure, maintain, and use them. But the federal government faces a persistent shortage of workers trained in cybersecurity and information technology. The Department of Homeland Security is the lead agency responsible for protecting the nation's critical infrastructure from cyber threats. So, how is DHS assessing its cybersecurity workforce needs? Today’s WatchBlog explores. The Homeland Security Cybersecurity Workforce Act Having an effective cybersecurity workforce is particularly essential to DHS’s mission.  It must protect the confidentiality, integrity, and availability of its own computer systems and information. Also, DHS coordinates with public and private sector partners in protecting federal civilian networks and the nation’s critical infrastructure. The Homeland Security Cybersecurity Workforce Assessment Act of 2014 (Act) requires DHS to:
  • identify all cybersecurity workforce positions within the department
  • determine the cybersecurity work category and specialty area of such positions
  • assign the corresponding employment code to each cybersecurity position
  • identify and report on its cybersecurity workforce areas of critical need
Is DHS meeting requirements of the Act? We found that while DHS has acted to comply with the requirements of the Act, its actions have neither been timely nor complete. For example, DHS did not:
  • complete efforts to identify all of the department’s cybersecurity positions
  • establish procedures to identify, categorize, and code its cybersecurity position vacancies and responsibilities
  • accurately assign codes to all filled and vacant cybersecurity positions
In addition, although DHS has sought to identify its workforce capability gaps, it has not identified or reported to Congress or the Office of Personnel Management on its critical cybersecurity needs in specialty areas. We recommended that DHS take six actions to ensure that:
  • its cybersecurity workforce procedures identify position vacancies and responsibilities
  • reported workforce data are complete and accurate
  • plans for reporting on critical needs are developed
DHS concurred with the recommendations and stated it planned to take actions to address them in 2018.