Needed Now: Experienced and Talented Cybersecurity Professionals to Protect Government Data Systems

01 July 2015 Manufacturing Industry Advisor Blog

The announcement on June 4th of a massive cybersecurity attack that compromised data stored on Office of Personnel Management (OPM) systems for 4.2 million current and former federal employees is the most recent head-smacking report of how porous the government’s cyber defense systems apparently are. It is also another searing reminder of how vulnerable United States government and private sector data continue to be. Again and again, with alarming frequency, the refrain of common questions arises and attention is focused on the dire need to strengthen and secure the government’s cyber defenses.

OPM officials were quick to identify aging legacy systems as the main culprit behind the massive data theft. Of course, such vulnerability encourages more attacks and more extensive damage. With no foreseeable abatement and – to the contrary – the prospect of increasingly sophisticated cyber invasions, with at least some appearing to implicate enemy nation states, more than new and enhanced infrastructure is needed. Implementing critically needed structural improvements will take time. Right now, however, experienced, talented and top-flight cybersecurity professionals should be hired and quickly brought on board. Once in place, the cyber experts should make a comprehensive assessment of existing systems, identify and thoroughly examine their vulnerabilities, and then develop the most comprehensive and iron-clad cyber defense possible – one that withstands attacks of evolving sophistication and is subject to ongoing monitoring. The enhanced program also should be capable of quickly and effectively responding to incidents.

As part of a series of cyber security bills enacted last year, Congress passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (the Act). The law is intended to help the Department of Homeland Security (DHS) recruit and retain cybersecurity professionals. For DHS, which is responsible for securing civilian government computer systems, a top-flight and expertly trained cybersecurity workforce is an absolute necessity to carry out its security mission.

The Act supports DHS’s efforts to overcome workforce deficiencies by authorizing the Secretary of Homeland Security (the Secretary) to create new cybersecurity positions and offer comparable pay to that which like professionals earn at the Department of Defense. The Act also requires that for four years, the Secretary submit annual reports on DHS’s cybersecurity hiring plans for filling critical needs, and metrics to measure progress on the recruitment and retention of cybersecurity professionals. These measures are to be complemented by other recent laws and DHS initiatives.

The Cybersecurity Workforce Assessment Act, which also was passed last year, requires DHS to assess its cybersecurity workforce and evaluate its readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of DHS. In addition, DHS also launched the 2015 Secretary’s Honors Program Cyber Student Volunteer Initiative, which will train students in cybersecurity.

The devastating attacks, ongoing risks, and intense government focus on cybersecurity are expected to create ample opportunities for skilled and experienced cybersecurity professionals to work as contractors for DHS and other government agencies. In addition, the government’s need for specialized systems will continue to present enviable opportunities for qualified cybersecurity experts to provide their services and expert advice. For example, the government recently announced that $98 million in contracts were being awarded for work on the U.S. Air Force’s network defense and enemy cyber deception. As cyber attacks and risks continue and evolve, the long-term needs for a skilled and effective workforce likewise are expected to continue and grow in order to better protect the security of the United States and its corporate and individual citizens.

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services