The announcement on June 4th of a massive cybersecurity attack that compromised data stored on Office of Personnel Management (OPM) systems for 4.2 million current and former federal employees is the most recent head-smacking report of how porous the government’s cyber defense systems apparently are. It is also another searing reminder of how vulnerable United States government and private sector data continue to be. Again and again, with alarming frequency, the refrain of common questions arises and attention is focused on the dire need to strengthen and secure the government’s cyber defenses.
OPM officials were quick to identify aging legacy systems as the main culprit behind the massive data theft. Of course, such vulnerability encourages more attacks and more extensive damage. With no foreseeable abatement and – to the contrary – the prospect of increasingly sophisticated cyber invasions, with at least some appearing to implicate enemy nation states, more than new and enhanced infrastructure is needed. Implementing critically needed structural improvements will take time. Right now, however, experienced, talented and top-flight cybersecurity professionals should be hired and quickly brought on board. Once in place, the cyber experts should make a comprehensive assessment of existing systems, identify and thoroughly examine their vulnerabilities, and then develop the most comprehensive and iron-clad cyber defense possible – one that withstands attacks of evolving sophistication and is subject to ongoing monitoring. The enhanced program also should be capable of quickly and effectively responding to incidents.
As part of a series of cyber security bills enacted last year, Congress passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (the Act). The law is intended to help the Department of Homeland Security (DHS) recruit and retain cybersecurity professionals. For DHS, which is responsible for securing civilian government computer systems, a top-flight and expertly trained cybersecurity workforce is an absolute necessity to carry out its security mission.
The Act supports DHS’s efforts to overcome workforce deficiencies by authorizing the Secretary of Homeland Security (the Secretary) to create new cybersecurity positions and offer comparable pay to that which like professionals earn at the Department of Defense. The Act also requires that for four years, the Secretary submit annual reports on DHS’s cybersecurity hiring plans for filling critical needs, and metrics to measure progress on the recruitment and retention of cybersecurity professionals. These measures are to be complemented by other recent laws and DHS initiatives.
The Cybersecurity Workforce Assessment Act, which also was passed last year, requires DHS to assess its cybersecurity workforce and evaluate its readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of DHS. In addition, DHS also launched the 2015 Secretary’s Honors Program Cyber Student Volunteer Initiative, which will train students in cybersecurity.
The devastating attacks, ongoing risks, and intense government focus on cybersecurity are expected to create ample opportunities for skilled and experienced cybersecurity professionals to work as contractors for DHS and other government agencies. In addition, the government’s need for specialized systems will continue to present enviable opportunities for qualified cybersecurity experts to provide their services and expert advice. For example, the government recently announced that $98 million in contracts were being awarded for work on the U.S. Air Force’s network defense and enemy cyber deception. As cyber attacks and risks continue and evolve, the long-term needs for a skilled and effective workforce likewise are expected to continue and grow in order to better protect the security of the United States and its corporate and individual citizens.