The Department of Homeland Security (DHS) needs to improve its cyber workforce planning to meet Congressional mandates and improve the department’s capabilities, according to a report from DHS’ inspector general, released September 23.
The report found that DHS has not fully followed the requirements of the Cybersecurity Workforce Assessment Act of 2015 on time due to the time needed for information collection to report to Congress and the lack of a comprehensive workforce strategy. In addition, DHS’ reports to Congress did not include all required elements in the bill, such as identifying its vacancies or whether positions were filled by Federal personnel or contractors.
“Without a complete workforce assessment and strategy, DHS is not well positioned to carry out its critical cybersecurity functions in the face of ever-expanding cybersecurity threats,” the report found.
Hampering DHS in its implementation of the law is the lack of centralized data, multiple new requirements for DHS in 2014 and 2015 around the cyber workforce, and a lack of training on the new reporting requirements. The responsibilities for reporting fell to the Chief Human Capital Officer, who had four full-time positions to implement three overlapping laws on DHS’ workforce, and the department opted to consolidate reporting requirements for all three into one annual report. This led to some aspects of the Cybersecurity Workforce Assessment Act not being included in the report.
However, the inspector general emphasized the benefits of a detailed workforce assessment, and the need for a better understanding of the cybersecurity workforce at DHS.
“The potential impact of cybersecurity incidents includes loss or theft of critical data, compromised files related to millions of individuals, and degraded network or system performance, to name a few. These possibilities make it imperative that the Department intensify its efforts to retain current and recruit prospective cybersecurity employees to help manage this threat,” the report states.
DHS agreed to the inspector general’s recommendations to assign the necessary resources to fully implement the law, with a much more robust human resources staff in place and data legwork completed.