Three Challenges for Cybersecurity

The federal government's need for attracting and retaining cybersecurity expertise has been making a lot of headlines lately, especially in light of the cyberattacks that knocked a few U.S. and South Korean Web sites off line earlier this month. A <a href="http://wiredworkplace.nextgov.com/2009/07/cyber_insecurity.php">report</a> released last week by the Partnership for Public Service and Booz Allen Hamilton found that a successful government scholarship program that graduates about 120 students each year and places them in federal cybersecurity jobs is not coming close to meeting the demand for such expertise. Officials estimate that between 500 and 1,000 such graduates are needed each year.

The federal government's need for attracting and retaining cybersecurity expertise has been making a lot of headlines lately, especially in light of the cyberattacks that knocked a few U.S. and South Korean Web sites off line earlier this month. A report released last week by the Partnership for Public Service and Booz Allen Hamilton found that a successful government scholarship program that graduates about 120 students each year and places them in federal cybersecurity jobs is not coming close to meeting the demand for such expertise. Officials estimate that between 500 and 1,000 such graduates are needed each year.

I spoke on Wednesday with Frank Reeder, who's served more than 35 years in government and most recently served as a member of President Obama's agency review team for the Office of Management and Budget, and he offered insight on what he believes are three challenges that plague the government's ability to recruit and retain cybersecurity expertise.

First, he said the economy has not produced enough technically qualified people to provide the resources the government needs to defend systems. The government also holds no rigorous certification process that allows it to distinguish between individuals with general cybersecurity skills and specialty skills, he added. "To me, the medical metaphor makes sense," he said. "Cybersecurity is not a single field; it is like medicine, a field that requires a range of subspecialties. We may need a generalist running the hospital, but when I go in for neurosurgery, I want someone who is a certified neurosurgeon. The world of cybersecurity has the same type of complexity."

The third problem, Reeder added, is the general problem across the federal workforce: Government does not provide for career mobility for employees, regardless of career level. For example, the government should be in a position where it can engage federal IT workers in shared training and rotational assignments across agencies and with the private sector, he said. Obviously, some federal agencies have that capability. But, Reeder added, "the mechanisms are not in place to do that without a great deal of pain and suffering. ... It's a single tune I'm singing, and it's a human capital problem, not a federal workforce problem."

NEXT STORY A Look at Generation Z