recommended reading

Homeland Security pushes pay boost for cyber pros

Cybersecurity analysts at the Homeland Security Department.

Cybersecurity analysts at the Homeland Security Department. // Mark J. Terrill/AP file photo

The Homeland Security Department made a final pitch to Congress to equalize pay packages for DHS cyber professionals and their higher-paid Pentagon counterparts, as cybersecurity legislation looked likely to stall for the third consecutive year.

“This legislation takes an important step in terms of hiring and retaining personnel,” DHS Deputy Secretary Jane Holl Lute said Wednesday afternoon, referring to a White House-backed Senate cybersecurity bill that is faltering amid partisan divides.

The measure, S.3414, states that the DHS “secretary may exercise with respect to qualified employees of the department the same authority of that the secretary of Defense has with respect to civilian intelligence personnel . . . to establish as positions in the excepted service, to appoint individuals to those positions and [to] fix pay.”

DHS expects higher salaries and better benefits will provide more leverage in hiring scarce talent from competitors inside and outside government. As of last week, the Air Force reported a cyber workforce of about 17,000 personnel and the Army counted more than 21,000 information security guardians. Estimates by DHS, the Defense Department and the Government Accountability Office tallied fewer than 1,500 DHS cyber professionals compared with 66,000 to 88,000 pros Defensewide.

But any major computer security bill is unlikely until 2013, for reasons ranging from election campaigning to fears of big government, political experts say.

In the meantime, DHS is trying to get creative with existing authorities to attract new employees. For instance, Homeland Security Secretary Janet Napolitano on June 6 announced a new task force will devise workforce-building strategies such as cyber competitions, enhanced public-private programs and cooperation with other departments to “develop an agile cyber workforce across the federal government,” officials said in a statement.

Alan Paller, research director at the SANS Institute, a computer security training center, and Jeff Moss, founder of the annual Black Hat and DefCon hacker conferences, are co-chairing the advisory panel.

“They came up with the coolest solutions to the cyber manpower problem I have ever seen,” Paller said on Wednesday, declining to elaborate on the ideas because of advisory committee nondisclosure rules. “There is no doubt in my mind they will work and that they will work quickly.”

According to Paller, other members of the 15-person task force include Steve Adegbite, director of strategic cyber innovations for Lockheed Martin Corp.; Asheem Chandna, a partner at venture capital company Greylock Partners; Larry Cockell, a 20-year Secret Service veteran now serving as chief security officer at Time Warner; Mike Papay, senior vice president of cyber initiatives for Northrop Grumman Corp.; Facebook Chief Security Officer Joe Sullivan; and Rita Wells, an Idaho National Laboratory researcher who oversees industrial control system test beds.

On Wednesday, Lute, along with military and intelligence officials, spoke with reporters during a conference call about the urgency of passing legislation. Among other things, Homeland Security wants the law to clarify that DHS is the federal government’s lead agency for protecting the networks operating critical infrastructure, such as power lines and dams.

“It’s a mission we’re already performing,” she said. Lute compared critical infrastructure to the “endoskeleton of modern life.”

Eric Rosenbach, deputy assistant secretary of defense for cyber policy, said the Senate legislation would cement DHS as the “digital front door” in cybersecurity, without preventing the military and other agencies from conducting sensitive network operations. The thinking is DHS would take the lead in partnering with critical sectors on information sharing to ensure military forces and law enforcement agents do not violate Americans’ privacy while executing their cyber missions.

Still, even if the measure passes this week before Congress adjourns for summer vacation, the House, which approved a different bill in April, would need time to reconcile inconsistencies with the Senate.

“Both bills have fallen prey to the limits of the current American political climate, where special interests and disputes over the appropriate role of government have combined to harm national security -- and, as a result, neither will do much to protect the United States from cyber threats,” James A. Lewis, a researcher at the Center for Strategic and International Studies who advises Congress and the Obama administration, wrote Tuesday in Foreign Affairs.

He lamented that neither bill will compel companies to take steps to secure their networks.

“Congress could fix this if it revised the [Senate] cybersecurity act one more time to give the federal government the ability to mandate compliance with reasonable standards when this is needed to defend the nation, but there is probably not enough time before Congress goes out of session to do this,” Lewis wrote. “Most observers believe that the United States will only get effective cybersecurity legislation after there has been a crisis and that the country will then overreact, trampling privacy and putting in place rigid requirements.”

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.