recommended reading

Bill Would Let DHS Pay Cyber Workers as Much as the Pentagon Pays

Cyber security analysts work in the "watch and warning center" at DHS' cyber defense lab.

Cyber security analysts work in the "watch and warning center" at DHS' cyber defense lab. // Mark J. Terrill/AP File Photo

A Senate committee on Wednesday advanced legislation that would empower the Homeland Security Department to pay DHS cyber recruits as much as Pentagon computer security professionals. There is a shortage of skilled computer security employees at many civilian agencies with heavy cyber responsibilities.

The bill could help DHS compete with the private sector and the U.S. military for scarce talent, say backers in the Homeland Security and Governmental Affairs Committee, which passed the measure by a voice vote. 

But some cybersecurity specialists advising Congress say the bill could be abused to boost information technology hiring that doesn't fill information security staff shortages. 

It has happened before. 

In 2010, then-Homeland Security Department Secretary Janet Napolitano said her department had been granted direct hire authority to add 1,000 new cyber professionals over three years so it could compete with the Defense Department.  However, DHS IT managers hijacked that license, to hire people without cyber skills for regular IT roles, said Alan Paller, director of research for the SANS Institute. 

The Senate bill "included no controls that would stop a repeat of the misuse of hiring authorities," Paller told Nextgov on Wednesday.

An eligible position, according to the legislative text, would be one that "performs, manages, or supervises functions that execute the responsibilities of the department relating to cybersecurity.”

Under current law, Defense can make direct appointments for cyber positions, set rates of basic pay, and provide additional compensation, benefits, incentives, and allowances. Committee members say those authorities give Defense and its Nationals Security Agency an unfair recruiting and retention advantage.

The Senate proposal would provide DHS matching authorities so the department can hire at the same clip and salaries as NSA and other military components, proponents say. 

An amendment agreed to on Wednesday would mandate that Homeland Security follow guidelines by the National Institute of Standards and Technology, called the National Cybersecurity Workforce Framework. The NIST materials include a common vocabulary for cybersecurity work, a uniform classification system for job functions, and specific employment codes.

Paller said the change would not add teeth to the bill. “There is nothing in the framework that enables talent to be assessed,” he said.

The bill, however, includes many reporting and transparency requirements, committee members have pointed out.

Within a year of enactment, and every year after for four years, DHS would be required to hand Congress a "detailed report" that discusses the processes for vetting cyber candidates, giving preference to veterans, and measuring results, among other things. 

The department would have to quantify progress, under the proposal.  

It requires an accounting of the number of cyber employees hired for each occupation and pay grade, people placed in particular offices, and employees who leave the department.  

Four months after enactment of the bill, DHS would have to give lawmakers an execution plan.

In addition, Homeland Security would have to coordinate with the Office of Personnel Management on regulations to carry out the legislation. 

The Justice Department also is trying to bolster its cyber squads. The department has been granted the ability to fast-track cyber job offers through a "direct hire authority," Justice Chief Information Security Officer Melinda Rogers told Nextgov last week.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.