recommended reading

Bill Would Let DHS Pay Cyber Workers as Much as the Pentagon Pays

Cyber security analysts work in the "watch and warning center" at DHS' cyber defense lab.

Cyber security analysts work in the "watch and warning center" at DHS' cyber defense lab. // Mark J. Terrill/AP File Photo

A Senate committee on Wednesday advanced legislation that would empower the Homeland Security Department to pay DHS cyber recruits as much as Pentagon computer security professionals. There is a shortage of skilled computer security employees at many civilian agencies with heavy cyber responsibilities.

The bill could help DHS compete with the private sector and the U.S. military for scarce talent, say backers in the Homeland Security and Governmental Affairs Committee, which passed the measure by a voice vote. 

But some cybersecurity specialists advising Congress say the bill could be abused to boost information technology hiring that doesn't fill information security staff shortages. 

It has happened before. 

In 2010, then-Homeland Security Department Secretary Janet Napolitano said her department had been granted direct hire authority to add 1,000 new cyber professionals over three years so it could compete with the Defense Department.  However, DHS IT managers hijacked that license, to hire people without cyber skills for regular IT roles, said Alan Paller, director of research for the SANS Institute. 

The Senate bill "included no controls that would stop a repeat of the misuse of hiring authorities," Paller told Nextgov on Wednesday.

An eligible position, according to the legislative text, would be one that "performs, manages, or supervises functions that execute the responsibilities of the department relating to cybersecurity.”

Under current law, Defense can make direct appointments for cyber positions, set rates of basic pay, and provide additional compensation, benefits, incentives, and allowances. Committee members say those authorities give Defense and its Nationals Security Agency an unfair recruiting and retention advantage.

The Senate proposal would provide DHS matching authorities so the department can hire at the same clip and salaries as NSA and other military components, proponents say. 

An amendment agreed to on Wednesday would mandate that Homeland Security follow guidelines by the National Institute of Standards and Technology, called the National Cybersecurity Workforce Framework. The NIST materials include a common vocabulary for cybersecurity work, a uniform classification system for job functions, and specific employment codes.

Paller said the change would not add teeth to the bill. “There is nothing in the framework that enables talent to be assessed,” he said.

The bill, however, includes many reporting and transparency requirements, committee members have pointed out.

Within a year of enactment, and every year after for four years, DHS would be required to hand Congress a "detailed report" that discusses the processes for vetting cyber candidates, giving preference to veterans, and measuring results, among other things. 

The department would have to quantify progress, under the proposal.  

It requires an accounting of the number of cyber employees hired for each occupation and pay grade, people placed in particular offices, and employees who leave the department.  

Four months after enactment of the bill, DHS would have to give lawmakers an execution plan.

In addition, Homeland Security would have to coordinate with the Office of Personnel Management on regulations to carry out the legislation. 

The Justice Department also is trying to bolster its cyber squads. The department has been granted the ability to fast-track cyber job offers through a "direct hire authority," Justice Chief Information Security Officer Melinda Rogers told Nextgov last week.

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.