Cyber worker shortage hurting operations

Although the U.S. is in the top tier for educating new cybersecurity workers, the small talent pool is still a significant challenge for industry and government, according to a new survey.

Intel Security, in partnership with the Center for Strategic and International Studies (CSIS), polled 775 IT cybersecurity decision-makers in the U.S., U.K., France, Germany, Australia, Japan, Mexico and Israel. The resulting report, "Hacking the Skills Shortage: A Study of the International Shortage in Cyber Skills," states that 82 percent of the executives said they do not have enough cybersecurity workers, and 71 percent said the shortage is doing direct and measurable damage to their operations.

That shortage is particularly troublesome for the Department of Homeland Security, which is charged with helping protect critical infrastructure and civilian agency networks, said Phyllis Schneck, deputy undersecretary for cybersecurity and communications at DHS' National Protection and Programs Directorate (NPPD).

"Cyber adversaries have no lawyers, no rules [and] plenty of money," she said at the event CSIS held on July 27 to release the study. "All they have to do is execute. We have to protect a way of life."

And that vulnerability could increase as federal agencies move toward managed services, said James Lewis, a senior vice president and director of CSIS' Strategic Technologies Program. He told FCW that the agencies using managed services must be aware their provider's security capabilities.

One piece of good news: The study shows that the U.S excels at cybersecurity education. The country has six top universities with cybersecurity programs, the second highest rate of government expenditure on education among the eight countries and strong performances in computer hacking competitions.

Nevertheless, 53 percent of respondents said the cybersecurity skills shortage is worse than talent deficits in other IT professions. They also said the fierce competition for the limited number of cybersecurity workers is ongoing. High-value skills, in particular, are in short supply in some of the most crucial cybersecurity areas, including intrusion detection, secure software development and attack mitigation.

Schneck said DHS has been aggressively targeting cybersecurity professionals and going beyond the traditional government hiring practices. She added that DHS was conducting a cybersecurity job fair at a hotel in Washington a few miles from the CSIS event, and the department has a new capability to offer jobs on-the-spot to particularly attractive candidates.

Furthermore, the department's plan to reorganize NPPD into a new entity that cuts across the National Cybersecurity and Communications Integration Center, the Office of Infrastructure Protection and the Federal Protective Service would have physical security and cybersecurity experts working side by side. She said that approach could attract cybersecurity professionals who want to help protect critical parts of the U.S. infrastructure.

Schneck also reiterated her support for a new career path for cybersecurity employees that would allow them to move more freely between the federal government and the private sector, thereby enhancing their skills and the security of both sectors.