No Easy Fix for Cyber Workforce Shortage

The federal government’s cybersecurity worker shortage won’t be fixed by a smattering of scholarships and incentives, tech executives told lawmakers Thursday.

The global cyber workforce shortage in both the public and private sector is projected to reach 1.8 million by 2022. That shortage is spurred by the proliferation of internet-connected devices, interconnections between existing systems and by the growth of cyber crime networks that feed off those devices’ vulnerabilities.

The government, industry and universities have tried to respond by minting more cybersecurity pros, encouraging more people to join the industry and paying them more once they do. But time and math simply aren’t on their side, panelists told the House Homeland Security Committee’s cyber panel.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

“I don’t think it’s a lack of interest or a lack of programs,” McAfee Vice President Scott Montgomery told lawmakers. “I don’t think it’s a lack of education institutions offering education…We simply have far more demand than our ability to fulfill and that will get worse as more devices are enabled.”

The hearing came days after the Commerce Department’s National Initiative for Cybersecurity Education released its Cybersecurity Workforce Framework, which aims to create a common lexicon to help institutions discuss cyber jobs and their duties.

Panelists lauded several existing scholarship programs, such as the National Security Agency’s National Centers of Academic Excellence in Cyber Defense and the National Science Foundation’s CyberCorps Scholarship for Service.

Frederick Chang, a former NSA director of research, praised legislation pending in both the House and Senate that would extend the NSF scholarship program from four-year universities to also serve community colleges.

The government could also invest in star power by recruiting some top cybersecurity pros from the private sector who new graduates would be eager to work with, said Chang, who now leads the cybersecurity program at Southern Methodist University.

Panelists other proposals included easing the path for private sector cyber workers to take short term tours in government working on securing unclassified systems and sharing more threat information between the private sector and government so there’s more shared burden.

Congress might also give the Homeland Security Department and other agencies more leeway to spike salaries for new cyber workers and boost efforts to recruit women and minorities into government cyber jobs, panelists said.

Those efforts alone, however, won’t fill the gap—especially in the short term, panelists said.

“You have these dynamic factors,” Montgomery said,” the number of systems, the attacks against those systems, the lucrative nature of cyber crime, the interconnectivity of devices to just about everything these days. It creates an untenable math problem that the practitioner can’t solve by himself.”