A top official promised that there's "more to come" from the White House cyber office on cybersecurity workforce strategy," calling it a "key priority" on the heels of a report recommending that the Office of the National Cyber Director take the lead on the issue.
The new White House cybersecurity office could end up taking the lead on workforce programs and policies in the wake of a congressionally chartered report recommending more centralized coordination to address the gap between open cyber jobs and trained workers.
The report, released on Tuesday by the National Academy of Public Administration (NAPA), was designed to evaluate programs under the direction of the Cybersecurity and Infrastructure Security Agency, but ended up suggesting the Office of the National Cyber Director (ONCD) at the White House take the lead on a strategy spanning agencies within government and among private business and nonprofits.
"I really do want to thank NAPA for a number of the recommendations in your report… calling on the National Cyber Director to show leadership on this space to move the ball forward," said ONCD chief of staff John Costello at a Wednesday event held by NAPA on the release of the report.
"I will tell you this, that call has been heard by us and by Director [Chris] Inglis. It is an issue that we expect to lead on, and frankly Director Inglis feels accountable for" he continued.
The panel also included CISA chief of staff, Kiersten Todt. That agency, part of the Department of Homeland Security, has its own outward-facing efforts aimed to build the pipeline of workers choosing the cybersecurity field, like partnerships with educational institutions from K-12 to higher education.
CISA's role in cybersecurity workforce development is codified in law, and other agencies are also in the game, including the Department of Defense, the National Institute of Standards and Technology and the Office of Personnel Management.
The report calls on Inglis and his staff to integrate these disparate efforts and specify the roles and responsibilities of these different government agencies. For CISA specifically, the report noted that the agency would benefit from its roles in this space being clarified.
CISA's Todt said that "this national strategy that the report calls out … is needed. We need to synchronize efforts …. because there will be a force multiplier effect when we unify."
What Congress thinks of ONCD taking the lead and what exactly might be needed from it to do so is unclear.
Capitol Hill is the "proverbial elephant in the room" when discussing the cybersecurity workforce issue, said Costello.
"Let's be very clear - Congress sets the law. Congress establishes the authority and the resources for departments and agencies that can have an impact in this space and the government writ large and how it is resourcing its own efforts," he said.
But he also noted that as far as who does what in government, "Congress can assign new roles and responsibilities and shift roles and responsibilities between who's who."
The NAPA report recommended that Congress give the ONCD the budget for this and authorities to drive agency implementation of its programs and assess performance.
As to how the ONCD would work across agencies, Costello said "ultimately what the contours of that coordination mechanism look like is something we're still deciding, and something we will decide collectively as a group with our partners."
Costello added: "We want to be respectful of that, but we do want to make sure that before we move out, everyone's on board with a common plan and a common understanding .. before we make a promise and before we say or do anything," he said, adding, "I can guarantee you will hear more from the National Cyber Director's Office in the months to come. It is a key priority for us."