Congress, which has made hiring federal cybersecurity workers a priority issue, has too little data about that workforce and no real way of knowing whether its own initiatives, or the efforts of the administration, are successfully heading off the looming human capital crisis in the field, according to a report from the Congressional Research Service.
Legislation enacted over the past two years has provided special hiring flexibility — like the chance to pay higher salaries, or promote on an accelerated timeline — to U.S. Cybercommand, the Pentagon and the Homeland Security Department to help them recruit the cybersecurity talent they need.
But a report from the CRS, obtained and posted online Wednesday by Secrecy News, highlights overlapping and inconsistent legislative authorities and reporting requirements in those three laws.
Worse, Congress doesn’t even know if the efforts are working or not, because it is not being given an agreed measure of the cybersecurity workforce in the first place.
“Efforts to define and identify federal cybersecurity workforce positions have largely been undertaken by [the Office of Personnel Management]. OPM, however, is not currently required to report on its progress in identifying and coding all federal cybersecurity positions to Congress, nor has it released its cybersecurity dataset or a government-wide count of the cybersecurity workforce to Congress,” note the reports authors.
The authors suggest that Congress might improve its oversight by conforming authorities and reporting requirements in the three laws; placing reporting requirements on OPM concerning its cybersecurity dataset; and getting the Government Accountability Office to investigate the effectiveness of recruitment efforts.