Loading...

US Cybersecurity Workforce Needed Quickly

April 22, 2021 by Victoria Turner
U.S. Coast Guard Academy Participates in NSA Cyber Exercise 2021 (Photo by Petty Officer 2nd Class Hunter Medley, U.S. Coast Guard Academy)

WASHINGTON – As Congress continues to worry about the nation’s cybersecurity, a key high-ranking military witness during a Senate hearing Wednesday said he was “concerned about the pace” of building an adequate cybersecurity workforce. 

When Congress tasked the Department of Defense and military services with building up this cybersecurity workforce, most recently enhanced by the 2021 National Defense Authorization Act, “[they] said to be absolutely certain that we get the right talent basically delivered at the right time, and I am not absolutely certain,” said USMC Lt. Gen. Dennis Crall, director of communications and spokesman for the Joint Chiefs of Staff. 

“The divide within the need is growing compared to what we are able to fulfill,” Crall said at a Senate Armed Services Subcommittee on Personnel hearing evaluating the progress of fulfilling these “recruit, develop and retain” objectives through the enhancements authorized in the NDAA. 

The hearing comes a day after the Cybersecurity and Infrastructure Security Agency issued an emergency directive for federal civilian agencies to review the integrity of their files after learning that Pulse Secure’s remote private networking tool had been hacked in mid-2020. 

Continuous cyberattacks have led to worries of underinvestment in offensive and defensive cybersecurity capabilities, with claims arising that the US may already be in the middle of a “cyber cold war.” The pace and speed of the “digital nature of the fight that we expect…is going to demand a workforce and talent that we have not seen before,” Crall said. And a change in approach may be necessary.

Offering a more “sobering look,” Crall said he has come to the realization that salary is not the “driving factor” in recruiting and retaining talent. After meeting with “dozens of individuals” fitting the exact bill of those they’d want to recruit, Crall said that the candidates all listed the same key drivers: location, organizational structure, schedule and dress code, student debt, and cause. 

Regardless of compensation or add-ons, individuals do not want to move away from where they live. Also, the “hierarchy” of the military is unappealing to them as they want to have “equal input,” and their prime working hours are noon to 3 a.m., without having to wear a uniform. Most surprising to Crall was that they want a program that helps them address student debt more than they care about salary. The last driver – working for a cause – was where “we do really well,” he said, but “time is ticking.”  

Crall suggested there is a need to review the existing programs, optimize and “maximize” those that are working and “retire” those that are not. For example, he explained, a solution to the relocation issue is to create secure environments for remote work.

Room for improvement, however, does not mean great progress has not been underway or that the picture is hopelessly bleak. Veronica Hinton, acting deputy assistant secretary for defense for civilian personnel policy, said the enhanced hiring and compensation authorities Congress granted have proven highly beneficial in recruiting through the Cyber Excepted Service and recently rolling out strategies like the Targeted Local Market Supplements – additional compensation on top of the base salary to compete against market pay rates. 

Educational partnerships have also been growing. The National Center for Academic Excellence in Cybersecurity, for example, has a consortium of over 80 academic institutions, which Crall said, “provides an interface to build that cyber warrior we are looking for.” He emphasized, however, that not all the talent comes with a degree. 

Even though the expanded authorities have been incredibly helpful and beneficial, Hinton said the compensation range is subject to the existing payment cap of 25%. In order to compete with the private sector’s higher salaries, there may be a need to expand this compensation authority. 

“We can’t compete based on money,” Hinton said, echoing Crall in that, “We win the call-to-service competition.” 

Cybersecurity

October 26, 2021
by Tom Ramstack
Bigger Government Role Expected to Protect Industry From Hackers

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional... Read More

WASHINGTON — Large-scale cyberattacks continued this week in the United States and abroad as computer security experts told a congressional panel Tuesday that more government intervention is needed. On Monday, Microsoft announced that Russia-backed hackers were trying to steal information technology to disrupt the global supply... Read More

October 22, 2021
by Reece Nations
Commerce Department Tightens Export Controls on Cybersecurity Items

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls... Read More

WASHINGTON — The Department of Commerce’s Bureau of Industry and Security announced on Wednesday it would institute new export controls over cybersecurity items such as cyber intrusion software that can be used maliciously. The department’s new policy also creates a new license exception for authorized cybersecurity... Read More

October 14, 2021
by Victoria Turner
Cybersecurity Experts Point to More Investment Needed in Detection, Response

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing... Read More

WASHINGTON -- If everyone were to employ proper cyber hygiene like multi-factor authentication or not clicking on links in phishing emails, more than 85% of cyberattacks would be prevented, said Sen. Angus King, I-Maine, Thursday.  “The best hack is the one that doesn’t happen,” King said... Read More

October 5, 2021
by Victoria Turner
Cybersecurity Minimum Standards Needed to Keep North America Secure

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based... Read More

North American governments should come together to create a trilateral strategy to assess and address threats in a holistic risk-based approach to cybersecurity that includes a minimum set of standards, said three experts yesterday. As much as the pandemic has accelerated the rate in which governments... Read More

September 29, 2021
by Victoria Turner
Aspen Cyber Summit Explores Collective Defense in a Digital World

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,”... Read More

WASHINGTON -- The Cybersecurity Infrastructure and Security Agency has met President Biden’s cybersecurity executive order’s “highly aggressive deadlines so far,” but there is “still a lot of work to do,” said CISA Director Jen Easterly Wednesday.  Kicking off the 6th annual Aspen Cyber Summit, Exploring Collective... Read More

September 22, 2021
by Victoria Turner
Identity Authentication Key Piece of Cybersecurity Puzzle

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S.... Read More

WASHINGTON -- Identity authentication is taking a front-and-center role in the administration's approach to ensuring robust cybersecurity across the U.S. government, according to Carole House, director of cybersecurity and secure digital Innovation at the White House National Security Council.  It “sits at the heart of zero... Read More

News From The Well
Exit mobile version