Today the
Administration is directing a series of actions to identify, recruit, develop, retain, and expand the pipeline of the
best, brightest, and most diverse cybersecurity talent for Federal service and for our nation.
Every day, Federal
departments and agencies face sophisticated and persistent cyber threats that pose strategic, economic, and security
challenges to our Nation. Addressing these cyber threats has required a bold reassessment of the way we approach
security in the digital age and a significant investment in critical security tools and our cybersecurity workforce. And
these threats demand that we continue to enhance the security of the Federal digital infrastructure and improve the
ability to detect and respond to cyber incidents as they occur. That is why, in 2009, President Obama initiated a
comprehensive strategy to confront this ever-evolving challenge. The strategy brings all levels of government together
with private industry, academia, international partners, and the public, to raise the level of cybersecurity in both the
public and private sectors; deter and disrupt adversary activities in cyberspace; improve capabilities for incident
response and resilience; and enact legislation to both incentivize and remove legal barriers to cybersecurity threat
information-sharing among private entities and between the private sector and the Government. While we have made
significant progress, we must do more.
The
Challenge
The Federal
cybersecurity workforce has the challenging mission of protecting government information technology (IT) systems,
networks, and data from sophisticated adversaries; safeguarding sensitive data; supporting our Nation’s financial,
energy, healthcare, transportation, and other critical systems; and securing our critical infrastructure and intelligence
systems. However, the supply of cybersecurity talent to meet the increasing demand of the Federal Government is simply
not sufficient. As part of a broad-sweeping review of Federal cybersecurity policies, plans, and procedures, the
Cybersecurity Sprint launched by the Office of Management and Budget last year revealed two key observations about the
Federal cybersecurity workforce:
- Federal agencies’ lack of cybersecurity and IT talent is a major resource constraint that impacts their ability
to protect information and assets; and,
- A number of existing Federal initiatives address this challenge, but implementation and awareness of these
programs are inconsistent.
Moreover, this
shortfall affects not only the Federal government, but the private sector as well. Recent industry reports project this
shortfall will expand rapidly over the coming years unless private sector companies and the Federal Government act to
expand the cybersecurity workforce pipeline to meet the increasing demand.
The
Opportunity
To address these and
other cybersecurity challenges, earlier this year the President directed his Administration to implement the
Cybersecurity National Action Plan (CNAP) – a capstone of more than seven years of determined effort – which takes near-
term actions and puts in place a long-term strategy that builds on other cybersecurity efforts while calling for
innovation and investments in cybersecurity education and training to strengthen the cybersecurity talent pipeline. As
directed by the CNAP and the President’s 2017 Budget, today we are releasing the first-ever Federal Cybersecurity
Workforce Strategy to grow the pipeline of highly skilled cybersecurity talent entering federal service, and retain and
better invest in the talent already in public service. And it sets forth a vision where private sector cybersecurity
leaders would see a tour of duty in Federal service as an essential stop in their career arc.
The Strategy
establishes four key initiatives:
Expand the Cybersecurity Workforce through Education and Training. The Cybersecurity Workforce Strategy supports
the CNAP initiatives that propose investing $62 million in Fiscal Year (FY) 2017 funding to expand cybersecurity
education across the Nation. This funding will lay the foundation needed to ultimately address the shortage of
cybersecurity talent across the country. These initiatives include offering competitive scholarships and covering full
tuition for college and university students through the CyberCorps®: Scholarship for Service program; collaborating with
academic institutions to develop guidance for cybersecurity core curriculum and allow colleges and universities to expand
their course offerings; and providing program development grants to academic institutions to hire or retain professors,
adopt a cybersecurity core curriculum and strengthen their overall cybersecurity education programs.
- Recruit the Nation’s Best Cyber Talent for Federal Service. The Workforce Strategy initiates efforts to
implement a government-wide recruitment strategy that includes enhanced outreach efforts to diverse cyber talent —
including women, minorities, and veterans— from apprenticeship programs, colleges, universities, and private industry, as
part of a comprehensive plan. Over the coming months we will partner with agencies to find ways to streamline hiring
practices consistent with current statutes and leverage existing hiring authorities, as appropriate, to quickly bring on
new talent. We will explore opportunities to establish a cybersecurity cadre within the Presidential Management Fellows
program that leverages the recent success of the Presidential Innovation Fellows program and other dynamic approaches for
bringing top technologists and innovators into government service. Additionally, we will explore opportunities to expand
the use of new or revised pay authorities that can serve as a model for future government-wide efforts.
- Retain and Develop Highly Skilled Talent. To improve employee retention and development efforts, the U.S. Office
of Personnel Management (OPM) will work with Federal agencies to develop cybersecurity career paths, badging and
credentialing programs, rotational assignments, and foster opportunities for employees to obtain new skills and become
subject matter experts in their field. Additionally, the Workforce Strategy directs the development of a government-wide
cybersecurity orientation program for new cybersecurity professionals to improve information sharing and employees’
knowledge of upcoming developmental and training opportunities. The Workforce Strategy also looks to increase the use of
special pay authorities, and improve training and development opportunities for cyber and non-cyber employees.
- Identify Cybersecurity Workforce Needs. Cybersecurity is a dynamic and crosscutting field, and effective
workforce planning requires a clear understanding of the gaps between the workforce of today and the needs of tomorrow.
The Workforce Strategy directs agencies to adopt a new approach to identifying their cybersecurity workforce gaps by
using the National Cybersecurity Workforce Framework developed by National Initiative for Cybersecurity Education (NICE)
partner agencies, which identifies 31 discrete specialty areas within cybersecurity workforce. Agencies are now able to
better identify, recruit, assess, and hire the best candidates with specific cyber-related skills and abilities, and we
are already making progress in this effort. The Federal Government has already hired 3,000 new cybersecurity and IT
professionals in the first 6 months of this fiscal year. However, there is clearly more work to do, and we are committed
to a plan by which agencies would hire 3,500 more individuals to fill critical cybersecurity and IT positions by January
2017.
Cybersecurity is a
shared responsibility among agency leadership, employees, contractors, private industry, and the American people. And the
Workforce Strategy details numerous initiatives to harness this collective power and help strengthen the security of
Federal networks, systems, and assets. To address cybersecurity challenges in the immediate future, the Administration
will invest in the existing Federal workforce through initiatives focused on training and retaining existing talent. At
the same time, the Government will adjust the way it recruits, including the way it approaches talented students and
potential employees in the cybersecurity workforce outside Federal service.
We must recognize
that these changes will take time to implement, and the Workforce Strategy’s long-term success will depend on the
attention, innovation, and resources from all levels of government. The initiatives discussed in this Strategy represent
a meaningful first step toward engaging Federal and non-Federal stakeholders and provide the resources necessary to
establish, strengthen, and grow a pipeline of cybersecurity talent well into the future.
Shaun Donovan is the Director of the Office of Management and Budget.
Beth Cobert is the Acting Director of the U.S. Office of Personnel Management.
Michael Daniel is Special Assistant to the President and Cybersecurity Coordinator.
Tony Scott is the U.S. Chief Information Officer.
Also see: