Today the Administration is directing a series of actions to identify, recruit, develop, retain, and expand the pipeline of the best, brightest, and most diverse cybersecurity talent for Federal service and for our Nation.
Every day, Federal departments and agencies face sophisticated and persistent cyber threats that pose strategic, economic, and security challenges to our Nation. Addressing these cyber threats has required a bold reassessment of the way we approach security in the digital age and a significant investment in critical security tools and our cybersecurity workforce. And these threats demand that we continue to enhance the security of the Federal digital infrastructure and improve the ability to detect and respond to cyber incidents as they occur. That is why, in 2009, President Obama initiated a comprehensive strategy to confront this ever-evolving challenge. The strategy brings all levels of government together with private industry, academia, international partners, and the public, to raise the level of cybersecurity in both the public and private sectors; deter and disrupt adversary activities in cyberspace; improve capabilities for incident response and resilience; and enact legislation to both incentivize and remove legal barriers to cybersecurity threat information-sharing among private entities and between the private sector and the Government. While we have made significant progress, we must do more.
The Federal cybersecurity workforce has the exciting and challenging mission of protecting government information technology (IT) systems, networks, and data from sophisticated adversaries; safeguarding sensitive data; supporting our Nation’s financial, energy, healthcare, transportation, and other critical systems; and securing our critical infrastructure and intelligence systems. However, the supply of cybersecurity talent to meet the increasing demand of the Federal Government is simply not sufficient. As part of a broad-sweeping review of Federal cybersecurity policies, plans, and procedures, the Cybersecurity Sprint launched by the Office of Management and Budget last year revealed two key observations about the Federal cybersecurity workforce:
Moreover, this shortfall affects not only the Federal Government, but the private sector as well. Recent industry reports project this shortfall will expand rapidly over the coming years unless private sector companies and the Federal Government act to expand the cybersecurity workforce pipeline to meet the increasing demand.
To address these and other cybersecurity challenges, earlier this year the President directed his Administration to implement the Cybersecurity National Action Plan (CNAP) – a capstone of more than seven years of determined effort – which takes near-term actions and puts in place a long-term strategy that builds on other cybersecurity efforts while calling for innovation and investments in cybersecurity education and training to strengthen the cybersecurity talent pipeline. As directed by the CNAP and the President’s 2017 Budget, today we are releasing the first-ever Federal Cybersecurity Workforce Strategy to grow the pipeline of highly skilled cybersecurity talent entering federal service, and retain and better invest in the talent already in public service. And it sets forth a vision where private sector cybersecurity leaders would see a tour of duty in Federal service as an essential stop in their career arc.
The Strategy establishes four key initiatives:
Cybersecurity is a shared responsibility among agency leadership, employees, contractors, private industry, and the American people. And the Workforce Strategy details numerous initiatives to harness this collective power and help strengthen the security of Federal networks, systems, and assets. To address cybersecurity challenges in the immediate future, the Administration will invest in the existing Federal workforce through initiatives focused on training and retaining existing talent. At the same time, the Government will adjust the way it recruits, including the way it approaches talented students and potential employees in the cybersecurity workforce outside Federal service.
We must recognize that these changes will take time to implement, and the Workforce Strategy’s long-term success will depend on the attention, innovation, and resources from all levels of government. The initiatives discussed in this Strategy represent a meaningful first step toward engaging Federal and non-Federal stakeholders and provide the resources necessary to establish, strengthen, and grow a pipeline of cybersecurity talent well into the future.
Shaun Donovan is the Director of the Office of Management and Budget.
Beth Cobert is the Acting Director of the U.S. Office of Personnel Management.
Michael Daniel is Special Assistant to the President and Cybersecurity Coordinator.
Tony Scott is the U.S. Chief Information Officer.