December 13, 2011 By Johnell Johnson
The Government Accountability Office (GAO) found there are some serious problems for government agencies. After an audit, the GAO discovered that there’s a problem in effectively developing or implementing a cyber security workforce planning strategy. There have also been issues in filling cyber security positions, especially those requiring specialized skills.
Last year, the Senate Judiciary Committee asked the GAO to review if the federal government was sufficiently able to meet it cyber security staffing goals and report on the status of government-wide cyber security initiatives.
The study included the eight federal agencies with the highest information technology budgets, including the Departments of Defense, Homeland Security, and Justice.
According to the GAO, one of the major problems is that agencies had trouble even identifying which employees could be considered cyber security professionals.
“All agencies had defined roles and responsibilities for their cyber security workforce,” GAO said. “But these roles did not always align with guidelines issued by the federal Chief Information Officers (CIO) Council and National Institute of Standards and Technology (NIST).”
“In many cases, employees with cyber security responsibilities also have other responsibilities, and some employees classified under a particular series may not have any cyber security responsibilities,” the report said.
There were seventeen different occupational series with at least some cyber security responsibilities the GAO said.
The GAO recommends that OPM coordinate with the CIO Council, the principal interagency forum on federal IT, to develop a government-wide strategy to track agencies’ cyber security workforce.
Another big concern is agencies are also having trouble filling available cyber security jobs.
A good example, DoD reported that for 2010, it failed to fill about 9,000 of the more than 97,000 open information assurance positions, while Treasury said that it was struggling to fill some highly technical positions such as those dealing with penetration testing and forensic analysis.
“Although most agencies used some form of incentives to support their cyber security workforce, none of the eight agencies had metrics to measure the effectiveness of these incentives,” the report said.
The government has numerous initiatives under way to define cyber security roles and improve workforce planning, but the different plans lack coordination.
“The Chief Information Officers Council, NIST, Office of Personnel Management, and the Department of Homeland Security (DHS) have also taken steps to define skills, competencies, roles, and responsibilities for the federal cyber security workforce,” the report stated. “However, these efforts overlap and are potentially duplicative.”
There is some good news however. Positive steps have been taken according to the GAO. Officials from these agencies have begun efforts coordinate their activities.
View full post on National Cyber Security