Budget pressures, workforce woes and cyber threats converge

Cybersecurity consistently ranks as a top concern for federal IT leaders. But too often, surveys show, it may not be their top goal, and even when it is,  a lack of funding and the right workforce skills can make it difficult to achieve.

Budget cuts are pervasive, and the IT workplace is at a crossroads with a retiring generation of baby boomers and a limited supply of highly specialized talent. Industry experts say it’s a perfect storm of vulnerabilities.

“When we’re generating 5 trillion bits of data per second, think of what we’re doing to the problem,” said W. Hord Tipton, executive director of (ISC)2 and former CIO at the Interior Department. “The things we need to protect now are growing at a much faster rate than we’re producing people to protect them. Whether it’s crime, fraud [or] cyber terrorism, it’s an immense challenge at this point, and it can actually be life or death. We can’t keep up. Everyone needs to have the proper security staff to minimize the damage when it does come in.”

IT leaders are being forced into a juggling act. In TechAmerica’s 2012 Federal CIO Survey, cybersecurity was the No. 1 concern, but more than half of respondents listed something else as their top objective: cutting costs.

“For us, a good metaphor for the CIO was a magician — someone who has to pull the rabbit out of the hat,” said George DelPrete, a partner at Grant Thornton and chairman of TechAmerica’s CIO Survey Group. “Today the number of things that CIOs need to do hasn’t declined, yet they’re being forced to find ways to innovate with less resources than they previously had.”

In some cases, that has meant skirting the rules. Recently, the Homeland Security Department’s Immigration and Customs Enforcement agency awarded a sole-source IT security contract to its existing vendor instead of conducting an open competition. Officials filed a legal justification saying delayed budget guidance and a dearth of specific skills in the marketplace pushed them to award the contract.

Some insiders say it could set a dangerous precedent, while others say the scarcity might be exaggerated.

“I think there is somewhat of a shortage, but I don’t think it’s as critical as the author of that memo made it out to be,” said Ray Bjorklund, Deltek’s vice president and chief knowledge officer, as quoted in a story by Nextgov.

The right stuff?

At the Defense Department, there’s been a strong focus on hiring highly skilled cybersecurity staff. According to Jim Lewis, a senior fellow at the Center for Strategic and International Studies, DOD is making progress. “It's more about finding people with the right skills,” he said.

But those skills can be expensive, which is not a new challenge. There has always been a struggle between contracting officers seeking efficiencies and decision-makers wanting high-quality and proven entities, Tipton said.

There are short- and long-term ways of addressing the issue. In the short run, agencies need to figure out how to entice a younger generation of workers who are motivated by different perks than their predecessors — and have different strengths. According to the TechAmerica survey, that investment in human capital is needed to fill gaps in personnel and technical know-how.

“We have to think creatively about how to sustain the best people, whether that’s teleworking from a less expensive city or a flexible work schedule,” Tipton said. “We also have to prioritize soft skills in recruiting. One of the reasons agencies lack money is because of hiring technical geniuses, but they don’t know the first thing about convincing a businessman not to cut security funding from the budget.”

For the long term, it’s essential to broaden the talent pool, starting with encouraging students to pursue degrees in science, technology, engineering and math and later fostering more programs and government partnerships with academia.

Will those efforts be enough to counter a shortage of potentially millions of cybersecurity workers?

“We have to face the facts that the [cyberattacks] have gotten so sophisticated that if we don’t have the right people and education, [adversaries] will find the weakest link,” Tipton said. “It’s an ongoing battle.”

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.


Reader comments

Fri, Jun 29, 2012

When the top IT Security talent is already able to command paychecks larger than what the Government offers, and the Government has frozen that pay and is talking about doing so for several more years, it is no wonder anybody worth a damn doesn't want to work for the Fed.

Thu, Jun 28, 2012 Griz

Our area has lost two great IT people to retirement in the last year. Unfortunately, neither of these positions will be filled "in house" with someone who has a good idea of the security risks facing our network. Only one will be filled, and that will be with a contractor.

Thu, Jun 28, 2012 Ken

So specifically, what are the "right skills" or certifications that Defense is looking for?

Wed, Jun 27, 2012 Hampton Brown United States

Even though budget cuts are impacting cyber security initiatives, this hit-and miss-government acquisition strategy is nothing new. HSPD-12 was an unfunded mandate, and it's muddled implementation was to take monies from other IT mission critical needs.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group