DHS lags in classifying cyber positions
Despite legislation, the Department of Homeland Security hasn't taken steps to make it easier to monitor progress in building and managing a cybersecurity workforce.
A 2014 law put the Department of Homeland Security on the hook for classifying and coding cybersecurity positions. According to an oversight report, DHS is way behind.
It may sound mundane and weedy, but the intention of the Homeland Security Cybersecurity Workforce Assessment Act of 2014 was to create a framework for identifying and filling gaps to better protect agency systems and support governmentwide and private sector cybersecurity.
The job codes are used to define roles and specific tasks for cybersecurity duties at the department, including crucial back office work such as program management and system administration. The law also requires the agency to identify and report its most critical workforce needs for future planning.
According to the Government Accountability Office study released Feb. 6, DHS has work to do on accomplishing the goals of the statute. GAO concluded that DHS overestimated the percentage of coded positions in an August 2017 report to Congress. GAO found the department had only coded approximately 79 percent of the positions at that time while DHS said it was hitting 95 percent – a tally arrived at by not including vacant posts, GAO said.
The GAO made six recommendations to DHS to make sure it is identifying cyber workforce critical needs, procedures, vacancies and responsibilities, as well as accurately reporting workforce data.
In comments, DHS said it planned to execute on GAO's recommendations by the end of June 2018.