The co-chairs of a congressionally mandated report on the cybersecurity workforce say that a new office or bureau should be charged with compiling more granular data on the state of cyber employment.
The government needs better data on the cybersecurity workforce and the two co-chairs of a National Academy of Public Administration report on the cybersecurity workforce released last month think a new government entity could help.
The report called on the White House's Office for the National Cyber Director to take the lead of coordinating a multi-sector effort on the cybersecurity workforce. That's something the ONCD has since indicated it is looking to do.
But the ONCD's ability to address the yawning gap of cybersecurity talent hinges at least in some part on measurement.
"We don't have, as a government, a lot of good data around this - both around the federal workforce imperative, as well as the national workforce imperative," said Dan Chenok, executive director of the IBM Center for The Business of Government and co-chair of the NAPA study, at a meeting of the Information Security and Privacy Advisory Board on March 10. Chenok spoke alongside report co-chair Karen Evans, a former longtime government technology official and recently the leader of a cybersecurity office at the Department of Energy.
"There's a Bureau of Justice Statistics, or a Bureau of Labor Statistics. There isn't a Bureau of Cyber Statistics or some similar kind of data focused around a common framework," Chenok said.
A Bureau of Cybersecurity Statistics could provide more granular data on the cybersecurity workforce and coordinate across existing databases in some federal agencies. The idea echoes a recommendation from the Cyberspace Solarium Commission, which suggested an office to serve as a repository for data on cyber incidents and threats as well as in other areas.
Data about the cyber workforce does exist already. The National Institute of Standards and Technology-based CyberSeek says there are 597,767 cyber job openings. The Bureau of Labor Statistics projects that the information security analyst jobs in the federal government, which includes many but not all cyber jobs in the federal government, will grow by 33% from 2020 to 2030.
"Cyberseek does great work. We thought that it would be important to build on efforts like that and ramp up the government's ability to do what it does in many other areas of government function, which is to have sort of a focus on cyber statistics led by some recognized enterprise," Chenok told FCW in an interview.
The NAPA report itself says that "data on the size and composition of the workforce shortage are inadequate," and quantifying the number of open and filled jobs in the cybersecurity workforce has proven exceptionally challenging.
"You get what you measure," Chenok told FCW. "So the recommendations we make will only go so far in terms of practical implementation as the ability of the government working with industry partners and academia to know how well is the system working. And in order to do that you need data and metrics."