Government Hiring Practices Hamper Cybersecurity Efforts - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Cybersecurity

Government Hiring Practices Hamper Cybersecurity Efforts

Federal agencies find it difficult to hire unconventional but well-qualified talent to battle cyberattacks, experts say.

by former NSA contractor Edward Snowden is the harm done to agencies' ability to hire "non-standard" people, who may not have college degrees but who have superior computer skills.

And, of course, there's the pay issue. David Bray, CIO of the Federal Communications Commission, said that when he's trying to recruit someone in IT, he tells them, "We can't pay what the private sector does," but that they will have a compelling mission they can find fulfilling.

Bray said his agency is using its ambassadors program, which brings in contractors from outside Washington, D.C., for a maximum of 120 days, to get new perspectives and fresh ideas. He suggested that perhaps the government could have a "reserve corps" of cybersecurity professionals, former ambassadors who have returned to the private sector, on call for cyber emergencies.

Robert Childs, former chancellor of the National Defense University's Information Resources Management College, said that Singapore could be a model for US practices. Children "learn cyber hygiene in elementary schools," he said. Here, though, "children, Millennials, don't care about cyber... the young people have the skills," but not the knowledge of sound policy and governance.

Bucci added that just getting employees to follow the cybersecurity policies already on the books would help -- and that has to include the bosses.

"If the boss isn't doing it, no one else will," he said.

Wilshusen said many federal agency leaders are starting to understand the importance of recruiting better talent. "The incidents reported to US-CERT have more than doubled in the past four years." But it's going to take more than just agency leaders recognizing the problem.

Childs pointed to previous cyberattacks, including when attackers shut down much of Estonia's electronic infrastructure in 2007 and another on the Saudi national oil company Aramco in 2012, as acts of cyber warfare. The war between Russia and Georgia in 2008 was the first demonstration of "cyber (attacks) combined with kinetic attacks," he said.

Bucci said the US military comes closest to understanding and preparing for these kinds of orchestrated attacks. "But in a [military] exercise, add the cyber component and the exercise comes crashing to a halt within a couple of hours," he said. The leaders of the exercise will usually insist on shutting down the cyber component so they can continue, even though they won't be able to do that on a real battlefield, he said.

NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

Washington-based Patience Wait contributes articles about government IT to InformationWeek. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 2:56:57 PM
Re: Tough Job
I'd say Sillicon Valley and Wall Street have pretty good front row seats. But I agree that if you want to be part of a team that gets to kick down doors or fight terrorists and drug lords, that's not an opportunity you'll get in the private sector.
WKash
50%
50%
WKash,
User Rank: Author
5/21/2014 | 1:54:08 PM
Re: Tough Job
On the other hand, where else is someone with the right skills likely to get the kind of front row seat and training the government offers -- it's a little like getting to fly an f-35 Joint Strike Fighter. Can't find those kinds of jobs in the private sector.  But it does take someone willling to give it all for his/her country.
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
5/21/2014 | 1:30:23 PM
Re: Tough Job
Cyber and kinetic attacks are going to be a huge issue for defense in the future. I am sure that the US government has a handle on the offensive side of these types of vectors.

But I question whether or not we are properly prepared to defend these sort of attacks on a large scale. I hope that we are. 
Drew Conry-Murray
50%
50%
Drew Conry-Murray,
User Rank: Ninja
5/21/2014 | 10:50:31 AM
Tough Job
I don't envy government recruiters. They've got a difficult needle to thread on hiring for cybersecurity, especially post-Snowden.
Commentary
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
Slideshows
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
Commentary
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll