Rep. Tom Garrett (R-Va.) began his question period at a Mar. 8 Homeland Security subcommittee hearing frustrated that the Department of Homeland Security (DHS) has yet to complete past-due cyber workforce requirements.
“What is your level of accountability? What is your fear if you miss the dates established by law—what’s the worst thing you think that can happen? When was the last time someone was fired for not accomplishing a task mandated by law?” he asked. “Has anyone who was previously responsible for a legal mandated task subsequently been promoted after having failed to accomplish that task in a timely manner?”
The hearing of the House Cybersecurity and Infrastructure Protection and Oversight and Management Efficiency subcommittees came on the heels of the Government Accountability Office (GAO) report Cybersecurity Workforce: Urgent Need for DHS to Take Actions to Identify its Position and Critical Skill Requirements.
In the report, GAO had identified five implementation requirements for DHS in the wake of the Homeland Security Cybersecurity Workforce Assessment Act of 2014. As of December 2017, DHS had completed just one of the requirements.
“While DHS has taken actions to identify, categorize, and assign employment codes to its cybersecurity positions, its efforts have been neither timely nor complete,” said Rep. John Ratcliffe (R-Texas), chairman of the Cybersecurity and Infrastructure Protection subcommittee, in his prepared remarks. “Identifying DHS workforce capability gaps and recruiting to fill them is a problem this committee has long examined; however, GAO found that DHS has not identified its department-wide cybersecurity critical needs.”
Rep Scott Perry (R-Pa.), Oversight and Management Efficiency Subcommittee chairman, noted that DHS had assigned employment codes to just 79 percent of its cyber positions and hadn’t submitted required reports to Congress and the Office of Personnel Management regarding cybersecurity workforce critical needs.
“Congress has acted to provide DHS with the tools to help meet the workforce needs demanded by the current cyber threat environment,” he said. “These problems are especially alarming, given the significant responsibilities facing DHS as it prepares to meet cyber workforce needs and undertake the border security-related hiring surge mandated by the president.”
Witness Gregory Wilshusen, director of information security issues at GAO, said DHS has made some progress on employment codes, but the department continues to come up short.
“As of December 2016, [DHS] reported identifying about 10,725 positions; however, the department’s actions have neither been timely nor complete,” Wilshusen said. “Procedures established by DHS to perform these activities were issued 13 months past the due date specified in the 2014 act and did not include steps for identifying position vacancies as the act required.”
Regarding assignment of employment codes, it was a task to be complete by September 2015, but was still incomplete by August 2017. He also pointed out a reporting discrepancy regarding codes. In 2017, OPM reported that 95 percent of DHS’ cybersecurity positions were coded, Wilshusen said.
“Yet we determined that only 79 percent of the positions were coded,” he added. “The 95 percent estimate was overstated because DHS excluded uncoded, vacant positions.”
Wilshusen also noted that the February GAO report included six recommendations, including procedures to code vacant positions, additional guidance, and that DHS identify the individuals in charge of workforce assessments to ensure better accountability, among others.
“DHS concurred with our recommendations and estimated that it would implement them all by June 2018,” Wilshusen said. “Until it does, DHS may lack assurance that it has the data necessary to effectively manage the recruitment and retention of a cybersecurity workforce that is responsible for protecting departmental and federal networks as well as the nation’s critical infrastructure from cyber threats.”
See the entire subcommittee hearing here, including testimony from Angela Bailey, DHS chief human capital officer, Management Directorate, and Rita Moss, director of the DHS Office of Human Capital, National Protection and Programs Directorate.
© 2018 Homeland411
Click here to subscribe to the Homeland411 weekly newsletter.