The federal government has been voicing alarm about cyberthreats for years. So why are cybersecurity workforce vacancies such a recurring theme among its leaders? The answer may come from how agencies are discussing cybersecurity with potential employees.
“Cybersecurity is too often presented as a losing battle,” Don Maclean, a Chief Cybersecurity Technologist at DLT, said Tuesday. “A lot of this starts with motivation. Who wants to play for the losing side? That’s one of the more important elements that are missing from public discussion of this.”
Maclean was participating in a panel during Symantec’s 2018 Government Symposium in Washington, D.C. He added that citizens are following cybersecurity more closely as more threats appear against their data.
“The history of technology is bad people taking it and breaking it,” he said. “But you have to stay up to date. Cybersecurity is going to become a front-page-of-the-newspaper topic now.”
Unfortunately, today’s cybersecurity threats are intimidating. The dangers facing agencies include foreign governments, terrorists, criminals and hacktivists. Their motivations are equally diverse, with some adversaries inspired by profit and others by hurting the U.S.
The problem escalates when factoring in cyber hygiene. Avoiding cybersecurity failures is virtually impossible when determined attacks happen alongside human error.
“You’ll never solve cyber hygiene problems,” said Cheri Caddy, Program Director at the National Security Administration (NSA). “It will continue to be a consistent problem.”
Caddy said that greater cooperation between agencies and commercial businesses could help both sides with cybersecurity issues like threat detection and workforce recruitment.
“The adversaries that we face – there’s no major distinction between the public and private sectors,” she said of potential targets for cyberthreats. “It’s not that the government has [a] deficit in hiring. There’s a global deficiency in cyber talent. The shared problem is we don’t have enough people. Let’s focus on growing the size of the pie first.”
Small Business Administration (SBA) CIO Maria Roat said that considering cybersecurity during every step of IT modernization is another valuable practice.
“While you’re driving modernization, you’re building security into everything you’re doing,” she said. “It’s got to be from the bottom up and built up from the beginning. As you’re modernizing you can’t look at tomorrow. You have to look further out.”
Roat said that one cybersecurity tactic is adopting a Zero Trust defense. Zero Trust treats both external and internal users as equal threats to networks and data. Roat added that educating workforces about cyber hygiene is another useful method.
“It’s not just training the IT staff,” she said. “It’s training the entire workforce that you cannot do this anymore, it’s unacceptable. Once you start doing that repeatedly, there’s a social aspect around this. People know and talk to each other.”
Federal CIO Suzette Kent added during a separate presentation at Tuesday’s event that the length of the government’s hiring process is a barrier to entry for potential employees.
“The average time to hire in the federal government is 106 days,” said Kent, who works in the Office of Management and Budget (OMB).
Greg Decker, a Principal at Booz Allen Hamilton, said during Tuesday’s panel that federal organizations should attract cybersecurity talent by emphasizing how precious their data is for the U.S.
“They need to recruit with a mission focus and have it center on helping secure the government’s networks,” he said. “The race for cybersecurity talent is only going to escalate.”