The Homeland Security Department increased its cyber workforce by 600 percent over the last few years, but it still has a ways to go.
Secretary Janet Napolitano said today DHS and the rest of government have been moving at 80 mph over the last few years and need to move at 120 mph to deal with the ever-increasing cyber threat.
“We have great and fabulous people, and they attract fabulous people like them,” Napolitano said during a discussion in Washington sponsored by Washington Post Live. “We are in the midst of hiring. We need cyber folks, analysts, IT specialists and people who are familiar with code and coding.”
Current hiring not enough to fill gap
She said DHS is bringing in about 600 new cyber workers but probably needs many more.
DHS needs help and new authorities to hire more quickly and be more competitive with the private sector. She said that is one of the most important, but least focused on, parts of the Senate’s comprehensive cyber bill.
The version authored by Sens. Joseph Lieberman (I-Conn.), Susan Collins (R-Maine) and Jay Rockefeller (D-W.Va.) calls for the National Cybersecurity and Communications Integration Center (NCCIC) to receive the same hiring authorities that the National Security Agency uses to recruit and retain critical employees.
The bill allows the DHS secretary to establish positions in the excepted service, make direct appointments, set rates of basic pay and provide additional compensation, benefits, incentives and allowances.
“The section also authorizes the Secretary to exercise, with respect to cybersecurity employees, the same authorities as the Secretary of Defense to establish a scholarship program to enable employees to pursue an associate, baccalaureate, or advanced degree, or a certification in an information assurance discipline,” the bill states. “The section requires the Secretary to report to Congress annually on the process used to hire individuals for cybersecurity positions and how the Secretary plans to fill the critical need of DHS to recruit and retain skilled cybersecurity employees.”
Napolitano said these changes can only be done by Congress and are critical to giving DHS access to hire the expertise needed to protect federal networks and help critical infrastructure providers secure their systems.
She said DHS also is taking steps on its own to address recruitment.
“We just created and announced the Secretarial Honors Program,” she said. “It is scoped to bring in about 50 people. They will be selected on a competitive basis and some will be in the cyber arena.”
DHS began accepting applications Oct. 24 across six areas, including IT, policy, management, emergency management, attorneys and cyber.
In the cyber fellows program, DHS is looking for recent college graduates to enter a two-year program to develop technical skills.
“Through rotational assignments, participants see how each DHS Component agency collaborates on cyber-related issues and works first-hand on critical issues or incidents in a fast-paced, growing environment,” DHS stated on its website. “Candidates are encouraged to participate in the Cybersecurity Internship Program prior to applying for the Honors Program.”
A recent report by the Homeland Security Advisory Council’s Task Force on Cyberskills recommended that DHS hire 600 expertly skilled cyber workers. This was one of several recommendations made by the task force to increase the number and skills of the agency’s cyber workforce.
She said when there is an attack or when a cyber vulnerability is discovered, DHS is the hub for information sharing with the private sector and for protecting federal civilian unclassified networks.
“There are three key players: us, the FBI and the NSA,” she said. “A call to us is a call to all of us. We are so closely interlinked. We have people from each organization on each other’s [security operations center] floors. As we go through an event, we make decisions together on who takes the lead. If it’s a criminal event, the FBI is in charge. If it’s a systems protection vulnerability that needs to be explored or if information needs to be shared to broader world, that’s the role we play.”
Napolitano said she doesn’t worry about who’s in charge. She said she meets regularly with FBI Director Robert Mueller and cyber is a common topic of discussion.
She said a recent example of this coordination is the denial-of- service attacks against the financial sector.
“There are active matters going on with financial institutions and the energy sector is a concern to us because of what has happened in other places around the world,” she said. “We know there are different types of attacks and methodologies that could cause great damage and we need to think proactively what is next wave of attack and where could it occur?”
Defense Secretary Leon Panetta recently warned against these kinds of destructive attacks that have happened against the computers of the Saudi Arabian state oil company, ARAMCO in August, and a similar attack against Ras Gas of Qatar, a major energy company in the region.
“If you think a control-system attack that takes down a utility even for a few hours isn’t serious, just look at what’s happening now that Mother Nature has taken out utilities,” Napolitano said. “There are cascading effects that are serious and can be life threatening.”
Napolitano continued to push for Congress, and the Senate specifically, to pass legislation to improve information sharing and cyber standards among the critical infrastructure providers.