The Department of Homeland Security has been given the green light to fill 1,000 cybersecurity positions as part of the government’s ongoing plan to address cyber risks.
According to the Nov. 10 notice from the Office of Personnel Management, the hirings are “not to exceed 1,000 positions to perform cyber risk and strategic analysis, incident handling and malware/vulnerability analysis, program management, distributed control systems security, cyber incident response, cyber exercise facilitation and management, cyber vulnerability detection and assessment, network and systems engineering, enterprise architecture, intelligence analysis, investigation, investigative analysis and cyber-related infrastructure interdependency analysis requiring unique qualifications currently not established by OPM.”
The notice is the latest in a steady stream of federal actions to address cyber threats.
Federal Chief Information Officer Tony Scott and OMB Director Shaun Donovan signed off on two memos Oct. 30 for what the White House called “modernizing federal cybersecurity.” The memos included the introduction of the Cybersecurity Strategy Implementation Plan (CSIP).
CSIP’s five objectives are:
Prioritized identification and protection of high value assets and information.
Timely detection of and rapid response to cyber incidents.
Rapid recovery from incidents when they occur and accelerated adoption of lessons learned from the Sprint assessment.
Recruitment and retention of the most highly qualified cybersecurity workforce talent the federal government can bring to bear.
Efficient and effective acquisition and deployment of existing and emerging technology.
The implementation plan includes a one-year timeline with milestones that range from as early as Nov. 13 — when all agencies identify and report high value assets — to Sept. 30, 2016, when DHS “delivers full Continuous Diagnostics and Mitigation Phase 2 capabilities to participating agencies.”
According to CSIP, DHS is collaborating with the Office of Management and National Security Council to issue incident response best practices for federal agencies, leading a team to “continuously diagnose and mitigate the cybersecurity protections around the high value assets identified during the cybersecurity sprint,” and developing “advanced protections beyond the current signature-based approach” for the EINSTEIN program’s current platform.
OPM’s hiring notice comes days after the department announced it had hired Clifton Triplett as its new senior cybersecurity expert. That hiring is part of a 15-step cyber improvement plan to address vulnerabilities brought to light by the data breach that exposed the personally identifiable information of millions.