Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.
More than three years after Congress gave the Defense Department special authorities to set up a separate, streamlined personnel system for its cyber workforce, the Pentagon is acknowledging it hasn’t moved as quickly as it should have to adopt the new system. But officials say there’s a plan underway to step up the pace.
Defense leaders have maintained from the beginning that they wanted to take a cautious approach to implementing the new Cyber Excepted Service, since it represents a major departure from the government’s procedural comfort zone in recruiting and hiring civilian workers.
But previous plans called for the new system to be fully implemented by the end of 2018. That hasn’t happened so far, but it’s been applied to a relative handful of positions, mostly at U.S. Cyber Command, the Defense Information Systems Agency and the DoD CIO’s office.
The CIO’s office, which is tasked with managing the new authorities, has only about five full-time personnel dedicated to implementing the excepted service.
Brig. Gen. Dennis Crall, DoD’s deputy principal cyber adviser, said the department realizes it hasn’t put enough resources into implementing CES.
“I have a request that we’re putting together for some more resourcing inside the building to get after unfolding this a bit faster,” he told the House Armed Services Committee Tuesday. “Just to be blunt, we could do a little bit better inside the building to get after this, and I’m articulating what those specific needs are, and that’s forthcoming.”
Responding to shortages of cyber experts in the government workforce, Congress gave DoD wide latitude to set up a separate personnel system as part of the 2016 National Defense Authorization Act.
The legislation lets the department set special, market-based salary rates for civilians with cyber expertise, and also allowed for an expedited hiring process. DoD is now allowed to bypass the usual USAJobs portal and advertise job openings through virtually any means it chooses, including by hiring prospects on-the-spot at job fairs.
The authority also lets existing employees make one-time moves from the traditional competitive service into the CES, but all told, the department has only used the authority for about 500 new and existing positions.
Crall said the next step is to allow the military services to use CES to recruit employees.
“Rolling this out at a level that’s sufficient — I think that’s a fair criticism where the department has to do better,” he said. “Phase one was modest by design, to make sure that we knew what we were doing and that we could train properly, that we could we track those individuals properly. This next phase, which we’re in right now, is going to bring that exponentially higher in number.”
But he said the plan he expects to deliver to DoD CIO Dana Deasy in the coming weeks would only modestly increase the number of full-time staff the department has dedicated to administering the CES rollout. A “ballpark” estimate, he said, is that DoD needs a staff of about 10 people to handle a scaled-up implementation, including by travelling to various military commands to train their HR workforces on how to employ the new hiring system.
Amid growing need for civilian cyber experts, DISA still isn’t using hiring authorities to the fullest extent
Rep. Jim Langevin (D-R.I.), chairman of the House subcommittee on emerging threats and technologies, expressed puzzlement that the allocation of five additional Pentagon personnel to run CES would require an extensive study and approval process.
“Those requests — there’s not a large number of people were talking about,” he said. “It would be helpful to move things along more effectively if those could be approved quickly. I leave that to you to work out, but we’ll be following up with this closely.”
In the meantime, the department is also starting to ask whether streamlined hiring authorities might be useful for technology positions that aren’t strictly cyber-related, including for the portions the workforce that manage its business systems and data.
Under last year’s NDAA, the newly-established position of the chief management officer took over responsibility for the department’s business systems.
Lisa Hershman, acting CMO, said the transition is only about six weeks old as a practical matter, but she’s already starting to see pressing workforce needs in the technology areas she is now responsible for.
“Just from a data management standpoint, we do have difficulty with hiring,” she said. “Number one is there isn’t a single data scientist position description anywhere in government. We have also come under some challenges with hiring data scientists. All of industry is also looking for the same talent type. We’re looking at the compensation freedom that an organization like DARPA is able to have, which is why we’re now looking at the CES to see if that applies to us.”
And DoD also believes it will need some type of specialized hiring authority to manage its nascent but growing cadre of artificial intelligence experts.
The department’s center of gravity in the AI field is its new Joint Artificial Intelligence Center. Deasy said DoD has already staffed the center with an initial staff of civilians and military personnel who will work on its first two initiatives, but it expects the JAIC will eventually need to leverage a non-traditional government hiring process in order to attract the talent it will need.
“We are already using the authorities we have on how we’re approaching AI, and clearly we’re going to need to use those authorities when it comes to things like data scientists,” he said. “So one of my asks back to Congress is to continue to help us on how we take the great work you’ve done with CES and think about other technologies that we’re going to be confronted with, and be able to use the goodness of CES beyond its original cyber intended purposes.”
But Crall said DoD’s struggles in attracting and hiring talent extend beyond the bureaucratic constraints of its personnel systems, and that the Pentagon also needs to put more attention toward understanding the populations it should target for its IT recruiting efforts.
“We’re looking at ways to ensure we understand the market properly,” Crall said. “In many cases, we think we know where we should be recruiting and we may not be recruiting to the level that we should. We need to bolster our understanding of the type of applicant that we’re searching for and the needs of those applicants. And we do too few internships. Academia has proven their willingness to work with us, and as a department, we’ve got to really take advantage of those where it makes sense. We have several of these opportunities near our bases that are still underutilized.”
But even if DoD manages to transform the new cyber hiring process into a well-oiled machine, it will still be hampered by a separate bottleneck in new employee onboarding: the security clearance process.
“So while we might have four of the five elements of the recipe right in bringing people on, if we can’t bring them on quickly because they’re held up in the security clearance process, there’s the potential that they lose some interest and we don’t garner the result we’re looking for,” Crall said.