The Trump administration took another step Thursday in its long effort to recruit, reskill and develop cybersecurity talent across the federal government and private sector with a series of new interagency initiatives.
President Donald Trump signed a new cybersecurity workforce executive order, which is designed to facilitate a more flexible, seamless flow of talent in and around federal agencies and the private sector.
Specifically, the EO calls on the Department of Homeland Security to create a cybersecurity rotational assignment program within the federal workforce.
The DHS Secretary, along with the directors of the Office of Personnel Management and Office of Management and Budget, will design the new program, which will detail IT and cyber professionals from other agencies to the Department of Homeland Security, and vice versa.
“What this will allow us to do is ensure that we have consistency and training and standardization of the cybersecurity federal workforce across the federal government,” a senior administration official told reporters Thursday. “I’m really excited about bringing other folks from departments and agencies within the civilian [space] into [DHS] and the National Cyber and [Communications] Integration Center, alongside our hunt and incident response teams and cybersecurity engineers. It ensures that it doesn’t matter where you are in the federal government, you know what to expect out of DHS and we know what to expect out of the other departments and agencies.”
The cyber rotational assignment program is non-reimbursable, according to the EO, but the Trump administration is exploring ways it can offer more lucrative pay and incentives to attract new talent to these positions.
Under their own authorities, the Defense Department and DHS have the ability to offer unique incentives to recruit and retain cybersecurity talent. DHS is also nearing the finish line with its own cybersecurity personnel system.
“That will better align the civilian service against pay bands that are more competitive with the private sector,” a senior administration official said of the DHS cyber personnel system.
The administration will look to this new system as a pilot before possibly opening it up to cybersecurity positions across government more broadly, an administration official said.
The National Institute of Standards and Technology’s National Initiative for Cybersecurity Education (NICE) framework will define and serve as the basis for the skills requirements needed to participate in the rotational program.
The General Services Administration should incorporate the NICE framework into IT and cybersecurity contract language, according to the EO.
In addition, the cyber workforce EO tasks OPM, DHS and the Commerce Department to identify a list of possible cybersecurity aptitude tests for agencies to use in identifying employees who have the potential to participate in reskilling programs.
“We think that’s really an important way to leverage the federal workforce we have today and to shift them into some of these high-demand jobs,” a senior administration official said.
The cyber workforce EO also calls on DHS to create an annual President’s Cup Cybersecurity Competition, which a senior administration official said will inspire cyber professionals across the federal workforce to compete against each other.
The senior official said the administration would model the President’s Cup after other cyber challenges and prize competitions in the field. The first competition should start by the end of this year, the executive order said.
The cyber workforce EO also calls on multiple agencies to address cybersecurity practitioner shortages more broadly across the country, which a senior administration official said will “create a sense of urgency” across multiple sectors.
The EO, for example, calls on multiple agencies, including the Defense, Energy, Transportation and Labor Departments, along with OPM and DHS, to identify and evaluate skills gaps across the federal and non-federal cybersecurity sectors. The President wants these agencies to recommend a curriculum that the government could use to close these skills gaps.
The President’s latest cyber workforce EO builds off a wide variety of initiatives already underway in the Trump administration, in addition to efforts started by the Obama administration.
The Obama administration had developed new guidance designed to help agencies fill some 6,000 cybersecurity vacancies. The Trump administration tallied some 300,000 cyber practitioner vacancies in federal, state, local and tribal governments and the private sector.
Strengthening the cyber workforce is also a key component to the President’s Management Agenda and the subject of another cybersecurity executive order, which Trump signed back in May 2017.
The federal community and lawmakers have pitched the idea of a rotational workforce program for a few years now. The program detailed in the new cyber workforce EO closely resembles one described in legislation from Senate Homeland Security and Governmental Affairs Committee Ranking Member Gary Peters (D-Mich.) and Sen. John Hoeven (R-N.D.).
“This program is an important first step to help minimize our cybersecurity vulnerabilities, fortify our existing networks and systems and build new and innovative infrastructure that puts safety and security front and center,” Peters said in a statement. “I look forward to working with the administration and my colleagues in the House to get my bill signed into law so this program can strengthen our cybersecurity workforce for years to come.”
Rep. Bennie Thompson (D-Miss.), chairman of the Homeland Security Committee, also praised the cyber workforce EO. The House committee will hold a hearing on growing the cyber talent pipeline May 21, he said.