Are US Federal Cyber Workers Good Enough?

Federal agencies have made mixed progress at ensuring their cybersecurity workers are properly trained and credentialed, according to a watchdog report released Thursday.

In some cases, agencies haven’t determined exactly who counts as a cybersecurity worker and who doesn’t, according to the Government Accountability Office report. In other cases, agencies haven’t determined which certifications are appropriate or necessary for the cybersecurity employees they do have, the report found.

There’s no standard certification requirement for cybersecurity professionals, such as the bar degree for lawyers, but employers often require certifications offered by professional organizations—such as the Certified Information Systems Security Professional certification—or use those certifications to judge an applicants’ qualifications.

The Federal Cybersecurity Workforce Assessment Act, a 2015 law, required the Office of Personnel Management to develop a coding structure that defines government cyber jobs and the qualifications and certifications required for them.

The law also mandated agencies to apply those codes to their cyber workforces and to report back to Congress on whether their cyber workers were properly credentialed and, if not, what the agencies were doing about it.

After the law went into effect, however, the personnel office was late in developing the coding structure because of earlier delays at the Commerce Department’s cyber education office and that delayed agency assessments.

As of March, only 21 of the 24 major federal agencies had completed their assessments and four of those were missing important pieces of reportable information, the accountability office found.

Some of the reports that included all necessary information were likely partially inaccurate, because of incomplete cyber worker counts or inconsistent use of the codes, the office said.

“This diminishes the usefulness of the assessments in determining the certification and training needs of these agencies’ cybersecurity employees,” the report found.

Overall, 23 of the 24 agencies “had established procedures to identify their civilian cybersecurity positions and assign the appropriate employment codes,” but six of those agencies failed to address at least one of OPM’s coding or assessment requirements, the report found.

The accountability office made 30 separate recommendations to the 13 agencies that fell short in some way, most of which the agencies agreed with or, at least, didn’t disagree with.

The one exception was NASA, which disagreed with a recommendation that it should assess how ready its cyber workers who don’t hold certifications are to get those certifications.

“The agency stated that there is no federal or NASA requirement for employees in cybersecurity positions to hold and/or maintain a certification, and therefore the agency has no plans to assess the readiness of its cybersecurity personnel to take certification exams,” the report stated.

The accountability office stands firm in the recommendation, it said.

Nextgov:

You Might Also Read:

In Demand: Cybersecurity Specialists

« World First Police 3D Security Scanner
EC-Council Sets New Application Security Training Standards »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Magnet Forensics

Magnet Forensics

Magnet Forensics' family of digital forensics products are used globally by thousands of law enforcement, military, government and corporate customers.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

Bricata

Bricata

Bricata offers industry-leading IPS solutions for enterprise-wide threat prevention and unparalleled situational awareness.

Institute for Critical Infrastructure Technology (ICIT)

Institute for Critical Infrastructure Technology (ICIT)

ICIT is a leading cybersecurity think tank providing objective research, advisory, and education to legislative, commercial, and public-sector cybersecurity stakeholders.

Ovarro

Ovarro

Ovarro is the new name for Servelec Technologies and Primayer. Ovarro's technology is used throughout the world to monitor, control and manage critical and national infrastructure.

Compumatica

Compumatica

Compumatica is a leading European ICT security manufacturer for cybersecurity and encryption products. Solutions include network security, SCADA/ICS security, Mobile/BYOD and email encryption.

Sepio Cyber

Sepio Cyber

Sepio is the leading asset risk management platform that operates on asset existence rather than activity.

Industry IoT Consortium (IIC)

Industry IoT Consortium (IIC)

The Industry IoT Consortium is the world's leading organization transforming business and society by accelerating the Industrial Internet of Things (IIoT).

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

LogicHub

LogicHub

LogicHub is built on the principle that every decision process for threat detection and response can and should be automated.

Grayshift

Grayshift

Grayshift is the leading provider of mobile device digital forensics, specializing in lawful access and extraction.

1Kosmos

1Kosmos

1Kosmos provide Digital Identity and Passwordless Authentication for workforce and customers. Powered by advanced biometrics and blockchain technology.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

Bugv

Bugv

Bugv is a crowdsourcing cybersecurity platform powered by human intelligence where we connect businesses with cyber security experts, ethical hackers, bug bounty hunters from all around the world.

RightCue Assurance

RightCue Assurance

RightCue Assurance identify opportunities for improvement in the Information Security for your organisation and work with you to reduce cyber risk.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.