Skip to main content

< WatchBlog: Following the Federal Dollar

DHS Cybersecurity Workforce

Posted on September 10, 2018
Secure federal computer systems depend on the federal and contractor workforce who design, develop, implement, secure, maintain, and use them. But the federal government faces a persistent shortage of workers trained in cybersecurity and information technology. The Department of Homeland Security is the lead agency responsible for protecting the nation's critical infrastructure from cyber threats. So, how is DHS assessing its cybersecurity workforce needs? Today’s WatchBlog explores. The Homeland Security Cybersecurity Workforce Act Having an effective cybersecurity workforce is particularly essential to DHS’s mission.  It must protect the confidentiality, integrity, and availability of its own computer systems and information. Also, DHS coordinates with public and private sector partners in protecting federal civilian networks and the nation’s critical infrastructure. The Homeland Security Cybersecurity Workforce Assessment Act of 2014 (Act) requires DHS to:
  • identify all cybersecurity workforce positions within the department
  • determine the cybersecurity work category and specialty area of such positions
  • assign the corresponding employment code to each cybersecurity position
  • identify and report on its cybersecurity workforce areas of critical need
Is DHS meeting requirements of the Act? We found that while DHS has acted to comply with the requirements of the Act, its actions have neither been timely nor complete. For example, DHS did not:
  • complete efforts to identify all of the department’s cybersecurity positions
  • establish procedures to identify, categorize, and code its cybersecurity position vacancies and responsibilities
  • accurately assign codes to all filled and vacant cybersecurity positions
In addition, although DHS has sought to identify its workforce capability gaps, it has not identified or reported to Congress or the Office of Personnel Management on its critical cybersecurity needs in specialty areas. We recommended that DHS take six actions to ensure that:
  • its cybersecurity workforce procedures identify position vacancies and responsibilities
  • reported workforce data are complete and accurate
  • plans for reporting on critical needs are developed
DHS concurred with the recommendations and stated it planned to take actions to address them in 2018.
About Watchblog

GAO's mission is to provide Congress with fact-based, nonpartisan information that can help improve federal government performance and ensure accountability for the benefit of the American people. GAO launched its WatchBlog in January, 2014, as part of its continuing effort to reach its audiences—Congress and the American people—where they are currently looking for information.

The blog format allows GAO to provide a little more context about its work than it can offer on its other social media platforms. Posts will tie GAO work to current events and the news; show how GAO’s work is affecting agencies or legislation; highlight reports, testimonies, and issue areas where GAO does work; and provide information about GAO itself, among other things.

Please send any feedback on GAO's WatchBlog to blog@gao.gov.