The federal government spends over $90 billion on information technology (IT) every year. However, IT projects frequently fail, go over budget, or face unexpected delays. Additionally, threats to federal IT infrastructure continue to grow in number and sophistication.
Federal agencies can improve the success of these projects, as well as the government’s ability to mitigate and respond to cybersecurity threats, by ensuring that their IT staff has the required knowledge, skills, and abilities.
However, we found that federal agencies have not made planning for their IT workforce a priority—despite 20 years’ worth of laws and guidance that have called for them to do so.
Today’s WatchBlog explores how federal agencies could improve planning for the needs of their IT workforce.
Identifying IT staff
The federal government needs a qualified, well-trained cybersecurity workforce to protect vital IT systems. To help agencies identify their critical workforce needs, they were required to identify and categorize all of their IT and cyber-related positions.
However, most of the agencies we reviewed likely miscategorized the work involved in many positions. For example, 22 of 24 agencies assigned a “non-IT” code to about 19% of their IT positions.
Unless agencies improve how they track and code their IT and cyber workforce, they may not have the necessary information to effectively examine their cybersecurity workforce and identify critical workforce needs.
Following key practices
We developed a framework in 2016 that federal agencies can use to plan ahead for the needs of their IT workforce.
This framework focuses on 8 essential activities, including:
- Implementing a workforce planning process
- Assessing gaps in skills and staffing
- Developing strategies and activities to address these gaps (e.g., using special hiring authorities to hire staff with required skills)
In October 2019, we found that federal agencies varied widely in their efforts to implement such activities.
Specifically, many of the 24 agencies we reviewed had made progress in assessing gaps in skills and staffing—but most had not developed strategies to address these gaps. Additionally, most agencies had not fully implemented a workforce planning process.