The current cybersecurity workforce shortage in the United States is daunting and only due to get worse over the next few years, the Departments of Commerce (DoC) and Homeland Security (DHS) reported to President Trump in a document released Wednesday.
Within the larger U.S. cyber workforce shortage, the report also said that the Federal government may have particular problems filling its ranks because government pay scales for cybersecurity professionals don’t keep up with compensation offered by the private sector.
The report was commissioned by the President as part of the Cyber Executive Order released in May 2017. The order tasked DoC and DHS to seek ways “to support the growth and sustainment of the Nation’s cybersecurity workforce in both the public and private sectors.”
The report suggests that a growing cybersecurity workforce shortage–there were 299,000 active openings in August 2017 across the private sector and the government–will balloon to 1.8 million unfilled positions by 2022.
The report cites “an apparent shortage of knowledgeable and skilled cybersecurity teachers at the primary and secondary levels, faculty in higher education, and training instructors,” and lengthy hiring and vetting processes as limiting factors that inhibit the expansion of the field of qualified candidates.
Women and minorities are underrepresented in the cybersecurity workforce, the report states, and military “veterans represent an available and underutilized workforce supply.”
“The seriousness of the Nation’s cybersecurity workforce gaps merits a high-level initiative to raise awareness and create a sense of urgency about the importance of growing and sustaining a world-class cybersecurity workforce,” the report continues.
On the Federal government front, the cyber workforce gap should be addressed through new funding priorities, the report says.
“The Administration should focus on, and recommend, long-term authorization and sufficient appropriations for, high-quality, effective cybersecurity education and workforce development programs in its budget proposals in order to grow and sustain the cybersecurity workforce,” the report says.
It goes on to suggest a hierarchy of imperatives, recommendations, and subsequent actions that could address the workforce gap–including the promotion of a high-profile, national “Call to Action,” exploring the use of direct hire or other authorities and salary incentives at the Office of Personnel Management and other Federal agencies, and building cybersecurity apprenticeships through the Department of Labor, academia, and local, regional, and national business communities.
The report says that many of its recommendations are already being pursued by multiple Federal agencies under existing authorities, but given the report’s calls to expand agencies’ authority, budgets, and means to attract talent, it appears there’s much more to be done.
The cyber workforce report is one of three recent reports to the President called for by the Cyber EO. The other two reports tackled the issues of cybersecurity risk management programs in Federal agencies, and the expansion of botnets and automated, distributed attacks.