OMB Reform and Reorganization Plan: Cybersecurity
Published: June 25, 2018
The White House’s new government reform plan pursues an enterprise approach to building the federal cybersecurity workforce.
Last week the Office of Management and Budget (OMB) released its much-anticipated government reform plan, Delivering Government Solutions in the 21st Century, which addresses a variety of proposals ranging from agency reorganization to improving citizen services. One of the proposal’s key themes is federal cybersecurity.
In the plan’s introductory section Cybersecurity is a noted as a key consideration in the overall need for federal reform and reorganization. The Department of Defense’s expertise in cybersecurity is mentioned in support for shifting the federal security clearance process from the Office of Personnel Management (OPM) to the DOD. Cybersecurity is cited as a priority for U.S. energy security at the Department of Energy. (The plan maintains the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) that it established in 2018.) And cyber mentioned as a driver behind the Department of State’s IT modernization and Veterans Affairs Electronic Health Record Modernization. But the main cyber- issue addressed in the plan is the challenge of building a skilled federal cybersecurity workforce.
In the section entitled Solving the Federal Cybersecurity Workforce Shortage the Trump Administration begins with an assurance that it will “…work towards a standardized approach to Federal cybersecurity personnel, ensuring Government-wide visibility into talent gaps, as well as unified solutions to fill those gaps in a timely and prioritized manner.”
Key provisions in the plan to meet the federal cyber- workforce challenge include:
- Cyber Workforce Gap Analysis – By Fall 2018, the government will have catalogued the entire federal cybersecurity workforce using the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework to understand its current capability set and to identify gaps. This will aid the formulation of an enterprise-wide approach to build and sustain the future workforce. DHS will use this analysis to identify the most critical needs. By the first quarter of Fiscal Year (FY) 2019, all CFO Act agencies will identify their critical vacancies and by the end of FY 2019, all CFO and non-CFO Act agencies will have a prioritized list of critical vacancies. These lists will drive the enterprise plan in FY 2019.
- Streamlining Hiring of Cyber Workforce – To enable the hiring of cyber talent DHS is developing the Cyber Talent Management System (CTMS), exempting DHS from many existing federal hiring and compensation restrictions, making DHS more competitive and speeding up the process. CTMS will also align candidates with agencies’ pressing needs. OMB and DHS will release any necessary regulatory notices by the first quarter of FY 2019. By the end of FY 2019, DHS will measure the performance of CTMS and determine how to expand the system to all federal departments and agencies. In parallel, DHS will rationalize the security clearance requirements of the cyber workforce to align with the government-wide clearance reform initiative included in the government reform plan.
- Standardized Training – OMB will standardize training for cybersecurity employees and will work to develop an enterprise-wide training process for federal cybersecurity employees.
- Workforce Flexibilities – By the end of FY 2018, OMB will develop a plan to evaluate ways to introduce workforce flexibilities that allow workers to easily move from one position or agency to another and that allow agencies to surge capacity for incident response activities. Departments and agencies will begin to exercise these authorities by the end of FY 2019.
- Federal Cybersecurity Reservist Program – OMB, DHS, and DOD will evaluate the existing authorities and what workforce gaps might exist that would be needed during a major federal cybersecurity incident to determine the requirements for such a surge capacity program. Further these agencies will evaluate the feasibility of using such a program to aid non-federal organizations like critical infrastructure providers during an incident.
- Reskilling Staff to Fill Cybersecurity Gaps – By the first quarter of FY 2019, OMB and DHS will establish a job reskilling work plan to identify and select current government staff who can be reskilled to fill critical cybersecurity jobs.
- Federal Cyber Education Support – To support cybersecurity education that builds and sustains a cybersecurity talent pipeline, OMB will evaluate options to rationalize the size and scope of current federal cybersecurity education programs as part of the FY 2020 Budget development process.
While large-scale proposals from the Executive Branch are not uncommon and their reception in Congress is usually mixed, the reality of the federal cybersecurity workforce shortage has been recognized for a long time and the various piecemeal efforts that have been taken to date have produced limited results. The Trump Administration is looking to take an enterprise approach to the challenge, a considerable goal that will require the collaboration of multiple agencies and foresight into the cybersecurity challenges of the future.