I wrote in an earlier column that the challenge of recruiting and retaining a skilled IT workforce is the major reason why cybersecurity has remained on the GAO’s list of high-risk programs for 20 years. There is a shortage of these workers generally, and government has traditionally not competed well with the private sector for this talent.
Now, policies emerging in the Trump administration on cybersecurity and the federal workforce make it appear likely that the situation will get worse before it gets better.
The problem goes beyond the challenge of hiring workers. Although Trump has called for better cybersecurity, his statements and early drafts of a proposed executive order on cybersecurity make it clear he has no understanding of the subject. He appears to see it as a military problem, and his solution for military problems is to simply throw money at them. No reasonable person agrees with either of these positions.
But the manpower issue probably is more serious. A shortage of skilled IT workers cannot be countered simply by automating cybersecurity processes. (Although automation is useful and should be pursued.) It still requires skilled workers to implement and maintain automated tools, and automation takes over only the most basic and repetitive tasks. The jobs that require the most human skill—analysis and response—still must be done by people.
The most recent Grant Thornton survey of federal CIOs found that “The greatest challenge for federal agencies is recruiting and retaining younger employees, those who represent the foundation of the workforce in the years ahead.” Recruiting younger workers is critical because of the aging federal workforce. The age of the average federal worker is now more than 45 and Baby Boomers, who began hitting retirement age in 2012, make up most of the government workforce.
“These demographics foretell a government in danger of losing deep experience and institutional memory over the coming decades, endangering the performance of government programs and services,” the Grant Thornton report warns. The top area threatened by this skills gap is cybersecurity.
“A huge concern echoed by the CIOs in this year’s survey was attracting and retaining top-tier security and privacy talent,” the report says. “CIOs and CISOs feel the federal government has difficulty attracting top talent because of limits on compensation and the length of the hiring process,” and “they said it was almost impossible to compete with the commercial sector.”
This was in 2016. What has changed since then? Donald Trump. Since taking office he has imposed a federal hiring freeze and proposed a 20 percent reduction in the Environmental Protection Agency’s workforce. The administration has a special enmity toward the EPA, but workers throughout government fear the prospect of massive budget cuts that will be needed to throw money at the military.
Even if IT workers, and particularly cybersecurity professionals, are exempted from the hiring freeze and layoffs, why would a trained and talented young worker consider working in government under these conditions? The administration’s hostility toward foreign-born people is one more disincentive to work for it. One of the major incentives of government work for millennials and other young professionals has been the chance to perform public service. An administration that pursues small-minded nationalistic policies and demonstrates contempt for its employees will not attract these public-spirited workers.
With the continuing difficulties in hiring and retaining new workers coupled with layoffs and retirements, there will be more pressure than ever on the IT professionals who manage and protect federal networks in coming years. Maybe things will change. But I’m afraid that will not happen until the situation becomes a crisis. Let’s keep our fingers crossed and hope that we can weather it.