Government

GAO dings DHS for failing to share info on cybersecurity workforce efforts

DHS did not complete efforts to identify and assign codes to all its cybersecurity positions, according to GAO.

March 9, 2018

(Department of Homeland Security photo - Jetta Disco / Flickr)

Among the many things the Department of Homeland Security is required to report on from time to time is its cybersecurity workforce challenges. Yet, according to the Government Accountability Office, it has failed to do so in a timely manner.

GAO says DHS did not complete efforts to identify and assign codes to all its cybersecurity positions. In August 2017, DHS reported to Congress that it had coded 95 percent of the department’s cybersecurity positions but in fact, it was discovered that the department only coded 79 percent of the cybersecurity positions, the report states.

GAO is not denying that DHS has taken some steps to identify the gaps but in a new the report, the office is calling out DHS for falling short on reporting these cybersecurity efforts regularly.

These specialized codes help define roles and tasks for specific cybersecurity areas. The codes have not been fully assigned since September 2015.

The Homeland Security Cybersecurity Workforce Assessment Act of 2014 requires DHS to categorize and assign employment codes to its cybersecurity positions.

June 2016 was was the last time the department reported any cybersecurity critical needs. The department is also supposed to report these needs annually to OPM, but it hasn’t done so since September 2016.

In the report, GAO concludes with six recommendations that DHS could inherit to complete these tasks: GAO suggests that the secretary of the department come up with procedures to identify and code vacant cybersecurity positions, identify individuals responsible for each component and hold them accountable, establish a procedure to periodically review progress, ensure that the Chief Human Capital Officer collects complete and accurate data, develop guidance to assist DHS components in identify their cybersecurity critical needs and develop plans and time frames to identify priority actions to take.

The department agreed with the recommendations and plans to take action to address them.

GAO dings DHS for failing to share info on cybersecurity workforce efforts

More Like This

Campaigns and political parties are in the crosshairs of election meddlers

CISA ransomware warning program has sent out more than 2,000 alerts

Ex-White House cyber official says ransomware payment ban is a ways off

Top Stories

FCC wants rules for ‘most important part of the internet you’ve probably never heard of’

More Scoops

Biden’s budget proposal seeks funding boost for cybersecurity

CISA needs better workforce planning to handle operational technology risks, GAO says

Feds say AI favors defenders over attackers in cyberspace — so far

National cybersecurity plans lack performance measures and estimated costs, GAO says

GAO: Federal agencies lack insight on ransomware protections for critical infrastructure

Bill seeks cyber protections for food and agriculture

Cyber Safety Review Board needs stronger authorities, more independence, experts say

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics