Among the many things the Department of Homeland Security is required to report on from time to time is its cybersecurity workforce challenges. Yet, according to the Government Accountability Office, it has failed to do so in a timely manner.
GAO says DHS did not complete efforts to identify and assign codes to all its cybersecurity positions. In August 2017, DHS reported to Congress that it had coded 95 percent of the department’s cybersecurity positions but in fact, it was discovered that the department only coded 79 percent of the cybersecurity positions, the report states.
GAO is not denying that DHS has taken some steps to identify the gaps but in a new the report, the office is calling out DHS for falling short on reporting these cybersecurity efforts regularly.
These specialized codes help define roles and tasks for specific cybersecurity areas. The codes have not been fully assigned since September 2015.
The Homeland Security Cybersecurity Workforce Assessment Act of 2014 requires DHS to categorize and assign employment codes to its cybersecurity positions.
June 2016 was was the last time the department reported any cybersecurity critical needs. The department is also supposed to report these needs annually to OPM, but it hasn’t done so since September 2016.
In the report, GAO concludes with six recommendations that DHS could inherit to complete these tasks: GAO suggests that the secretary of the department come up with procedures to identify and code vacant cybersecurity positions, identify individuals responsible for each component and hold them accountable, establish a procedure to periodically review progress, ensure that the Chief Human Capital Officer collects complete and accurate data, develop guidance to assist DHS components in identify their cybersecurity critical needs and develop plans and time frames to identify priority actions to take.
The department agreed with the recommendations and plans to take action to address them.