With the Obama administration ending in less than 10 months, Department of Homeland Security (DHS) Secretary Jeh Johnson is aiming to leave a mark on his agency, especially in terms of cybersecurity. Johnson’s priorities include breaking down internal barriers at the DHS that are hampering cybersecurity efforts. He also wants to hire a phalanx of new cybersecurity workers, which has proved difficult.
During a congressional hearing on March 8, Johnson discussed the agency’s efforts to recruit employees to work on cybersecurity. He also said the DHS needs to do more to prevent cybersecurity efforts from being siloed within the department.
Streamlining Cybersecurity Efforts
In his testimony before the Senate Homeland Security and Governmental Affairs Committee, Johnson noted that the DHS will continue to reform the way it operates, in order to be more efficient. “There are still too many stove pipes and inefficiencies,” Johnson said, referring to the agency. “The centerpiece of our management reform has been the Unity of Effort initiative I announced in April 2014, which focuses on getting away from the stove pipes, in favor of more centralized programming, budgeting, and acquisition processes,” he added.
According to FierceGovernmentIT, Johnson pointed to the DHS’s National Protection and Programs Directorate (NPPD), saying that it needs to be reorganized into a more effective cybersecurity unit.
"Authorization of our unity of effort initiatives is something I very, very much support, which includes reforming and restructuring NPPD. I've seen the legislative language that I know your committee is working through now, on a number of these things and I support that. And I support the good work there," Johnson said, according to FierceGovernmentIT.
Overcoming Hurdles to Hiring
Johnson also bemoaned the DHS’s difficulty in hiring more workers to take part in the agency’s cybersecurity efforts. “We are competing in a tough marketplace against a private sector that is in a position to offer a lot more money,” he said, according to the New York Times. “We need more cybertalent without a doubt in DHS, in the federal government, and we are not where we should be right now, that is without a doubt.”
According to the New York Times, the DHS has 691 people in its cybersecurity division but has not been able to hire enough staff to keep pace with the growing cybersecurity threats the government and the country face.
The New York Times noted that close to 600,000 cybersecurity incidents, affecting private and government systems, were reported to the DHS in 2014, the last full year for which statistics are available. Congress has given the DHS the authority to hire up to 1,000 cybersecurity workers by June 30, 2016.
During the hearing, Johnson suggested that the DHS recruit cybersecurity talenton the basis of American pride and service. “We’ve got terrific career people, but I agree with what [Sen. Tom Carper, D-Del.] said, which is that we ought to appeal to people’s sense of patriotism,” Johnson said, according to Federal Times. “[We can say], ‘Hey, how about spending a couple of years serving your country, working for the government in cybersecurity, which will better enable you to get that terrific job later on in the financial sector, in the private sector with some terrific cybersecurity firm in Silicon Valley.’”
In recruiting, the DHS is having to counter not only the private sector but also other federal agencies, including intelligence agencies and the Defense Department. “The deck is stacked against us a little bit,” Phyllis Schneck, DHS’s deputy under secretary for cybersecurity and communications told the New York Times. “So what we are pitching to people is to explore a hybrid: Do a private sector career and then come and do some time in government. It can be a positive experience in both areas.”
Private-sector cybersecurity experts told the New York Times that the DHS needs to present itself as being on the cutting edge of cybersecurity but also needs to do more. “Countering our adversaries and keeping them from disrupting our critical infrastructure can be just as exciting,” Robert Lee, CEO and a founder of Dragos Security, a cybersecurity firm that focuses on critical infrastructure, told the NYT. “But the D.H.S. is seen as a large bureaucracy, and nothing about it screams change and innovation.”