The DHS Office of Inspector General reports that the agency has not fully met requirements in the Cybersecurity Workforce Assessment Act to assess its cybersecurity workforce and develop a strategy to address workforce gaps. The Department did not submit annual workforce assessments to Congress by the statutorily defined due dates for the past four years. DHS also did not include all required information in the assessments once they were submitted. Further, the Department did not submit an annual cybersecurity workforce strategy to Congress, as required, between 2015 and 2018. As of February 2019, DHS only submitted one workforce strategy in 2016, but it did not include all required information.
DHS’ lack of progress in meeting the requirements of the Act can be attributed to both external and internal factors. Legislation passed in 2014 and 2015 created overlapping and new requirements for cybersecurity workforce planning and reporting. DHS fell behind in responding to these mandates because it did not have consistent and detailed information on its cybersecurity workforce readily available to comply with the new reporting requirements.
Without a complete workforce assessment and strategy, DHS is not well positioned to carry out its critical cybersecurity functions in the face of ever-expanding cybersecurity threats. Lacking an assessment, DHS cannot provide assurance that it has the appropriate skills, competencies, and expertise positioned across its components to address the multifaceted nature of DHS’ cybersecurity work. In addition, the Department may not have an understanding of its future hiring or training needs to maintain a qualified and capable workforce to secure the Nation’s cyberspace.
DHS-OIG-DHS-Needs-to-Improve-Cybersecurity-Workforce-Planning