As a result of the recent massive OPM breach, it is quite obvious the United States government urgently needs to find experienced and talented cyber security professionals capable of protecting government data system (emphasis added):
OPM officials were quick to identify aging legacy systems as the main culprit behind the massive data theft. Of course, such vulnerability encourages more attacks and more extensive damage. With no foreseeable abatement and – to the contrary – the prospect of increasingly sophisticated cyber invasions, with at least some appearing to implicate enemy nation states, more than new and enhanced infrastructure is needed. Implementing critically needed structural improvements will take time. Right now, however, experienced, talented and top-flight cybersecurity professionals should be hired and quickly brought on board. Once in place, the cyber experts should make a comprehensive assessment of existing systems, identify and thoroughly examine their vulnerabilities, and then develop the most comprehensive and iron-clad cyber defense possible – one that withstands attacks of evolving sophistication and is subject to ongoing monitoring. The enhanced program also should be capable of quickly and effectively responding to incidents.
As part of a series of cyber security bills enacted last year, Congress passed the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014 (the Act). The law is intended to help the Department of Homeland Security (DHS) recruit and retain cybersecurity professionals. For DHS, which is responsible for securing civilian government computer systems, a top-flight and expertly trained cybersecurity workforce is an absolute necessity to carry out its security mission.
The Act supports DHS’s efforts to overcome workforce deficiencies by authorizing the Secretary of Homeland Security (the Secretary) to create new cybersecurity positions and offer comparable pay to that which like professionals earn at the Department of Defense. The Act also requires that for four years, the Secretary submit annual reports on DHS’s cybersecurity hiring plans for filling critical needs, and metrics to measure progress on the recruitment and retention of cybersecurity professionals. These measures are to be complemented by other recent laws and DHS initiatives.
The government needs a combination of the right type of situational awareness tools coupled with highly trained and talented cyber security professionals capable of understandings how to work these tools to locate intrusions and react accordingly. This is no easy nor inexpensive task – it requires a lot of funding to get this right.
At this juncture, US government agency leadership needs to stop playing games and fund worthwhile cyber security initiatives before, say, buying new carpet for the command-deck.