The Government Accountability Office on Thursday released a report detailing the results of a study it had conducted on five federal non-military departments to determine the extent to which they had implemented 15 key cybersecurity workforce management practices.
Table of Contents
Study Parameters
GAO said in the report that it selected the five agencies — the Department of Commerce, the Department of Health and Human Services, the Department of Homeland Security, the Department of the Treasury and the Department of Veterans Affairs — because they had the largest number of cybersecurity employees.
In turn, the 15 workforce management practices by which the agencies were evaluated were identified via a review of IT and cybersecurity workforce practices articulated in GAO’s own Key Principles for Effective Strategic Workforce Planning and the Workforce Planning Guide of the Office of Personnel Management.
Inconsistent Implementation of Workforce Practices
GAO revealed in the report that only the DHS showed a consistent implementation of relevant workforce practices, having fully implemented 14 while partially implementing one. The other agencies showed a mix of full, partial and non-implementation, with the HHS fully implementing the fewest and not implementing the most.
According to the government watchdog, the uneven implementation was partially attributable to the agencies handling the management of their cyber workforces at the component level instead of at the departmental level.
Potential Security Issues
“Until the departments implement these practices, they will likely be challenged in having a cybersecurity workforce with the necessary skills to protect federal IT systems and enable the government’s day-to-day functions,” GAO went on to say.