In these relatively nascent days, some federal cyber officials have said they believe that AI provides more of an advantage to defenders than attackers in cyberspace, while others warn that the pace of innovation looms as a threat to the country. 

But from a workforce standpoint, agency cyber experts believe that the worst fears of AI replacing humans won’t be realized. 

Speaking during an Advanced Technology Academic Research Center event last week on intelligent data and cyber resilience, federal IT leaders delivered a clear message to the cyber workforce: “Automation will not replace humans,” said Amy Hamilton, senior cybersecurity adviser for policy and programs at the Department of Energy. 

“What it’s going to do is enable us and make it better. Every single time I see the stats on the cybersecurity workforce — trust me, there is more than enough work to go around. Don’t worry about your job going away from AI. AI is just going to be your personal assistant and help you even more.”

Hamilton, who previously served as a cybersecurity policy analyst with the Office of Management and Budget, pointed to the 2021 breach of a water treatment plant in Oldsmar, Fla., as an example of the need for human response. An Oldsmar plant operator flagged the issue of dangerous levels of sodium hydroxide before they were released into the system. 

“It happened that somebody was monitoring it, they noticed it, they prevented chemicals from” entering the system, Hamilton said. “We have to make sure that we’re putting all the checks and balances in place.”

Though subsequent reporting questioned whether an outside hacker was actually responsible for the Oldsmar incident, Hamilton’s point about the importance of continuous monitoring remains.

“One of the things about sites that are mostly based on operational technology is they are designed for failover to manual, and a lot of people are like ‘automate, automate,’” she said. “You can do that, but is that a lot of risk? By having humans monitoring these systems as well as what we’ve talked about with the importance of the automation, it’s going to come into play.”

In DOE’s 16-page AI inventory, four use cases employ robotic processing automation, while another from the Lawrence Livermore National Laboratory leverages automation and robotics for “accelerating hardware development and interpretation of sensor data to improve process reliability.”

Alyssa Feola, a cybersecurity adviser at the General Services Administration, also expressed concern about removing humans from the cyber workforce. Leaving all system reviews to AI tools could lead to “really tainted stuff,” she said. 

“We need these people to do this work,” Feola said. “We’re not going to automate people out of these jobs because it is going to take people doing the work, and I think that’s what’s really most important.”

Working with AI in federal agencies is just one piece of the current technological evolution that the government and society more broadly are undergoing. These “new challenges” are a lot to process, Hamilton said, but there’s really only one path forward.

“Now, we have to change the way that we’re thinking and as older people need to be much more open to the next generation and opening up these concepts, because technology is going to keep changing,” she said. “We have to change with it.”

The post AI won’t replace cybersecurity workforce, agency leaders say appeared first on FedScoop.

The Federal Cybersecurity Workforce Expansion Act, co-sponsored by Reps. Chrissy Houlahan, D-Pa., and Mike Gallagher, R-Wis., would establish a cybersecurity registered apprenticeship program in the Cybersecurity and Infrastructure Security Agency and a Department of Veterans Affairs pilot program that would provide cybersecurity training to veterans.

“Reports of cyber attacks continue to rise, and we must respond accordingly to protect businesses, sensitive personal data, and ultimately our national security,” Houlahan said in a statement. “Thankfully, our bipartisan, bicameral bill will help train veterans and other Americans to be the next generation of cyber defense professionals.”

The bill would require the director of CISA to consult with the Labor and Defense secretaries, as well as the directors of the National Institute of Standards and Technology, the National Science Foundation and the Office of Personnel Management, on a framework for developing the apprenticeship program. 

Participants could be tapped for cybersecurity-specific excepted service positions by the CISA director, who would be required to submit a report to Congress on the program every two years.

Eligible enrollees for the VA pilot program include veterans and current military members transitioning to civilian life. The VA secretary, charged with standing up the program one year after the enactment of the legislation, would collaborate with the secretaries of Defense, Homeland Security and Labor, as well as the OPM director, on training and the leveraging of platforms and frameworks for the program.

“By creating programs that provide veterans with the skills they need to help protect this country in the cyber domain, this bill is an innovative way to bolster our nation’s cyber defenses and strengthen the federal cyber workforce while giving veterans an opportunity to continue serving their country,” Gallagher said in a statement.

The companion bill, introduced by Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, in July, was reported to the Homeland Security and Governmental Affairs Committee with amendments by Sen. Gary Peters, D-Mich., on Thursday.

The bicameral legislation comes following a number of federal efforts to strengthen the U.S. cybersecurity workforce. In March, the DOD released a Cyber Workforce Strategy intended to grow its ranks and address talent shortages, while a bipartisan bill to relax educational requirements for federal cyber workers breezed through a House vote in October.

The post Bipartisan House legislation calls for two new federal cybersecurity training programs appeared first on FedScoop.

Approximately one-third of federal employees will be reaching retirement age within the next two years, according to the Partnership for Public Service, while just 1.6% of the federal workforce is composed of Gen Z employees, those born between 1997 and 2012.

“I mean, we don’t want to try to push them out the door unnecessarily, there’s a lot of experience and talent in older generations that we want to make sure is passed on like institutional knowledge and memory is important,” Congressman Glenn Ivey, D-Md., told FedScoop on the sidelines of a Washington tech industry event Thursday. 

“But as they say, old wineskin needs to make room for new wine — we got to make sure we’re creating the space for younger people to come in and utilizing new skills, new talents, broader horizons, and working through these new technologies that, frankly, my generation doesn’t understand as well as,” said Ivey, whose district in Maryland, bordering Washington, D.C., is home to multiple federal agency buildings and thousands of federal workers. 

The government has long struggled to hire and retain talented young workers. According to an Office of Personnel Management report from last year, less than 10 percent of the federal workforce is under the age of 30, compared to 23 percent of the workforce in the private sector in that same age group. 

The report also found that federal workers in their 20s are five times more likely to quit than those in their 50s.

Congressman Ivey said creating new organizational structures that allow federal staff to try and integrate with new technologies is one potential solution for bringing in young, fresh talent.

“I think part of it is creating different departments within agencies. Because it doesn’t all have to be the same infrastructure that it was 10, 20, 30 years ago. You can have organizational charts that are slightly different than they are now,” Ivey told FedScoop.

“You can give them more latitude, more leeway to try and integrate with new technologies. And you can put leadership in place that really understands the needs. And it’s not that you’re pushing people out the door necessarily who really still have something to offer. But you’re creating a space between the talent team to come in and thrive,” he added.

The federal government is uniquely positioned to attract technology talent looking for new opportunities amid the current labor market turmoil, according to the U.S. Digital Service. USDS Chief Delivery Officer Ankit Mathur highlighted last year how the values of public service can align with some of the new top priorities for IT specialists looking for new roles.

The post Rep. Glenn Ivey: Government must ‘create the space’ for younger tech talent appeared first on FedScoop.

U.S. government and military were among five industry categories from which survey respondents were least likely to express confidence about their organization’s ability to respond to potential cyber incidents.

The findings were outlined in a cybersecurity workforce study commissioned earlier this year by (ISC)², which surveyed over 11,000 cybersecurity professionals. (ISC)² is a major nonprofit association for certified cybersecurity professionals.

Of the cybersecurity professionals surveyed, 61% said their primary concern in the next two years is the potential risks of emerging technologies like blockchain, AI, VR, quantum computing, and keeping up with changing government regulatory requirements.  

According to the survey, 70% of respondents reported that their respective organizations don’t have enough cyber employees, and data from the study also revealed the need for 3.4 million more cyber workers globally to secure digital assets effectively.  

More than half of the survey respondents with cyber workforce shortages said that staff deficits put their organization at a “moderate” or “extreme” risk of a cyberattack. 

“As a result of geopolitical tensions and macroeconomic instability, alongside high-profile data breaches and growing physical security challenges, there is a greater focus on cybersecurity and increasing demand for professionals within the field,” said Clar Rosso, CEO of (ISC)².

“The study shows us that retaining and attracting strong talent is more important than ever. Professionals are saying loud and clear that corporate culture, experience, training and education investment and mentorship are paramount to keeping your team motivated, engaged and effective.”

The survey showed also that while 75% of cyber professionals report strong job satisfaction and passion about their work, over 70% still feel overworked, while a quarter of respondents below age 30 consider “gatekeeping and generational tensions” as a top-five challenge for them in the next two years.

When it comes to diversity, equity and inclusion with the cybersecurity landscape, the survey showed that 55% of cyber employees believe diversity will increase among their teams within two years but 30% of female and 18% of non-white cyber employees feel discriminated against at work currently. 

The post Government cyber experts feel they lack resources for breach response, finds (ISC)² survey appeared first on FedScoop.

The recommendations include adopting measures to better determine staff needs and establishing a strategic workforce plan for cyber.

GAO’s assessment comes after the Coast Guard over the last two years has been hit with multiple cyberattacks and struggled to recruit and retain its critical cyber workforce. The recommendations were included in a new report published on Tuesday.

The Department of Homeland Security, which is the parent agency under which the Coast Guard operates, concurred with the GAO recommendations. 

“Like other federal agencies, the Coast Guard is increasingly dependent upon its cyberspace workforce to maintain and protect its information systems and data from threats. In recent years, its networks and information have been exploited and maritime critical infrastructure have experienced cyberattacks,” the GAO report titled ‘Workforce Planning Actions Needed to Address Growing Cyberspace Mission Demands’ said.

“These events have reinforced the importance of the Coast Guard’s cyber capabilities and the workforce who operate and maintain them,” the GAO report added.

The GAO’s three primary recruitment recommendations to the Coast Guard were: to create a strategic direction; conduct a supply, demand, and gap analyses; and third, monitor the plan’s progress to address all cyberspace competency and staffing needs.

In 2015, the Coast Guard established a cyberspace team to protect the U.S. marine transportation system from online and telecommunications threats which the GAO found needs improvements due to cyberattacks occurring and data breaches costing hundreds of millions of dollars in total.

Last year the Coast Guard announced a Cyber Strategic Outlook to build more cyber teams to focus on the cybersecurity of maritime critical infrastructure from attacks after a rash of hacks and ransomware incidents that shut down key services.

The Coast Guard, a military service, is uniquely housed under DHS, giving it law enforcement authority and relationships with other DHS agencies like the Cybersecurity and Infrastructure Security Agency (CISA). The service has sought to modernize its legacy IT since 2020. 

The post Coast Guard needs to improve its cyber workforce says watchdog appeared first on FedScoop.

“We’re basically hiring people from one federal agency to another. We’re stealing people from each other, that’s what it’s come down to,” Mendes told FedScoop.

“It’s a very, very tough situation with cybersecurity hiring. It’s extremely difficult getting the right people with the right skills right now,” said Mendes who spoke at the FedTalks tech conference on Wednesday, hosted by FedScoop.

The hiring challenges are likely due to a tight labor market and a severe shortage of skilled cyber engineers and analysts.

According to cybersecurity recruitment website CyberSeek, which is funded by the Commerce Department, there are currently 714,548 open cybersecurity jobs nationwide, which includes positions in the public and private sector. 

In the public sector or the government, the website estimates there are almost 39,000 vacant cyber jobs and 69,322 cybersecurity experts currently employed.

There has been a huge surge in cybersecurity job openings in the past year, following a series of massive attacks in the the last two years on the computer systems of the federal government, the Colonial Pipeline, and the meat producer JBS that have brought mainstream awareness to the need for increased cybersecurity within the government and the private sector.

Alongside difficulties hiring cybersecurity experts, Mendes also said the federal government has struggled with holding its tech vendors and contractors accountable for cybersecurity flaws and issues.

“All federal agencies have to hold their vendors accountable in terms of susceptibilities. So that when you sell a product to the federal government, you have to give some assurances that the product performs as indicated, and does not unduly expose you to cybersecurity attacks because of flaws that are inherent in its scope,” Mendes said.

The President’s National Security Telecommunications Advisory Committee (NSTAC) on Tuesday put forward proposals that would require all executive civilian branch agencies to monitor operational technology systems in real-time.

Mendes said the presidential proposals would help improve cybersecurity but would receive strong pushback from the tech industry and IT vendors.

“The administration has just started with the process and there will be an enormous amount of lobbying against it by vendors trying to minimize its effect. Vendors will do their best to minimize their exposure to change because they don’t want to have the accountability, they haven’t had accountability in the past, so why should they have it now? But the reality is that in the current environment, we can’t afford not to have accountability,” Mendes said.

Shortly after becoming the Commerce Department CIO in 2020, Mendes said that he would like to see greater accountability within the federal government regarding agency IT budgets due to “black hole” spending related to regulatory frameworks or modernization.

Mendes said he has worked in the past few years to use his almost $4.0 billion a year budget in a more efficient manner with less spending on IT tools and resources.

“We can show definite cost avoidance to a large degree by virtue of more collaboration within the agency in the past couple of years,” Mendes said.

“We’re leveraging those dollars elsewhere, where they’re more driven towards the mission of the Commerce bureaus and official business and less towards IT infrastructure,” he added.

Commerce spends approximately 30% of its budget on IT driven by heavy users like the National Oceanic and Atmospheric Administration, National Institute of Standards and Technology, U.S. Patent and Trademark Office, and Census Bureau. 

Mendes, however, drove the International Trade Administration, where he served previously as CIO, to spend only 10% of its budget on IT because of its cloud-first environments and abstraction layers. 

This allowed the agency to automate more processes and freed up employees for work more tied to mission areas like tariffs.

The post Cybersecurity skills shortage has led to a talent war between agencies says Commerce CIO appeared first on FedScoop.

If it becomes law, the Federal Rotational Cyber Workforce Program Act would allow senior tech industry workers to enter government for a set period of time and grant government workers the ability to rotate among federal agencies. Supporters of the proposed legislation have argued that it would open the door for more cyber expertise to enter government.

The bill was introduced to the House in May, and in late June was sent to the floor of the chamber for consideration by lawmakers. A version of the bill was first proposed in 2019 by Sen. Gary Peters, D-Mich, chairman of the Senate Committee on Homeland Security and Government Affairs, and Sen. John Hoeven, R-N.D.  The Senate reintroduced updated legislation that matches the House version in April.

“I’m proud to see the Federal Rotational Cyber Workforce Program Act pass the House today with bipartisan support,” said bill sponsor Rep. Ro Khanna, D-Calif,. “To maintain our nation’s leadership & security in the 21st century we need an integrated federal workforce, particularly one that possesses the knowledge, skills, and competencies to counter increasingly sophisticated threats from foreign actors.”

Rep. Nancy Mace, R-S.C., also co-sponsored the House version of the bill.

The bill comes after high-profile cyberattacks against the government, like the SolarWinds hack, have increased the urgency of lawmakers attempting to help agencies recruit and retain cyber talent.

“Cyber security is national security. We’ve all seen just how much damage can be done to our economy and infrastructure when we don’t take it seriously,” Mace said in a statement. “In fact, just last year 11 federal agencies were hacked by a group affiliated with Russia. Our cyber security challenges are dramatically increasing.”

Improving the flow of information and knowledge between the public and private sector is a top priority for agencies including the Cybersecurity and Infrastructure Security Agency. Earlier this year the agency established the Joint Cyber Defense Collaborative, which is intended to provide an environment in which the government and industry can exchange information about best practice and zero-day threats.

The House sponsors urged the Senate to pass the bill quickly.

The post Bill to create cybersecurity workforce rotational program passes House appeared first on FedScoop.

Argonne National Laboratory leads the program and added two virtual, solo competitions, comprising a Conquer the Hill series, that allows students to hone cyber skills mapped to the National Institute of Standards and Technology‘s National Initiative for Cybersecurity Education (NICE) Workforce Framework.

Argonne launched a Cyber Defense Competition in 2016 to help address the national cyber talent shortage, predicted to reach 1.8 million workers by 2022, which has evolved into a program benefitting not only companies but government as well.

“The National Labs, Department of Energy and all the other federal agencies are obviously equally looking for talent that is interested,” Amanda Joyce, CyberForce program director, told FedScoop. “Bringing students on-site, or even bringing them in virtually, brings awareness to the national lab system.”

Tech giants like Amazon, Microsoft and Google attract the top cyber talent, but students forget DOE keeps the lights on for those companies — literally — and can give them the hands-on  training in real-world scenarios involving ICS and OT they lack, Joyce said.

Argonne won’t hold the next in-person, team CyberForce Competition until 2022 because of the Covid-19 pandemic, which is why it started the Conquer the Hill series.

The Reign Edition set for September will be a timed, capture-the-flag event with non-traditional  escape room elements that force competitors to think logically.

While the Adventurer Edition, which ran from July 16-18, gave participants 48 hours to complete 160-plus cyber tasks of varying difficulties in a question-and-answer format. University of Central Florida student Cameron Whitehead won.

While Conquer the Hill events try to admit all who register, the CyberForce Competition only allows one team per university to enter. The red-blue, attack-defend competition requires teams to perform daily tasks like examining log files while keeping everything from email to ICS operational, in what is a multi-lab event.

This year the CyberForce program also added a once-a-month webinar series highlighting key cyber topics; a virtual career fair for more than 1,000 students to meet with cyber companies; and is creating a workforce development portal that will report on students’ progress and let them engage with each other and government and industry experts year-round.

The need to have students fill cyber roles defending ICS and OT became more critical after a hacker breached a Florida water treatment plant in February and a ransomware attack on Colonial Pipeline in May, which led the company to shut the pipeline down temporarily and saw people panic-buying gas into scarcity across the Southeast.

“Why we push operational technologies so much is because the technology we’re using is very old,” Joyce said. “”The problem is none of these systems were ever really meant to be on the internet.”

The CyberForce program encourages students to think through the added cyber risks ICS and OT present and consider what constitutes the proper amount of security, how the networks communicate internally and with other networks, and how a hacker might turn them off.

Security isn’t just updates, patches and firewalls when it comes to such systems, Joyce added.

“The problem is that doesn’t work for everything and specifically for our operational technology networks,” she said. “And it takes a unique skillset to really understand that and to figure out that these systems are very sensitive in nature.”

The post Department of Energy expands CyberForce program appeared first on FedScoop.

The measure is intended to broaden the choice of talent available to agencies and to provide a route for former federal employees to re-enter government in a position with an analogous skill level, after a spell working in the private sector.

It comes as government departments continue to look for new ways to hire technology talent into senior positions.

OPM says that the guidance will also increase knowledge-sharing between private enterprise and government agencies. The new regulation was published on Tuesday in the Federal Register as a final rule document.

However, some agencies and unions have raised concerns, saying it may be abused and potentially erode the bargaining power of staff.

In its Federal Register entry, OPM said seven individuals, two federal agencies, and the Federal Employees’ Union had submitted evidence to say that the hiring authority may be abused, and questioned the fairness of allowing former federal employees to re-enter the workforce in this way.

Two individuals and three federal agencies also questioned OPM’s assertion that former employees would actually acquire skills or experience in the private sector that would qualify them for such an appointment.

According to OPM, seven individuals, four federal agencies, one professional organization, and the Federal Employees’ Union also in evidence said that the proposal is contrary to merit system principles and would deprive certain employees to their collectively bargained right to first consideration.

In 2019, the Trump Administration gave a final ruling on direct-hire authority for key IT positions, which gave agency leaders the authority to sidestep typically long federal hiring processes, if there is a shortage of applicants or critical need.

That direct-hire rule gave agencies permission to hire IT professionals for limited terms of up to four years, with an option to extend those measures for another four.

The post OPM rules federal agencies can rehire staff at higher pay grades appeared first on FedScoop.