Agencies Struggle to Understand the Composition of Cybersecurity Contractor Workforce, Report Shows
The Government Accountability Office (GAO) has released a new report, detailing that most U.S. government agencies have poor data collection on their cybersecurity contractor workforce. The report, which does not include the Department of Defense, found that 22 out of 23 Chief Financial Officers Act agencies either have partial or no data on the size and costs of their contractor cyber workforce.
The GAO's audit revealed several concerning findings. Seventeen agencies lacked uniform methods for identifying cyber workers, and 19 of the 23 agencies did not have a documented quality assurance process. As a result, 14 agencies submitted partial data, and 8 agencies had no data to report at all.
The reported figures, according to the GAO, are incomplete and unreliable, and they do not reflect the full size and cost of the cyber workforce. As of April 2024, agencies reported employing at least 63,934 federal cyber practitioners and an additional 4,151 contractor staff, at a cost of approximately $9.3 billion and $5.2 billion, respectively.
The importance of having quality data on the cyber workforce was recognized by the GAO, the Office of the National Cyber Director (ONCD), and the Office of Management and Budget. In response, ONCD and the Office of Management and Budget have created working groups to bolster data-informed decision making. However, as of now, the White House's Office of the National Cyber Director has not identified steps to improve the quality of cyber workforce data used by agency-level chief human capital officers and chief information officers.
The GAO emphasized the importance of addressing these issues during administration transitions to ensure the federal government is prepared and cyber-ready. The search results do not provide specific information about which U.S. government agencies, besides the Office of Personnel Management, have secured a comprehensive profile of their IT security personnel through contractors and which have not. The Office of Personnel Management is the only agency that reported a comprehensive picture of its contractor cyber workforce to the GAO.
The GAO delivered four recommendations to ONCD, calling for the office to work with OMB and agencies on formalizing data-collection processes and assessing the cost-effectiveness of cyber workforce initiatives. Until ONCD addresses the factors related to data gaps, quality assurance processes, and variances in identifying cyber personnel, it cannot ensure that agencies will have the information needed to support workforce decisions. The GAO's concerns about the quality and reliability of the reported cyber workforce figures still stand.
Read also:
- Antitussives: List of Examples, Functions, Adverse Reactions, and Additional Details
- Impact, Prevention, and Aid for Psoriatic Arthritis During Flu Season
- Unauthorized disclosure of Azure AD Client Secrets: Privacy in the digital realm under threat due to exposure of cloud credentials
- Revitalizing Wisconsin Point Peninsula within the St. Louis River Estuary's Ecosystem Conservation Zone