The Department of Homeland Security has missed several deadlines to assess its cyber security workforce and has yet to identify the areas it needs improved expertise, according to a new GAO report released Wednesday.
A 2014 bill, the Homeland Security Cybersecurity Workforce Assessment Act, called for DHS to classify and code its cyber security personnel to help identify its most pressing expertise vacancies, but officials have yet to fully address its workforce capability gaps.
“Until DHS establishes plans and time frames for reporting on its critical needs, the department may not be able to ensure that it has the necessary cyber security personnel to help protect the department’s and the nation’s federal networks and critical infrastructure from cyber threats,” the GAO wrote in their report.
The 2014 workforce assessment bill tasked DHS officials with implementing procedures categorizing the responsibilities of its workforce to determine its cyber expertise shortcomings. Congress imposed a September 2015 deadline, but GAO officials report that effort has only been partially implemented.
DHS also missed deadlines in June and September 2016 to provide Congress with a report on its critical department-wide cyber needs or provide details to the Office of Personnel Management how it plans to hire for those positions.
In an August 2017 report to Congress, DHS said it had categorized and detailed 95 percent of the cyber positions it would need to fill in the future. GAO’s assessment determined this number was closer to 79 percent, as DHS officials did not include currently vacant positions.
GAO has recommended the DHS Secretary develop an updated plan to code for its cyber security vacancies, as well as establish a process for identifying the department’s most critical cyber components to ensure future deadlines are met.
DHS has said it will address its cyber security position identification initiative by the end of February and will put together a memo on how the department plans to review its cyber components in the future by April 30, according to the report.
Officials will also address a new DHS cyber hiring timeline with a memo in June, according the GAO’s report.