Disclaimer: The views and opinions expressed in this blog are those of the author(s) and may not reflect the official policy or position of Excelsior College. Excelsior makes no claim regarding the suitability of the content for all audiences.
Cybersecurity is one of the most pressing issues facing U.S. governmental bodies today. If there was any question on this count previously, such doubts were put to rest courtesy of one of the biggest data breaches in the history of the federal government. Hackers, most likely working for the Chinese government, infiltrated federal networks and stole personal information relating to more than 4 million current and former government employees. As numerous elected officials and other observers noted, this breach can have major, damaging consequences, putting all of the affected individuals at risk.
Obviously, better protection is needed. Unfortunately, both the federal and state governments continue to struggle in this area. Notably, agencies at these levels are having significant difficulties attracting and retaining sufficient numbers of qualified cybersecurity personnel. This poses a serious, ongoing threat to government networks, but it also presents tremendous opportunities for computer security professionals.
“Only 27% said the government’s security posturing is better now than it was a year ago.”
Low marks for federal cybersecurity
The federal government’s difficulties in this area can be clearly seen in the recent International Information System Security Certification Consortiums’ survey of more than 1,800 federal IT security professionals. Among these participants, only 27 percent said the government’s security posturing is better now than it was a year ago, despite the investments that the U.S. has made in this area. Nearly half of respondents said security was unchanged, and 17 percent said that federal IT security actually decreased in quality year-over-year.
“The U.S. government has spent a lot of time, money and effort on policies, programs and tools designed to improve its security posture but thus far there has been little return on that investment,” the report explained.
There are a number of factors underlying these disappointing figures. Critically, 70 percent of participants said that a lack of qualified security professionals within the federal government was a leading reason why agencies have proven unable to keep pace with evolving cybersecurity threats.
The situation is rather similar at state-level governments. A recent report from the National Association of State Chief Information Officers found that numerous states are struggling to hire and retain IT personnel. In particular, state governments are having difficult finding computer security pros.
“Cybersecurity is one of the most important issues we’re facing today,” said Meredith Ward, NASCIO senior policy analyst and author of the report, according to Government Technology. “The challenge is that if the folks aren’t there to deter, detect and prevent, it becomes a catch-up game.”
Among the surveyed IT leaders from state governments, 86 percent said it is difficult to recruit personnel to fill vacant spots, whereas only 55 percent of participants had this problem four years ago.
When it came to cybersecurity professionals, the biggest obstacle was simply supply and demand. As Government Technology pointed out, cybersecurity analysts in the private sector can expect to earn nearly $100,000 annual salaries, but state governments offer about $76,000 to these personnel.
Speaking to the news source, Srini Subramanian, a state cybersecurity principal at the consulting firm Deloitte & Touche, emphasized that this discrepancy leads many computer security experts to look to the private sector for employment. However, he also asserted that these professionals are drawn to private sector positions because of the potential for greater career growth. Currently, many state governments have not yet developed appealing paths for career progression for such individuals.
This is a problem that leaders in both the state and federal governments must address. For the cybersecurity professionals themselves, however, this state of affairs is yet further evidence of the tremendous and growing demand for their skills.
Navigating cyber security at the local, state and federal government levels requires complex networks of communication between cyber securty experts and non-technical employees. Organization’s with the greatest technology are still vulnerable if their human network is not secured.
You can read our blog daily to learn tips about how to improve your organization’s cyber defenses.