Feds face big obstacle in cyber efforts: Geography
There’s a major overlooked challenge in the government’s struggle to shore up its cybersecurity, experts say: the location of the nation’s capital.
Most of the federal government’s cybersecurity operations are run out of Washington, D.C., far from the technology hubs of California, Texas and Massachusetts, where many tech professionals live and work. But, say experts, those hubs may be the secret to meeting a growing shortage in the federal information technology workforce.
“People underestimate the civic-mindedness of [Silicon] Valley,” said Betsy Cooper, the executive director of the University of California, Berkeley, Center for Long Term Cybersecurity (CLTC).
Cooper previously worked for the Department of Homeland Security’s Office of General Counsel but teleworked to avoid uprooting her husband from a California job.
Cooper, and others at the CLTC, sees meeting the cybersecurity workforce on its home turf as a solution to the growing shortage of tech professionals in the government, with few willing to relocate to Washington for lower pay, more bureaucracy and the likelihood of working with outdated technology.
The geography problem has caught the attention of Congress.
The House Oversight Subcommittee on Information Technology recently held a hearing that painted a bleak picture of federal information security.
The government started the year with 10,000 job openings in IT, a gap that is projected to widen in coming years.
“It’s really simple. Most of the hearings, I usually know the answers to the questions I am going to ask. This one, I do not,” said subcommittee Chairman Will Hurd (R-Texas) at the start of the hearing.
The government’s hiring woes mirror a worldwide trend. By 2022, there will be 1.8 million more cybersecurity jobs than professionals to fill them, according to one cybersecurity business research group.
CLTC faculty director Steven Weber and Jesse Goldhammer, associate dean of Berkeley’s School of Information, submitted testimony to Hurd’s subcommittee. They suggested that restricting the cyber workforce to the D.C. area is contributing to the government’s staff shortage.
“People talk about the knowledge ecosystem in Silicon Valley, being able to participate in cutting-edge thinking in the field,” Weber told The Hill. “Most engineers will tell you that it would be impossible to leave.”
While there are cybersecurity and information technology jobs at nearly any federal office, the positions that involve problem solving or strategy tend to be located in or near Washington.
The National Institute of Standards and Technology, the Commerce Department shop in charge of the key cybersecurity advice for the public and private sectors, operates its cybersecurity projects out of its Maryland offices. The General Services Administration coordinates its cybersecurity projects from D.C. The Homeland Security Department runs the United States Computer Emergency Readiness Team out of D.C., and the National Cybersecurity and Communications Integration Center is in Virginia.
In the same way that government employees benefit from being located near other government employees in D.C., government technologists might benefit by working in high-tech regions, experts say.
The government has tried to lure talent into its cyber workforce with scholarship service programs, but those have failed to make much of a dent in the problem, as most participants leave D.C. as soon as their time is up.
The Pentagon has made an effort to recruit cyber talent as well. Former President Obama’s last Defense secretary, Ash Carter, launched an outreach project known as the Defense Innovation Unit Experimental. The program opened locations in tech hubs Silicon Valley, Boston and Austin, Texas.
While lawmakers have applauded such efforts, voices outside Congress say the key is for the federal cyber workforce to go national and not be constrained in Washington.
“Geographic diversity can be just as important as race or gender,” Weber said.
The Berkeley plan pitched to the information technology subcommittee would be to open a lean, startup-structured, Silicon Valley-based nonprofit to take on midcareer tech workers for one- or two-year “prestige appointments” to solve government security problems. The nonprofit status would remove it from government bureaucracy.
Peter Leroe-Muñoz, vice president for technology and innovation policy at the Silicon Valley Leadership Group, believes that the government’s unique mission might ultimately pique the interest of problem solvers.
“There’s a group of people here motivated by unique challenges,” he said.