Cyber Force or Farce: U.S. Unprepared for Wave of Computer Attacks?
The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another."
The report, scheduled to be released Wednesday, arrives in the wake of a series of cyber attacks this month that shut down some U.S. and South Korean government and financial Web sites.
The federal government's vulnerabilities have been underscored by the cyber attacks that breached a high-tech fighter jet program and the electrical grid, although no classified material was compromised.
The study said the recruiting and retention of cyber workers is hampered by a cumbersome hiring process, the failure to devise government-wide certification standards, insufficient training and salaries, and a lack of an overall strategy for recruiting and retaining cyber workers.
The size of the government's cyber work force is largely unknown, because agencies often classify their employees differently. The Pentagon says it has more than 90,000 personnel involved with cyber security, while the non-defense department civilian cyber security work force has been estimated at 35,000 to 45,000. Intelligence community estimates are classified.
While President Barack Obama has declared cyber security a top priority, the White House so far has been unable to fill its new cyber coordinator position — a job regarded as critical.
The study recommends that the yet-unnamed federal cyber coordinator lay out a strategy to meet the government's work force needs, set job classifications, enhance training and lead a nationwide effort to promote technology skills, including through the use of scholarships.
"You can't win the cyber war if you don't win the war for talent," said Max Stier, president of the Partnership for Public Service, a Washington-based advocacy group that works to improve government service. "If we don't have a federal work force capable of meeting the cyber challenge, all of the cyber czars and organizational efforts will be for naught."
The study was drafted by the partnership and Booz Allen Hamilton, a strategy and technology consulting firm, as the Obama administration struggles to put together a more cohesive strategy to protect U.S. government and civilian computer networks.
Ron Sanders, chief human capital officer for the national intelligence director's office, said it is difficult to draw a link between the work force shortages and the increased cyber threats against the government.
"It's hard to say that there is any cause and effect there," said Sanders, adding that the U.S. probably will have to live with the nearly constant attacks. But, he said, the intrusions have heightened awareness of the problem, forcing officials to focus on the hiring needs.