Secretary of Homeland Security Jeh Johnson said on March 8 that his department is making progress when it comes to protecting the nation from cyberattacks, but the federal government still lacks the manpower it needs to address the growing issue.
With private-sector salaries enticing cyber talent away from federal service, Homeland Security Secretary Jeh Johnson said the government should focus on one characteristic when recruiting cyber warriors: a love of country.
A love of country should be the one characteristic the government focuses on to recruit cyber warriors, according to Homeland Security Secretary Jeh Johnson.
"We've got terrific career people, but I agree with what [Sen. Tom Carper, D-Del.] said, which is that we ought to appeal to people's sense of patriotism," he said. "[We can say], 'Hey, how about spending a couple of years serving your country, working for the government in cybersecurity, which will better enable you to get that terrific job later on in the financial sector, in the private sector with some terrific cybersecurity firm in Silicon Valley."
Johnson spoke on the issue during a March 8 appearance before the Senate Committee on Homeland Security and Governmental Affairs to discuss his department's budget for 2017.
That budget includes $274.8 million for the Continuous Diagnostics and Mitigation program to protect federal ".gov" networks and another $471.1 million for the National Cybersecurity Protection System, known as Einstein, to protect federal IT networks.
But the issue of finding the talent to populate DHS's cyber defense arose in the hearing, as cyber experts are becoming an increasingly high demand with growing intrusions and hacks.
"We are competing in a tough marketplace against a private sector that is in a position to offer a lot more money," Johnson said.
"[Under Secretary for the National Protection and Programs Directorate] Suzanne Spalding and her people are making very aggressive efforts to A: implement the 2014 [Cybersecurity Enhancement Act of 2014] legislation we passed and B: in the interim, do a lot of things in terms of recruitment, expediting the hiring process and so forth. We need more cyber talent without a doubt."
Cybersecurity had been a priority for the administration prior to the 2017 budget, with the Cybersecurity Enhancement Act of 2014 emphasizing recruitment of cyber talent, but recent attacks like last summer's Office of Personnel Management hack have put the spotlight on the vulnerability of federal and private IT systems.
This includes cCritical infrastructures also have , which has come under greater scrutiny in the wake of the Dec. 23 cyber hack of the Ukrainian power grid.
Sen. Ron Johnson, R-Wisc., cited the attack, and other concerns, as examples of the importance of protecting critical infrastructure at home.
"You take a look at the potential of solar storms with geomagnetic disturbances. Let's look at North Korea with ballistic missile technology and nuclear capabilities. I'm concerned about Iran. There are reports that they have tested SCUD missiles off of ships, off of shore," he said. "These threats are real."
The senator also asked for an update on how the department was addressing recommendations from the EMP Commission, following a July 2015 Government Accountability Office report that said DHS "has not fully coordinated with stakeholders" of critical infrastructure.
The secretary said that DHS is working with critical infrastructure to share information about threats and bolster the system from an attack.
"We are better than we were, but there is more to do," he said. "Since the earthquake in Japan in 2011, there were a lot of lessons learned by the U.S. government and the private sector for critical infrastructure utilities here.
"Since that, which was sort of a seminal event, we've done a lot more partnering with the private sector to work with them. Sharing best practices, sharing information about the potential of a cyberattack on power grids. So we are in a better place than we were."