The Government Accountability Office has recommended a number of large government agencies make improvements to its cybersecurity workforce planning in an effort to improve protection of computer networks.
GAO also found problems with the way the agencies conduct cybersecurity workforce planning.
“All agencies had defined roles and responsibilities for their cybersecurity workforce,” GAO said. “But these roles did not always align with guidelines issued by the federal Chief Information Officers Council and National Institute of Standards and Technology (NIST).”
GAO studied eight Cabinet-level agencies, including the Departments of Defense and Homeland Security.
The issue with cybersecurity workforce size stems from variations in how agencies define work and the lack of an occupational series specific to cybersecurity, GAO said.
“All of the agencies GAO reviewed faced challenges determining the size of their cybersecurity workforce because of variations in how work is defined and the lack of an occupational series specific to cybersecurity,” the report said. “With respect to other workforce planning practices, all agencies had defined roles and responsibilities for their cybersecurity workforce, but these roles did not always align with guidelines issued by the federal Chief Information Officers Council and National Institute of Standards and Technology (NIST).”