Critical DOD cybersecurity functions safe from hiring freeze

Defense Department civilian jobs “critical” to cybersecurity are safe from the governmentwide hiring freeze, according to a new memorandum released publicly Thursday.

“Positions required for cybersecurity and cyberspace operations or planning,” and jobs “required for execution of the cyber and intelligence lifecycle operations, planning or support” are exempt according to the memo out of the office of Deputy Defense Secretary Bob Work.

The memo doesn’t exclude wholesale all DOD cybersecurity vacancies, but “positions deemed critical to the execution of the function listed.” In Thursday’s memorandum guiding the department’s implementation of President Donald Trump’s across-the-board federal hiring freeze, other positions at the DOD made the exemption list, including those required for space operations and others assigned to nuclear reactor and nuclear weapon safety and security.

Military personnel were already exempt under Trump’s memorandum, and administration officials clarified in a memo Tuesday that exemption extends to “military personnel in the armed forces and all Federal uniformed personnel.”

And officials who grant exemptions under the exempt functions section of the new DOD memo have to be ready to justify those choices on a position-by-position basis, according to the memo. Those officials are also going have to submit reports on a bi-weekly basis.

According to the memo, “in addition to numeric metrics, reports will afford delegated officials the opportunity to provide narrative inputs assessing mission risk and readiness impacts of the hiring freeze.”

It is unclear if the function exceptions to the freeze issued today would specifically exempt the National Security Agency, whose primary function is to provide intelligence. An NSA spokesperson told FedScoop via email the agency received notification of the order, and is “looking into the specifics of it and still working to determine any exemptions.”

And it is also unclear what kinds of positions exactly would fall under “cyberspace operations or planning.”

During a House Oversight and Government Reform committee hearing Thursday to review the Office of Personnel Management’s IT security, Rep. Carolyn Maloney, D-N.Y., seemed to be looking to answer how the hiring freeze would impact cybersecurity readiness at federal agencies.

She asked how the hiring freeze would affect government’s ability to improve its IT security — in particular, if being unable to hire top security talent would hinder the government’s ability to protect itself.

She also suggested the committee chairman should consider submitting a request for an exemption to the hiring freeze for cybersecurity positions.

“That is of concern to all of us, of how to keep the pipeline coming in there,” said David DeVries, chief information officer of OPM. While DeVries said federal government has made some strides in hiring cybersecurity talent, he said there is still more work to be done.

Maloney also asked if cybersecurity is considered to fall under national security, one of the hiring freeze’s main exemptions. In the case of DOD, according to its memo it thinks cybersecurity is a function “determined by the secretary of Defense to be necessary to meet national security or public safety responsibilities.”

“Well agency heads are able to make that determination, and to exempt those positions that are deemed to be national security,” said Kathleen McGettigan, acting director of the Office of Personnel Management. And if an agency head feels a cybersecurity position isn’t a national security position, they can ask for OPM to review an exemption.

McGettigan said she is not aware of anyone asking for an exemption so far — she has not seen any requests.

At an AFFIRM luncheon last week Veronica Villalobos, principal deputy associate director at OPM, said that in fiscal 2016 the government had a goal of hiring 6,500 people in federal cybersecurity roles. They’ve hired about 7,600, she said.

“Between the federal government and private sector we think we’re going to need about a million people in this field in the next several years,” she said. “In the federal government we’ve been trying to close that gap.”