Shutdown jeopardizes US cybersecurity leadership
A prolonged government shutdown, now in its eighth day, could demoralize the federal cybersecurity, defense and intelligence workforce, forcing many experienced personnel to seek employment in the private sector and drying up the talent pool of young, technology-savvy students willing to plan a career in the federal government, a bipartisan group of lawmakers and government officials warned today.
The government shutdown has “been a very destructive exercise” for the defense and intelligence communities, said Rep. Adam Schiff, D-Calif., speaking at the Cyber7 event in Washington, D.C., sponsored by Politico. The shutdown has exacerbated the situation by adding furloughs to the many other challenges facing the cybersecurity, defense and intelligence workforce, including low morale, stagnant wages and the ever-present threat of sequestration.
“The most damage is to the morale of the workforce,” said Gen. Keith Alexander, director of the National Security Agency and commander of U.S. Cyber Command. “We’re making it hard for them to stay with the government, and that’s wrong.”
And while NSA remains capable of attracting world-class cybersecurity professionals — receiving close to 40,000 applications for 2,000 job openings — Alexander said the government’s treatment of its workforce as reflected in the furlough of some 350,000 workers may have an impact on the ability of government to recruit the best and the brightest.
“How do you get good talent to come to the government when you treat [employees] like that?” Alexander said.
Rep. Michael McCaul, R-Texas, chairman of the House Committee on Homeland Security, said the Department of Homeland Security has lost approximately 57 percent of its cybersecurity professionals as a result of the shutdown.
Meanwhile, the intelligence community — civilian and contractors — saw more than 60 percent of its workforce furloughed, said Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee. “That’s dangerous and it should not be allowed to continue,” he said. “You can’t take that many people out of the work the intelligence community does and not have an impact. We have other folks trying to fill the holes with longer hours, but given the threat matrix we face today, I think we need to work through this thing very quickly.”
Jay Kaplan, a former NSA analyst who now serves as CEO of Menlo Park, Calif.-based Synack Inc., acknowledged that while there is a lot of innovation happening inside the federal government, the question is how can agencies keep experienced and talented individuals.
“It comes down to the government paying the same salary as the [private] workforce,” said Kaplan, whose company provides financial incentives, or bounties, for uncovering vulnerabilities in software. But surprisingly, Kaplan’s company isn’t looking in the U.S. for its hacking talent as much as it used to, he said. “A large percentage of the ‘real talent’ is in China and Russia, and that’s what we’re trying to tap into.”
That’s a real, fundamental problem for the future of U.S. national cybersecurity, said Tom Kellermann, vice president of cybersecurity for Trend Micro. “The best hackers in the world don’t join the government,” Kellermann said. “They go to the private sector or they go underground,” he said.
“In Russia, you’re treated as a national asset,” Kellermann said, referring to hackers. The U.S., on the other hand, is operating a cybersecurity workforce that is at 75 percent strength of what was already “our B Team,” he said.