What's Happening?
A recent report from the Government Accountability Office (GAO) highlights significant gaps in data collection regarding the cybersecurity contractor workforce across federal agencies. The audit, which excluded the Department of Defense, found that 22 out of 23 Chief Financial Officers Act agencies reported either partial or no data on the size and costs of their contractor cyber workforce. The Office of Personnel Management was the only agency to provide what it considered comprehensive data. The GAO attributes these data gaps to the lack of agency-wide reporting mechanisms and the structure of contracts, requiring manual reviews or agency-wide data calls. As of April 2024, agencies reported employing 63,934 federal cyber practitioners and 4,151 contractor staff, costing approximately $9.3 billion and $5.2 billion, respectively. However, the GAO warns these figures are incomplete and unreliable.
Why It's Important?
The lack of comprehensive data on the cybersecurity contractor workforce poses challenges for federal agencies in making informed decisions about staffing and resource allocation. This issue is critical as cybersecurity threats continue to evolve, requiring robust and well-informed workforce strategies. The GAO's findings suggest that without accurate data, agencies may struggle to assess the effectiveness and cost-efficiency of their cybersecurity initiatives. This could impact the federal government's ability to respond to cyber threats effectively, especially during transitions in administration when new leadership needs assurance of preparedness and cyber readiness.
What's Next?
The GAO has made four recommendations to the Office of the National Cyber Director (ONCD), urging collaboration with the Office of Management and Budget (OMB) and federal agencies to formalize data collection processes and assess the cost-effectiveness of cyber workforce initiatives. While ONCD has recognized the importance of quality data, issues remain with data gaps and quality assurance processes. Addressing these recommendations is crucial for ensuring agencies have the necessary information to support workforce decisions and enhance cybersecurity readiness.
