Solarium Successor Urges NCD, Congress to Enhance Federal Cyber Workforce

The Cyberspace Solarium Commission (CSC) 2.0 released its most recent report last week. The CSC is an offshoot of the congressionally chartered panel and housed at the nonprofit Foundation for the Defense of Democracies. As in the previous iteration, CSC 2.0 emphasizes the need to develop shared resources and increase investments in a cyber workforce, including continuing the public-private partnership in cybersecurity.

 The 43-page report includes recommendations for the national cyber director, Congress, and the private sector, which, if adopted, will improve the recruitment, retention, and performance of cyber workers in both the public and private sectors. The recommendations for the Office of the National Cyber Director (NCD) aimed to educate and develop the nation's cyber workforce, expand hiring authority for cyber-related positions, and set pay rates for the most in-demand positions. Namely, calling on the NCD to work with the Office of Personnel Management (OPM) to enhance coding structures for cybersecurity jobs and to train human resource specialists to hire cybersecurity experts.

CSC 2.0 recommendations include:

• NCD should establish a process for ongoing cyber workforce data collection and evaluation; establish leadership and coordination structures; and create a cyber workforce development strategy for the federal government;

• Congress should amend the Federal Cybersecurity Workforce Assessment Act of 2015; increase support for the Cybercorps: Scholarship for Service program; provide incentives to develop entry-level employees into mid-career talent; and,

• Partners in the private sector should increase their investment in the cyber workforce and develop shared resources.

CSC 2.0 comes at a time when the federal government is facing a shortage of cyber talent with nearly 39,000 vacant positions. This poses a national security risk, “particularly when they occur in critical-infrastructure systems or supply chains upon which that infrastructure exists,” according to the report.

Over the years, legislation impacting the  cybersecurity workforce has passed into law such as as the Cybersecurity Enhancement Act of 2014 and the Federal Cybersecurity Workforce Assessment Act of 2015. There are several bills under consideration to boost the cyber workforce, including the America COMPETES Act of 2022 and the Federal Cybersecurity Workforce Expansion Act.