Updated Dec 2, 2021 - Politics & Policy

U.S. faces urgent anti-hacker crisis

Illustration: Allie Carl/Axios

The Biden administration is accelerating efforts to fill nearly 600,000 vacant cybersecurity positions in the public and private sectors bogging down efforts to protect digital infrastructure.

Why it matters: Following a deluge of ransomware attacks targeting critical government and corporate infrastructure this year, clogs in the talent pipeline are leaving federal, cash-strapped local governments and Big Business even more susceptible to hacking.

  • The issue has emerged repeatedly in Senate and House hearings but received little public attention until recently.

What we're watching: Private companies like GuidePoint Security are trying one way to fill the void: training veterans leaving the military for careers in cybersecurity.

  • “It takes way too long to bring people into the federal government,” Cybersecurity and Infrastructure Security Agency director Jen Easterly told the House Committee on Homeland Security this month.
  • She said it's necessary to consider those who have the right technical skills and attitude but may lack a traditional educational background, or years of formal experience in the industry.
  • Women hold only 20% of all cybersecurity jobs, and just 3% of the federal government's IT workforce is under the age of 30.

Government, nonprofit and private entities also are partnering with community colleges and historically black colleges and universities (HBCUs) to cast a wider net across a range of socioeconomic and academic backgrounds.

  • Microsoft, for instance, has pitched in by providing free cybersecurity curriculum to every public community college.
  • A nonprofit, Public Infrastructure Security Cyber Education Systems, provides university students hands-on experience: monitoring real-time data on local government networks.
  • "The only way that I was ever successful in finding and identifying talent has been to find someone who I thought had the raw talent and criteria, and to train them up on technical skills," said Simone Petrella, chief executive at workforce training and development company CyberVista.

Driving the news: A job-tracking database funded by the Commerce Department shows there are nearly 600,000 U.S. cyber job openings nationwide.

  • The Department of Homeland Security recently launched a federal recruiting tool aimed at courting young, diverse talent.
  • DHS currently has about 1,500 cybersecurity-related vacancies, affecting the agency's efforts to protect the homeland.
  • A Senate audit found key agencies across the federal government continue to fail to meet basic cybersecurity standards, with eight of them earning a C- in the report.

Be smart: Historically, local and federal government entities have struggled to compete with private sector companies, where bidding wars for talent are commonplace.

  • Government employees also can face special background, ethics and cooling-off periods posing additional challenges for recruiters.
  • "At the local level, it is challenging for a lot of these local agencies to hire because the salary requirements aren't there," said Sam Olyaei, a director at Gartner Research.
  • "People know that if they work for a local agency, they're going to have to do everything. 'I'm going to be the analyst. I'm going to be the engineer. I'm going to be the leader.' And, that is not always attractive."

What they're saying: "We're playing a game of chicken," said Petrella, the CyberVista chief.

  • She's sought out those with music and accounting backgrounds to help fill the void.
  • "You have people coming out of school, saying, 'No one will interview me because I don't have enough experience,'" Petrella said. "And [employers] are saying, 'I don't have any talent.'"
Go deeper