In examining eight federal agencies with the highest information technology budgets, the Government Accountability Office found that none of the agencies know the size of the cyber workforce they have since there is no clear definition of what a cybersecurity professional is doing, according to a recent FierceGovernmentIT report.
In the GAO report, the group indicated that” the ability to make federal IT infrastructure and systems secure depends on the knowledge, skills, and abilities of the federal and contractor workforce that implements and maintains these systems.”
While security is dependent on the workforce, the GAO found that none of the agencies examined could accurately account for the number of cybersecurity personnel they had. This issue is being attributed to the recently discussed notion that there is not a clear definition of what defines the cybersecurity and IT workforce.
“All of the agencies GAO reviewed faced challenges determining the size of their cybersecurity workforce because of variations in how work is defined and the lack of an occupational series specific to cybersecurity,” said the report.
The report went on to say that all agencies also “had defined roles and responsibilities for their cybersecurity workforce, but these roles did not always align with guidelines issued by the Federal Chief Information Officers Council and National Institute of Standards and Technology.”
In efforts to better define this workforce, NIST released a taxonomy draft, which the GAO indicated is lacking in that it does not define tasks or “milestone for implementation,” according to the Fierce report.
The GAO recommends varying measures for each agency to take in order to tackle the problems identified, but the overall theme of the suggestions harp on defining accounting for IT work.