President Trump's blanket civilian hiring freeze may hurt federal agencies already struggling to recruit enough skilled cybersecurity professionals for the nation's digital defenses.
While agencies can allow exemptions for national security reasons, some of the 1,099 unfilled cybersecurity jobs in the government may not fall into the category of essential personnel.
When it comes to cybersecurity, says Davis Hake, a former National Security Council (NSC) aide, "we can't afford a brain drain and we can't afford to slow down."
During the Obama administration, Mr. Hake coauthored an independent, bipartisan cybersecurity agenda for the incoming president in January that recommended the departments of Homeland Security, Education, and Veterans Affairs launch a landmark cybersecurity workforce initiative to expand the pipeline of government and private sector cybersecurity workers.
The freeze that Mr. Trump imposed Monday does not apply to the military. But the Pentagon "is still working to determine the full scope of the hiring freeze" for the Defense Department’s Cyber Command, which employs about 770 military and civilian government personnel, as well as 435 contractors at headquarters, CYBERCOM spokesman Joe Holstead said. The command had “a few” civilian job openings.
The intelligence community, which includes defense and civilian agencies, also awaits further instructions on staffing allowances.
"We have received the notification of the order and are looking into the specifics of it and still working to determine any exemptions," said National Security Agency spokesman Mike Halbig in an email.
According to the Office of Director of National Intelligence (DNI) jobs webpage, seven inspector general slots, including IT auditor positions, were open to outsiders.
The potential cap on tech brainpower comes on the heels of an assessment by the National Intelligence Council, part of the DNI, that Russia and China over the next five years will embrace digital disruptions for “conducting conflicts and sowing instability.” This “gray zone” aggression – falling below a declared state of war – will “bring profound risks of miscalculation,” predicts the council’s global trends report, which is released every four years.
Earlier this month, Trump, for the first time, after months of dismissals, appeared to accept DNI findings that the Kremlin influenced the US presidential elections through a campaign of leaked emails and political misinformation.
A lid on hiring cyber warriors would represent a major change of course from previous congresses and administrations, including the Bush White House.
The Center for Strategic and International Studies (CSIS) Cyber Policy Task Force, which published the cybersecurity recommendations for the 45th president, estimated in a 2010 report to President Obama that the nation is short somewhere between 10,000 and 30,000 skilled cyber professionals. The Obama administration in 2016 hired more than 6,000 new information security professionals.
Hake, formerly of the NSC, anticipates Homeland Security Committee Chairman Rep. Mike McCaul (R) of Texas, a CSIS task force cochair, Congressional Cybersecurity Caucus Cochair Rep. Jim Langevin (D) of Rhode Island, and Trump policymakers will somehow continue progress made in attracting the best computer whizzes to the civil service. (Hake served as Langevin’s aide earlier in the Obama administration.)
"I know that there have been some people involved on Trump's team and Trump's planning staff that really understand that, so I'm hopeful that as more specific guidance comes out that maybe this decision is reversed for cyber personnel," said Hake, now codirector of the Truman National Security Project's cybersecurity expert group.
The Office of Personnel Management (OPM) may grant other exclusions from the freeze "where those exemptions are otherwise necessary,” according to a Monday presidential memorandum. Passcode has asked OPM and the White House if they expect to make an across-the-board exception for the hiring of cybersecurity personnel. The agency and the administration have not responded.
Hake worries that the uncertainty of the hiring freeze could compel many of the government's active cybersecurity practitioners to head for the exits.
While he served on the NSC, agencies constantly struggled to bring on more staffers, he said, “to deal with the capacity of this issue, so telling the people that are currently there that help isn't coming anytime soon can certainly be demoralizing.”