Thanks to Jeff Grove of ACM for pointing out this story (subscription req’d), by William New, in National Journal’s Tech Daily (sub req’d) covering remarks by Department of Homeland Security Chief Security Officer Jack Johnson, DHS Chief Information Officer Steve Cooper, and FAA Deputy Director Thomas O’Keefe suggesting the great need for information security professionals in government and increased cyber security research and development. Some choice quotes:
“There is an incredibly shrinking pool of IT security professionals in government,” said Jack Johnson, chief security officer at the Homeland Security Department. “The bench is not just thin; the bench is non-existent,” he added in a sports reference to backup players. “We need to train the next generation” of IT professionals.
Johnson said Homeland Security does not have the IT workforce to build the systems it needs and is “absolutely dependent” on help from the research and academic communities. The department contracts a lot of work outside government, he said, but there are a limited number of cleared contractors and high turnover of personnel.
Thomas O’Keefe, deputy director of the Federal Aviation Administration (FAA) office of information systems security, said more research and development, and more collaboration among researchers and industry, is needed on cyber security.
“The sharing amongst bad guys is growing,” he said at a SecureE-Biz.net conference. “The sharing amongst the good guys on procurement, technology and approach needs to grow at an equal or greater rate. My observation is we’re just not as good at it.”
O’Keefe said firms are reluctant to mention their vulnerabilities because it may “unnecessarily put concern in people’s minds.” His office is working with the National Science Foundation to boost cyber-security research, as it is “still very small,” he said. He and others on the panel predicted continually growing cyber attacks. “You’ve got to expect cyber storms,” he said.
The president last year signed a law authorizing a significant increase in cyber-security R&D funding, but it was not requested in the fiscal 2005 White House budget proposal.