The Coast Guard Leaves Cyber Unguarded
The U.S. Coast Guard is short of about a tenth of its cyber workforce, and the Government Accountability Office (GAO) believes there was no plan to plug that shortfall.
“Although central to effectively managing its cyberspace workforce, the Coast Guard has not developed a strategic workforce plan for [the cybersecurity] segment of the workforce, or fully used data and metrics to guide its planning efforts,” the GAO report said.
Of the service's cyber positions, 9% were unmanned. This happened because of a series of deficiencies, and five recommendations were offered to plug the shortfall, according to this report authored by the GAO's Heather MacLeod, acting director, Homeland Security and Justice; and David Hinchman, acting director, Information Technology and Cybersecurity.
The Coast Guard has included cyberspace among its operational domains since 2015, and it not only has the duty to protect its own operations from hostile actors but also the wider maritime transportation system and its vital logistics.
“The service already faces challenges in having unfilled positions. However, without using its workforce planning process to determine actual needs, it could be that the Coast Guard's actual vacancy levels are larger than realized. This could potentially affect the Coast Guard’s capacity to meet its cyber mission demands,” the report's authors told SIGNAL Media in an email.
The service, according to the GAO authors, “does not know what cyber workforce staffing levels it needs to meet its mission demands.”
The challenge has an estimated economic cost of $2 billion for the year 2020. The GAO report quotes information collected during its research and said that “according to the Coast Guard, over 500 cyberattacks occurred within the marine transportation system in 2020. It estimated that the cost of a data breach in general was about $3.9 million, on average.”
This case, although from a year when maritime traffic and logistics were depressed due to the pandemic, suggests that the urgency could only have increased as economic activity picked up after the global shutdown.
The service has undertaken actions since the report was circulated among stakeholders.
“The Coast Guard, like many federal agencies, is facing challenges recruiting personnel with cyber expertise. In response, the Coast Guard is creating a new enlisted rating and chief warrant officer specialty to address the demands faced within the cyber domain,” said Capt. Adam Morrison, deputy, Coast Guard Cyber Command, U.S. Coast Guard.
The report studied five areas related to cyber workforce recruitment and retention and evaluated their status.
Continuous recruiting and hiring early in the school year were among the strengths found in the force, as well as leveraging hiring flexibilities such as recruitment bonuses, relocation expenses and student loan repayments.
In an effort to address recruiting and retention challenges, the Coast Guard recently announced pay incentives for the civilian and active-duty cyber workforces.
Capitalizing on its strength, the service went further.
“In an effort to address recruiting and retention challenges, the Coast Guard recently announced pay incentives for the civilian and active-duty cyber workforces. This incentive is one example of initiatives the Coast Guard is pursuing to improve the health of the cyber workforce,” Capt. Morrison told SIGNAL Media in an email.
The remaining three recommendations are where the Coast Guard has struggled to perform.
As partial implementations, the Coast Guard has to completely establish and track metrics to monitor recruitment effectiveness and use data to inform workforce planning and strategic hiring.
Finally, planning and strategies to address all competency and staffing needs were where the GAO found the biggest shortcoming.
While the reaction was immediate, there are still several steps to complete and correct the situation, according to the GAO. The biggest problem is establishing exactly how many positions are required in this field and how to maintain workforce engagement among the enlisted, officers and civilians covering them.
This final action will be completed next year. “The Coast Guard anticipates completing a Manpower Requirements Analysis for its Cyber Command in August 2023 and plans to identify stakeholders and resources to assess options for additional analysis of the remaining cyberspace workforce,” said the GAO report.