Federal Manager's Daily Report

A House report on the breaches of federal employee personnel records and background investigation records includes recommendations to improve the government’s cybersecurity workforce, some of which it said are already underway and should remain priorities.

The report by the Republican staff of the Government Reform and Oversight Committee, the result of a year-long investigation, lays out details of how the breaches occurred and what OPM and other responsible agencies did at various steps.

It concludes with numerous recommendations for IT practices, including assuring that highly able agency CIOs are in place; instituting a “zero trust” model for IT security; reducing the use of Social Security numbers by agencies; giving agencies greater leeway to deploy security improvements without having to bargain with unions; and strengthening the security of federal websites, among others.

Regarding the workforce, it suggests that employee assistance programs should provide financial counseling and education designed to help employees recognize, prevent and mitigate identity theft; and that agencies should make more use of “critical position pay” authority to fill especially high-demand positions, an authority it says Congress may need to expand.

It also noted the recently announced OMB-OPM cybersecurity workforce strategy that stresses use of special hiring authorities, standardization of job classification in the field and an inventory of the cyber workforce government-wide. Congress and the executive branch should work to complete those initiatives, it says, and further “should consider non-traditional mechanisms to recruit and retain cyber talent.

“Such mechanisms should complement private sector experience rather than compete with the private sector, recognize the need to quickly hire top talent, and provide an opportunity for public service to those in the private sector,” it says.