WASHINGTON, D.C. — Today, House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) delivered the following opening statement on behalf of Chairman Mark E. Green, MD (R-TN) in a hearing to examine the nation’s cybersecurity workforce shortage, solutions to grow the workforce, and help the United States maintain an edge in the cyber domain.

Watch Subcommittee Chairman Garbarino deliver Chairman Green’s full opening statement.
 

As prepared for delivery:

Experts predict that by the end of 2024, a cyberattack will strike every 13 seconds. That’s 6,822 attacks a day, or about two million by the end of the year.

It’s easy to believe those predictions by looking at where we are today. Whether it is Chinese-backed Volt Typhoon infiltrating our critical infrastructure, or major ransomware attacks such as the Change Healthcare breach, today’s complex and growing cyber threat landscape has brought America to an inflection point. To stay ahead of our adversaries, we must improve our cyber defenses.

Throughout our history, America’s best defense during any conflict has been its people. Our fortitude, work ethic, and dedication make us resilient in the face of any threat. Therefore, increasing competition in cyberspace is not – and cannot – be any different. The challenge is too big for the public and private sectors to address alone, and our cyber professionals must be equipped with the right tools and skills, and offered the right incentives, to succeed.

It is alarming, then, that our nation is suffering from such a massive cyber workforce gap. We currently need at least 500,000 cyber professionals if we hope to protect and defend our way of life. Now, that’s not just any 500,000 people – we need  500,000 skilled, talented cyber workers dedicated to contending with the threats of today while preparing for the threats of tomorrow.

During World War I, walls were papered with the iconic poster of Uncle Sam, pointing his finger at every passerby declaring “I WANT YOU.” It was a call to action that was born out of a time of national crisis. And it was a call that Americans answered.

We find ourselves in a similar moment today. Our nation needs a capable cyber workforce to defend the digital infrastructure we depend upon daily. We need Americans in critical areas like cloud computing, artificial intelligence/machine learning (AI/ML), and Zero Trust. We need students with fresh skills and bright ideas. We need tenured professionals with deep-seated expertise. We need mid-career individuals who are inspired to enter the cyber field and have the zeal to learn new skills. And we need Americans to fill entry-level positions that shouldn’t require a four-year degree.

America’s need for cyber talent is greatest within the federal government. Agencies are facing some of the toughest threats in recent history, each with mounting sophistication and frequency. While agencies work to protect themselves from threats such as malicious insiders, supply chain exploitation, and commercial spyware, they are also protecting, mitigating, and defending against these threats for state and local organizations, small businesses, and civilians.

This is a large mandate for such small ranks.

So why are we having trouble bringing talented cyber workers into public service? Defending our networks requires us to examine this question closely.

There are a few key issues at play that I hope our witnesses will discuss further today. While cybersecurity positions are coveted and pay above average levels in many cases, federal cybersecurity pay is just not high enough to compete with similar private sector positions and attract the right talent.

Additionally, federal agencies experience an acute skills gap because agencies have historically valued four-year degrees over practical experience. This has unnecessarily narrowed the pool of prospective hires to those who may have the on-paper knowledge, but not the requisite competencies. Federal hiring practices compound the issue, often resulting in a bureaucratic, burdensome process that misaligns what agencies say they need with what they actually need.

Finally, while career pathways into federal cyber jobs are improving, this simply isn’t happening fast enough. The pathways are few and notoriously slow.

While much more needs to be done, both sides of the aisle have recognized that a robust and prepared cyber workforce is at the core of protecting our security interests.

In 2017, President Trump issued an “Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” which addressed the growth and sustainment of a skilled cyber workforce. In July 2023, the White House released the National Cyber Workforce and Education Strategy (NCWES) which outlines a roadmap to expand the national cyber workforce, including bolstering access to cyber education and training.

Federal agencies have also taken this challenge upon themselves. For example, NSA’s National Centers of Academic Excellence in Cybersecurity (NCAE-C) collaborates with academia to encourage cyber competency development among students and actively engage in solutions to cyber workforce challenges. This program has become the gold standard in cybersecurity education, which is why I think it is important we codify it in law. While my NDAA amendment was not included this year to do just that, I am now exploring other pathways.

As an Army veteran, I believe an ROTC-like program would be an effective and rewarding way to build a prepared cyber workforce across the federal government. Although we have programs that fall under this category today—such as the CyberCorps Scholarship for Service program—we must maximize and scale these efforts, improve retention, and potentially establish other ROTC-like programs quickly to fill specific skills gaps and critical positions.

As Chairman of the Committee on Homeland Security, I know that protecting the cyber border is just as important as our efforts to secure our physical border. That is why accelerating the United States’s efforts to address the cyber workforce gap has been my top priority this year – so much so that I will soon be introducing legislation to grow our cyber workforce and sustain a steady pipeline each year.

I want to thank our witnesses for being here to help us understand the challenges you have experienced, initiatives you have undertaken, and opportunities you see to strengthen our cyber workforce. Your agencies have played a leading role in promoting cyber workforce efforts, so I have no doubt that your unique perspectives will help us chart the path to cultivate a cyber workforce that is prepared to protect and defend our nation from increasingly complex threats in cyberspace.

###