DHS Needs to Improve Cybersecurity Workforce Planning

DHS has not fully met requirements of the Act to assess its cybersecurity workforce and develop a strategy to address workforce gaps. The Department has not submitted annual workforce assessments to Congress by the statutorily defined due dates for the past four years. DHS did not include all required information in the submitted assessments. Further, the Department did not submit an annual cybersecurity workforce strategy to Congress, as required between 2015 and 2018. We made three recommendations to the Chief Human Capital Officer to timely complete the required cyber workforce assessments and strategies by assigning necessary staff resources, establishing a department-wide and coordinated approach to compiling centralized cybersecurity workforce data, and conducting oversight of component stakeholders to ensure department-wide commitment to addressing legislative reporting and data submission requirements. The Department concurred with all three recommendations.