If California were its own country, it would have the fifth largest economy in the world, behind only the United States, China, Germany and Japan. This makes California’s ports, public sector, businesses and consumers the targets of both domestic and foreign cybersecurity threats that look to exploit vulnerabilities in software or steal valuable data. Currently, the seat of California’s Cybersecurity chief lies vacant without a permanently appointed member. With the growing demand for cybersecurity in the era of artificial intelligence (AI) and the lack of financial incentives from the government to attract cybersecurity experts, Gov. Newsom faces a clear dilemma that he must solve quickly.
While California officials urge Californians not to worry about their government’s ability to respond to cyber-attacks while an acting Commander is in charge, they were unable to provide an updated number of data breaches when CalMatters reporters requested such information. The California Cybersecurity Integration Center’s (Cal-CSIC) Mission, as stated on its website, “is to reduce the number of cyber threats and attacks in California” while having a focus “to respond to cyber threats and attacks that could damage the economy, its critical infrastructure, or computer networks in the state.” According to the state’s recent commitments to addressing cybersecurity issues, these statements ring hollow.
The task of Cal-CSIC is to receive multi-level reports from state agencies, businesses and public schools and then decide how to respond to them with the tools at their disposal. The tools that they can use include state-wide advisories, alerts and documentation of the types of cybersecurity attacks in order to inform future responses to such threats. However, these tools are currently being wielded by entry-level employees with limited experience in effectively deploying them, hindering the state’s ability to effectively respond to threats. The Governor’s Office, which is in charge of staffing the Cal-CSIC, faces multiple challenges in staffing efforts, including competition from the private sector.
The notion that the private sector might contribute to the “brain drain” of our state government’s capability to respond to cyber threats should be holistically concerning to Californians. The reason is simple: emerging professionals with the needed training in cybersecurity techniques are being attracted to a higher-paying private sector. While it varies by city, salaries for Data Security Analysts across California range between 140,000 and 205,000, while the Cal-CSIC Commander position offers a salary of $187,000, according to a Cal-CSIC posting. If the top position in Cybersecurity for the California state government cannot match up to private sector job postings in cities like Los Angeles, San Francisco, San Diego or San Jose, then it is no surprise that the Governor’s Office is failing to recruit a commander with the appropriate capabilities that are in high demand.
In developing Cal-Secure, a multi-year roadmap for cybersecurity and protecting Californians, an apparent focus was given to addressing the aforementioned personnel and recruiting obstacles. The roadmap proposes that the state government must redirect its focus to increasing opportunities for cybersecurity professionals, developing capabilities and expanding cybersecurity training. While it briefly mentions competition with the private sector, this problem must be a priority for Gov. Newsom. It is undeniable that the task of Commander of Cal-CSIC accords a list of qualities requiring someone to be adept to a changing digital environment and trained in best practices to defend California infrastructure. Still, Californians need someone in charge who can be held accountable.
To avoid a “brain drain,” Newsom should provide the easy incentive that ensures government bureaucracy is higher-paying than that of the private sector. Even if a bidding war might be pursued due to the limited supply of talent, the increasing importance of maintaining a resilient Cal-CSIC should be a priority for Newsom and Californians. Having a permanent leader to make an organization function cohesively is paramount to any leadership structure and the fact that private companies could be winning this “talent war” is alarming, to say the least.
