I'm not convinced there is much of a shortage. During the last year at my previous job, we hired two firewall engineers. We had no shortage of candidates, and those were the ones that made it through the first filtering process. I personally looked at 6 resumes. Some of those folks had been unemployed or underemployed.
When I went job hunting late last year, I inferred from recruiter and hiring manager comments they were getting multiple applicants for a given opening.
All the while, salaries are creeping downward while position requirements are going up (this doesn't indicate a lack of geeks). DOD is particularly guilty of this. They want everybody who works in a infosec context to have a CISSP. Many positions require a college degree in CompSci, CIS, or Engineering. This is in an industry where formal education was not critical if you had the skillsets (partially because schools couldn't keep up with the required skillsets). Like I mentioned earlier, I know several fantastic engineers who have a GED or HS Diploma. Some only have the experience they gained doing IT as a soldier in the military. I was disqualified from a govt contractor position because I didn't have that degree (have a BBA and MBA and 13 years of relevant experience though).
Companies and govt need to get their heads out of their rear end. Salaries for IT folks NEED to be higher. Why? IT Jobs are generally not long term propositions. It is common for a position to be a 3-6 month contracting gig (where you pay for benefits and such). Also, technology is constantly changing. Many engineers have test labs at home so they can stay on top of the latest tech and methods (I built a virtual lab with Dynamips). Continuing education in the form of certifications is expensive (relevant books are $40-$100 each, the tests cost $100+ with many certs requiring multiple tests). A lot of folks would take less pay if they got some job security and weren't pressured to spend significant amounts of money on "education". They can't because they know "this" job might not last long or they'll be shelling out significant funds on training and education. It adds insult to injury when not only are the salaries low, but the requirements are so damn high (really? A CCIE and CISSP for a NOC position and you're only going to pay $90k? - yes, I saw such a job listing).
I suspect what DARPA is really saying is there is a shortage of overqualified applicants.
Edit to add: I'm in Northern Virginia, which has a robust IT market (fueled by .gov). I suspect the surplus is worse in other areas.
Chris