Rep. Mark Green's forthcoming cyber workforce bill would put CISA in a key role overseeing cyber talent development.
The top lawmaker on the House Homeland Security Committee is planning to file legislation that would put the Cybersecurity and Infrastructure Security Agency in a key role helping to oversee a national cyber talent pipeline.
Two sources familiar with the plans of Chairman Mark Green (R-Tenn.) said his forthcoming cyber workforce bill aims to create something akin to a Reserve Officer Training Corps (ROTC) for the cyber workforce.
A committee aide, who was not authorized to speak publicly about the forthcoming bill, said the legislation would create a “skills-based, ROTC-like cyber talent pipeline.” The legislation also “leverage CISA as the nation’s federal cybersecurity agency to train, retain and attract cyber professionals, and promote collective defense for our federal civilian networks,” the aide added.
“We are looking at filling the cyber workforce gap across all federal civilian agencies, and CISA will play a role in that process,” the aide said.
Another source familiar with Green’s bill said the legislation would incentivize skills-based cybersecurity education at community colleges and vocational schools. The source said the planned program aims to help fill open cyber positions across federal, state and local government agencies.
CISA’s exact role is still unclear, as Green’s team continues to develop the legislation. But CISA is under the homeland security committee’s jurisdiction, as opposed to other federal workforce and education agencies such as the Office of Personnel Management or the National Science Foundation.
The program envisioned in Green’s bill would likely complement the NSF’s Cybercorps “Scholarship-for-Service” program, which funds scholarships for students at four-year colleges and universities. In return, those students agree to work at a federal agency upon graduation.
Green has said the workforce bill is his top priority this year. In July, Green and CISA Director Jen Easterly spoke about cybersecurity workforce shortages during a visit to Vanderbilt University.
“America’s cybersecurity workforce gap is a significant homeland security risk — a vulnerability for criminals and our adversaries to exploit,” Green said, per a press release from Vanderbilt. “The public and private sectors must join forces to bolster our cyber talent pipeline to develop, attract and retain the skilled professionals necessary to protect the critical infrastructure Americans rely on every day.
CyberSeek, a data project funded by the National Institute of Standards and Technology, estimates there are nearly 470,000 open cybersecurity jobs nationwide.
The workforce gap has featured prominently in cybersecurity policy conversations in recent years. The White House last year released a national cyber workforce and education strategy aimed at drawing more people into the cyber workforce.
“If we don’t tackle this, I’m worried we can’t tackle the policy and process challenges we have, without a skilled workforce,” Mark Montgomery, executive director of the Cyberspace Solarium Commission 2.0, said in an interview.
The forthcoming bill’s focus on “skills-based” training at community colleges and vocational schools aligns with federal and private sector initiatives to focus on skills during hiring, as opposed to just focusing four-year college degrees and experience.
The White House Office of the National Cyber Director and OPM are leading an effort to shift all government IT jobs to skills-based hiring by next summer.
“There is a bit of a reckoning happening around four-year degrees,” Tara Wisniewski, executive vice president of advocacy, global markets and member engagement for ISC2, said in an interview.
“People are starting to question the return on investment,” Wisniewski added. “People really need to be able to move much faster within cyber, and it’s actually about continuous learning, as opposed to a degree learning scenario. Those kinds of innovative strategies are really starting to come to the fore.”
While CISA does provide cybersecurity training and education programming, a potential role overseeing a national workforce pipeline would mark a major expansion for the cyber agency.
But Montgomery said CISA already has cross-governmental coordinating responsibilities.
“I think that they understand the security environment, the technology environment, so they might be in the right place to identify the types of schools and programs that could best serve future government service,” he said.
Wisniewski said CISA would also be well-positioned to use its regional footprint to connect with state and local education systems, along with local industry.
“If we focus on clusters, is that a way to make the connections that people seem to be struggling to make?” she said.
Growing the cyber workforce has been a largely bipartisan issue in Congress.
Lawmakers earlier this year re-introduced the bipartisan, bicameral Federal Cybersecurity Expansion Act. The bill would create cybersecurity registered apprenticeship program at CISA, as well as a pilot program at the Department of Veterans Affairs to provide cybersecurity training for veterans.
And earlier this week, the Senate Homeland Security and Governmental Affairs Committee advanced a bill that would require a plan for a federal cyber workforce development institute.
But any cyber workforce legislation, including Green’s forthcoming bill, faces a tight legislative window this fall amid the presidential election. But Congress in the past has agreed to attach cybersecurity legislation to must-pass defense authorization bills, as well as appropriations measures.
“If a chairman of a major committee is very interested in a topic, it has a chance,” Montgomery said of Green’s bill.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Follow @jdoubledayWFED