Demand for cybersecurity talent has made federal agencies not only competitors with the private sector but also with each other.
Sen. Gary Peters, D-Mich., wants to ensure the federal market for cyber talent doesn’t create an environment of have-and-have-not agencies that could leave networks open to attack. So, he’s pushing legislation that would allow them to effectively share cyber professionals.
The Federal Rotational Cyber Workforce Program Act — co-sponsored by Sen. John Hoeven, R-N.D., and reintroduced from a 2018 version of the bill— proposes to create a system that would allow cyber experts to rotate to different federal agencies on detail assignments with the goal of helping bolster their cyberdefenses.
The bill cleared the Senate Homeland Security and Governmental Affairs Committee by a unanimous vote Wednesday.
“Government agencies of all sizes are at risk of a breach that could jeopardize the sensitive information they are trusted with, and these threats will only continue to grow,” Peters said on the Senate floor Wednesday. “We need skilled cyber professionals in place to shore up our cyber protections, fortify our legacy systems and build new and innovative infrastructure with safety and security in mind.”
As both networks and the cyberthreats against them grow more advanced, the market for cyber professionals has become restricted by a quest for talent. Peters quoted estimates of a global talent shortage of 3 million cyber positions, a scenario that has left the public and private sectors in a scramble to acquire skilled professionals.
The Federal Rotational Cyber Workforce Program Act, which a spokesperson for Peters said is identical to its November 2018 committee version, envisions a rotational system that would allow federal cyber talent to apply for duty assignments of no shorter than 180 days and no longer than a year. The chief human capital officer at the detailing agency could extend that service by 60 days if approved by the CHCO from the employing agency.
The goal of the rotations is two-fold: to provide smaller agencies with fewer resources access to qualified cyber talent and to train existing cyber talent with a wider range of skills that can be applied across the enterprise.
The legislation taps the Office of Personnel Management, the CHCO Council and the CIO of the Department of Homeland Security with establishing a rotational program that focuses on certain cyber skills, sets up a merit-based system for applicants and establishes the training structures needed to coach up applicants.
“I think it’s a good idea,” said Jason Briefel, executive director of the Senior Executives Association, who has tracked past efforts to allow Senior Executive Service members to rotate between agencies for professional development and wider skills-sharing.
Where the bill succeeds, he said, is in its efforts to ensure that cybersecurity professionals can return to their employing agency once a detail is complete, combating the reticence he said some SES members had in rotating out of jobs they preferred for new assignments.
“I think the joint duty model actually makes a lot more sense,” he said. “ It can help facilitate the cross-pollination of talent, networks of individuals, awareness of different ways to tackle some of these cyber challenges at agencies and to prevent having these situations where there are kind of winner-and-loser agencies based on who has a better authority or pay-cap.”
The bill also tacks on written service agreements that require employees applying for a rotation detail to agree to return to their employing agency for a designated period of time once the rotational detail is complete, a move that Briefel said helps agencies retain their cyber talent instead of watching them be immediately hired away by the private sector.
“I think one of the frustrations that many agencies have felt is that they will train someone up only to see them depart and go into industry,” he said. “So kind of creating incentives to keep folks within government, but also not tying a lead weight to their leg and chain them there, I think it strikes the right balance.”
The bill comes after a number of administration initiatives to bolster federal cyber talent, including additional hiring authorities and a reskilling academy.