Lawmakers want to create cyber training programs at the Cybersecurity and Infrastructure Security Agency and Department of Veterans Affairs to bolster the federal workforce, through legislation introduced Friday.
The Federal Cybersecurity Workforce Expansion Act would launch a registered apprenticeship program at CISA and a veteran training pilot at the VA with costs to be determined.
Recent supply chain attacks like the SolarWinds hack, targeting agencies through a government contractor, underscored the lack of cyber talent at the federal level on down, with more than 500,000 job openings nationally, according to the National Institute of Standards and Technology.
“In order to bolster our cyber defenses and protect our critical infrastructure, we need to increase the number of cybersecurity professionals in the federal government,” said Sen. Maggie Hassan, D-N.H., in a statement. “This bipartisan bill will also help address the workforce challenges in the veteran community by standing up a cyber-training program at the VA to help veterans secure good-paying, stable jobs, and I urge my colleagues to join me in supporting this legislation.”
Hassan, who chairs the Subcommittee on Emerging Threats and Spending Oversight, is cosponsoring the bill with Sen. John Cornyn, R-Texas.
Should the bill become law, CISA would have two years to establish at least one apprenticeship program leading to employment at the agency or a company contributing to national cybersecurity and mostly funded by an contract, grant or cooperative agreement with the agency. The program must also meet CISA’s cyber work role needs and be registered with the Department of Labor’s Office of Apprenticeship or a similar state agency.
DOL, NIST, the Pentagon, National Science Foundation, and Office of Personnel Management would be expected to share resources with CISA, which may issue grants or cooperative agreements to companies or other entities to execute the program.
CISA would also need to report to Congress on the results of the program, including continued employment rate, every two years, as well as submit annual performance reports.
Under the act, the VA would have one year to create a pilot program providing cyber training using virtual platforms, hands-on skills labs and assessments, and federal work opportunities. Graduates would receive cyber credentials.
The program is expected to align with NIST’s National Initiative for Cybersecurity Education (NICE) Workforce Framework, and the VA would work with the Pentagon, Department of Homeland Security, DOL and OPM to make it a reality. Veterans and retiring active duty military personnel would be eligible.
A 2019 report from the Government Accountability Office examined the shortage of federal cyber talent. In May 2021, DHS announced a 60-day sprint to hire 200 cyber employees — 100 of them at CISA.