HR 3208 Introduced
DHS Cybersecurity OJT
Earlier this month, Rep Jackson-Lee (D,TX) introduced HR 3208, the DHS Cybersecurity On-the-Job Training Program Act. The bill would establish in CISA “the ‘DHS Cybersecurity On-the-Job Training Program’ to voluntarily train Department employees who are not currently in a cybersecurity position for work in matters relating to cybersecurity at the Department.” No funding would be authorized by this legislation.
While this title of this bill is similar to that in HR 117, the DHS Cybersecurity On-the-Job Training and Employment Apprentice Program Act, introduced by Jackson-Lee in the last session, there are significant differences between the two bills. That bill saw no action in the 117th Congress.
Definitions
The bill would amend the Homeland Security Act of 2002 by adding a new §2220F, DHS Cybersecurity on-the-Job Training Program. There are no definitions included in that new section.
The Program
Section 2220F(a) would establish in CISA the ‘DHS Cybersecurity On-the-Job Training Program’. In support of the that Program, CISA would be required to:
Shall develop criteria for participation in the Program,
Provide cybersecurity training to employees of the Department and may, as appropriate, provide cybersecurity training to other Federal employees and
Annually, for seven years, submit to Congress on the progress of the program.
DHS would, in support of the Program, be required to:
Submit to the Secretary an annual report on the status of vacancies in cybersecurity positions throughout the Department,
Support efforts by the Director to identify and recruit individuals employed by the Department to participate in the Program,
Implement policies, including continuing service agreements, to encourage participation in the Program by employees throughout the Department, and
Conduct outreach to employees who complete the Program regarding cybersecurity job opportunities within the Department.
Moving Forward
Jackson-Lee and three of her six cosponsors {Rep Payne (D,NJ), Rep Thompson (D,MS), and Rep Clarke (D,NY)}, are members of the House Homeland Security Committee, to which this bill was assigned for consideration. This means that there could be sufficient influence to see this bill considered in Committee. While I see nothing in this bill that should engender any organized opposition, it seems odd that there are no Republican cosponsors for the bill. While this is a divided House, I still expect to see bipartisan support for bills like this which seem to be inherently non-partisan. That there are no Republican sponsors makes me suspect that there are issues here that I cannot see.
Commentary
The bill from last session was a bit more expansive in its construction than this bill. Two provisions in particular are missing from this bill:
Identify diagnostic tools that can accurately and reliably measure an individual’s capacity to perform cybersecurity related jobs, and
Develop a curriculum for the Program, which may include distance learning instruction, in-classroom instruction within a work location, on-the-job instruction under the supervision of experienced cybersecurity staff.
While these provisions certainly made sense to me, I can see where some Republican ideologues would find them offensive. The new bill does not specifically include these requirements, but it does not stop CISA from including them in their program. It may be these unspoken program shadows that are still keeping many Republicans from supporting the bill.