HR 6124 Introduced - Cybersecurity Skills

Last month, Rep Thompson (R,PA) introduced HR 6124, the Cybersecurity Skills Integration Act. The bill would require the Department of Education to start a pilot grant program to develop a “postsecondary career and technical education programs that integrate cybersecurity education”. The legislation would authorize $10-million to support the pilot program.

This bill is identical to HR 9259 that was introduced by Rep Langevin (D,RI) in the 117^th Congress. Thompson was a cosponsor of the earlier version. It was introduced much too late in the session for any actions to be taken. It is interesting that Langevin did not re-introduce this legislation, nor is he listed as a cosponsor, though three other Democrats are.

Definitions

Section 3(h) provides definitions of eleven key terms used in the bill. Four of those terms are defined by reference to exiting statutory definitions. Other defined terms include:

• Eligible partnership,

• Eligible agency,

• Postsecondary career and technical education program,

• Work based learning, and

• Special populations.

A term of special significance is ‘cybersecurity education’, which is defined as “education on critical infrastructure cyber defense, including:

• Ensuring the confidentiality, integrity, and availability of information systems used in critical infrastructure, including control systems and operational technology,

• Developing engineering skills applicable to industrial control systems and operational technologies used in critical infrastructure systems, and

• Training to ensure the continuous physical and environmental safety of the operations of critical infrastructure systems.

Pilot Grant Program

Section 3(a) requires the Education Department to establish a pilot grant program for:

• The development and implementation of postsecondary career and technical education programs that incorporate cybersecurity education and prepare individuals to meet workforce needs in critical infrastructure sectors, and

• The integration of cybersecurity education into existing postsecondary career and technical education programs that prepare individuals to meet workforce needs in critical infrastructure sectors.

Individual grants would be limited to no more than $500,000 in any fiscal year.

Moving Forward

Thompson a member of the House Education and Labor Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see this bill considered in Committee. I would expect to see some Republican opposition to the bill because of the $10 million price tag, but that opposition would be off-set by Democratic support.

I am not sure that it would receive sufficient bipartisan support to be considered in the House under the suspension of the rules process if it were to make it that far.

Commentary

This is the first piece of cybersecurity legislation that I have seen where it appears that the crafters of the bill really have a basic understanding of the unique dangers related to attacks on industrial control systems in process industries. In each of the first two parts of the definition of ‘cybersecurity education’ references are made to ‘control systems and operational technology’. It is in the third part of the definition, however, where those potential dangers are really addressed:

“(C) training to ensure the continuous physical and environmental safety of the operations of critical infrastructure systems.”