S 2256 Introduced

CISA Cyber Training

Last month Sen Hassan (D,NH) introduced S 2256, the Federal Cybersecurity Workforce Expansion Act. It would require CISA to establish an apprenticeship program that would lead to cybersecurity related employment with CISA or other Federal entity. The bill would also require the Veterans Administration to establish a pilot program providing cyber-specific training for eligible individuals. There is no funding authorized in the legislation.

This bill is nearly identical to the reported version of S 2274 from the 117^th Congress. That bill was reported favorably by the Senate Homeland Security Committee, but no further action was taken.

Definitions

Section 3 of the bill provides three generic definitions for the bill. Additionally, the two programs are established under separate sections and each section has its own, unrelated definitions.

The CISA program is outlined in Section 4, Cybersecurity Apprenticeship Pilot Program. It defines 19 critical terms. Only one of those terms is related to cybersecurity (‘cybersecurity workforce positions’) and that is defined by reference to 5 USC 301 note.

The VA program is outlined in §5 of the bill. It defines 4 critical terms in §5(a). None of those terms are directly related to cybersecurity.

CISA Apprenticeship Program

Section 4(b) of the bill requires CISA, within 3 years, to establish an apprenticeship program that leads employment in a cyber workforce position for a period of obligated service equal to the length of service in a position under the apprenticeship pilot program by the participant.

VA Cyber Training for Veterans

Section 5(b) would require the VA, within 3 years, to establish a pilot ‘cyber-specific’ training program for veterans and transitioning military personnel that would be aligned “with the taxonomy, including work roles and associated tasks, knowledge, and skills” of NIST SP 800–181.

Federal Workforce Assessment

A very brief §6 of the bill would extend the annual cyber-related work roles reporting requirements §304(a) of the Federal Cybersecurity Workforce Assessment Act of 2015{Title III of Division N of PL 114-113, 129 STAT. 2977} through 2027.

Moving Forward

Hassan is a member of the Senate Homeland Security and Governmental Affairs Committee to which this bill was assigned for consideration. She probably has enough influence to see this bill considered in Committee. I see nothing in the bill that would engender any specific opposition. I suspect that it would receive significant bipartisan support in committee. This bill would not be considered on the floor of the Senate under regular order, but it might make it into the DHS spending bill as an amendment.

Commentary

While this bill does not directly address control system security issues, increasing the cybersecurity qualified staffing of CISA is certainly of interest to the ICS security community. While the training programs established under this bill would be targeted at future CISA employment, they should result in a net increase to the nation’s cybersecurity workforce.