S 3570 Introduced

Cybersecurity Apprenticeships

Earlier this month, Sen Rosen (D,NV) introduced S 3570, the Cyber Ready Workforce Act. The bill would establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. The bill would authorize ‘such funds as necessary’ to be appropriated for this program.

Definitions

Section 3 of the bill provides definitions for two key terms used in this legislation:

• Registered apprenticeship program, and

• Workforce intermediary

Grant Program

Section 4 of the bill required DOL to establish a grant program for “workforce intermediaries, to support the establishment, implementation, and expansion of registered apprenticeship programs in cybersecurity.” The recipient programs would:

• Include certifications in CompTIA Network+, CompTIA A+, CompTIA Security+, Microsoft Windows Technician, Microsoft Certified System Administrator, Certified Network Defender, Certified Ethical Hacker, ISACA Cybersecurity Nexus (CSX), (ISC)2's Certified Information Systems Security Professional (CISSP), or other industry-recognized certification in cybersecurity,

• Encourage stackable and portable credentials, and

• Lead to occupations such as computer support specialists, cybersecurity support technicians, cloud computing architects, computer programmers, computer systems analysts, or security specialists.

Section 4 of the bill would require that the funds for the program would be used for:

• Development and technical support,

• Employer partnership,

• Support services for apprentices,

Up to 15% of grant funds could be used for outreach and marketing activities.

Moving Forward

Rosen is a member of the Senate Health, Education, Labor and Pensions Committee to which this bill was assigned for consideration. This means that there should be sufficient influence to see this bill considered in Committee. I see nothing in this bill that would engender any organized opposition. I suspect that the bill would pass in Committee with significant bipartisan support.

This bill is not important enough to be considered under regular order in the Senate. It is possible that it could be considered under the unanimous consent process. A more likely route to the President’s desk would be including this language from this bill in some large piece of legislation, either added in the drafting or as an amendment in the floor process for that bill.

Commentary

There is nothing in the language of this bill that would prohibit the funding from going to some cybersecurity training program that concentrated on industrial control system. I would be more comfortable, however, if some sort of control system certification program were listed in §4(b)(1).