CFSN Detailed Analysis

Share this post

CFSN Detailed Analysis
S 4715 Introduced
Copy link
Facebook
Email
Notes
More

S 4715 Introduced

Cyber Workforce Development

Patrick Coyle
Jul 30, 2024

Share this post

CFSN Detailed Analysis
S 4715 Introduced
Copy link
Facebook
Email
Notes
More
Share

Earlier this month Sen Rounds (R,SD) introduced S 4715, the Federal Cyber Workforce Training Act of 2024. The bill would require the National Cyber Director to formulate a plan for the establishment of a federal cyber training institute. It does not authorize the actual establishment of the institute, that would require subsequent legislation. The bill specifically does not authorize new spending.

Definitions

Subsection 2(a) provides definitions for seven key terms used in the bill. The closest thing to a technical term is ‘cyber work role’ which is based upon the NICE Framework and the requirement that the role relates “to work involving designing, building, securing, operating, defending, and protecting cyberspace resources”. The use of the word ‘and’ instead of ‘or’ as the conjunction in that phrase would make the term very restrictive since very few (if any) roles would actually include all six functions. That quibble is probably not important in this bill since an actual institute is not being formed.

The Institute

Subsection 2(b) would give the Director 180 days to formulate the plan for establishing the institute. The plan would be for an institute that would conduct training for:

  • Personnel hired for cyber work roles in the Federal Government, including new hires and personnel seeking transition to mid-career positions, which may include upskilling and reskilling efforts; and

  • Personnel with responsibilities for human resource functions relating to cyber personnel.

The plan would be developed for an institute with responsibilities for:

  • Providing modularized cyber work role-specific training, including hands-on learning and skill-based assessments, to prepare newly hired Federal personnel from a wide variety of academic and professional backgrounds to perform effectively in Federal cyber work roles,

  • Coordinating with the Secretary of Homeland Security, the Secretary of Defense, and the heads of other agencies determined necessary by the Director to develop a cyber work role-specific curriculum for the training provided,

  • Prioritizing entry-level positions in the provision of curriculum development and training,

  • Addressing the training needs of personnel seeking transition to mid-career positions and personnel with responsibilities for human resources functions relating to cyber personnel,

  • Including curriculum development and training for Federal cyber workers seeking transition to mid-career positions, which may include upskilling and reskilling efforts,

  • Considering development of a specific module to familiarize and train appropriate Federal Government hiring managers and human resources staff in the unique challenges in recruiting and hiring personnel for Federal cyber work force roles,

  • Incorporating work-based learning in personnel training,

  • Develop a badging system to communicate qualification and proficiency for individuals who successfully complete training through the Federal institute with consideration of systems used by the intelligence community,

  • Offer in-person and virtual options to accommodate various learning environments for individuals, and

  • Providing training to individuals irrespective of whether an individual has a college degree or a college degree in a cyber-related discipline.

Plan Elements

Paragraph 2(b)(3) describes the requirements for the plan to be developed by the National Cyber Director. The plan would include:

  • Recommendations for an organizational placement for the Federal institute, which may include a single agency or a combination of agencies,

  • Identify elements of the proposed institute that could use existing facilities, resources, and programs of the Federal Government, or would require new facilities, resources, or programs,

  • Recommendations for a course curriculum, delivery method, and length of curriculum for the training using Federal Government cyber training programs as models, including the Joint Cyber Analysis Course of the Department of Defense and the Federal Cyber Defense Skilling Academy of the Cybersecurity and Infrastructure Security Agency,

  • Recommendations for a policy for individuals who do not complete required training,

  • A description of a security clearance process to complete some level of security clearance for appropriate individuals while individuals are enrolled in training,

  • Recommendations for a security clearance process to complete some level of security clearance for appropriate individuals while individuals are enrolled in training,

  • Recommendations for a governance structure for the Federal institute that would ensure ongoing interagency coordination in the development of a curriculum, the provision of training,

  • An estimate of the funding and new authorities required to establish and operate the Federal institute,

  • Identification of how the Federal institute would provide some or all of the training required academic institutions from among academic institutions that are designated by the National Security Agency as a National Center of Academic Excellence in cybersecurity for cyber defense, cyber research, and cyber operations, and have an operational sensitive compartmented information facility,

  • Identification of how the instructors of the Federal institute will remain current with respect to cybersecurity knowledge, skills and abilities through scholarship or other means, and

  • Identification of how the Federal institute will maintain the quality and longevity of instructors.

Moving Forward

This bill is scheduled to be taken up by the Senate Homeland Security and Governmental Affairs Committee tomorrow. This typically means that there is consensus on how to move forward with the bill. I suspect that there will be significant bipartisan support for the bill. The main question is whether or not Sen Paul (R,KY) will support the bill. While the bill can (and probably will) pass without Paul’s vote, his opposition will signal that the bill would not be able to be considered under the Senate’s unanimous consent process, nor would it likely be able to be considered as an amendment to another, more politically important bill.

Commentary

While the proposed institute is not a cybersecurity institute, all cyber work roles should include some level of cybersecurity responsibilities. I think it would be helpful to delineate a responsibility for the institute to establish a minimum level of cybersecurity training for all cyber personnel. To that end, I would like to suggest the insertion of a new §2(b)(2)(C):

“(C) establish a common skill level cybersecurity curriculum for all entry level positions and a more advanced cybersecurity training program for personnel transitioning to mid-career level positions;”

Share this post

CFSN Detailed Analysis
S 4715 Introduced
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2024 Patrick Coyle
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More