S 885 Reported in Senate
DHS Civilian Cyber Reserve
Last week, the Senate Homeland Security and Governmental Affairs Committee published their Report on S 885 [removed from paywall], the Department of Homeland Security Civilian Cybersecurity Reserve Act, and an amended version of the bill. The Committee met on May 17th, 2023, and adopted (item 8) the substitute language offered by Sen Rosen (D,NV) without further amendment by a vote of 10 to 1. The bill would authorize DHS to establish a pilot program for a civilian cybersecurity reserve.
Changes in Bill
Most of the changes in the bill were of a clarifying nature. For example, in the numerous instances where the older language referred to the pilot program that the bill calls for establishing as ‘the pilot’ or ‘the pilot established in (b)’ the new version almost tediously refers to it as ‘the pilot project authorized under subsection (b)(1)’.
There were three more substantial changes made in the substitute language, but none that significantly altered the pilot program. The first change was subsection 2(f) where the change removed a requirement in the original language to consult with the Office of Personnel Management in issuing guidance in establishing and implementing the pilot project.
The second change was made in subsection 2(i), where language was added that allowed personnel filling temporary positions when the pilot program authorization terminates in four years to “continue to serve until the end of the appointment.”
Finally, the substitute language adds subsection 2(j):
“(j) NO ADDITIONAL FUNDS.—No additional funds are authorized to be appropriated for the purpose of carrying out this Act.”
From the Report
The Committee’s Report provides the following summary of the purpose of the bill:
“The DHS Civilian Cybersecurity Reserve Act attempts to address the continued federal cyber personnel shortages by establishing a surge capacity to better ensure the U.S. is well-positioned to respond to significant cyber attacks (sic). This bill authorizes civilian cybersecurity personnel to serve in temporary positions, for up to six months, as federal civil service employees to supplement CISA’s cybersecurity personnel. Participation in the DHS Civilian Cybersecurity Reserve would be voluntary and by invitation. CISA is authorized to activate up to 30 reserve personnel at a time.”
The Congressional Budget Office (CBO) estimates that the reserve program will cost $65 million for the period of 2024-8. Administrative costs would be about $2 million per year (with an unexplained increase to $3 million for 2028). The actual program costs would start out at $8 million in 2025 and quickly increase to $16 million per year by 2027.
Moving Forward
With the publication of this report, the bill is now ready for consideration by the full Senate. The strong bipartisan support for the bill should be reflected in how the bill will be accepted when it comes to the floor of the Senate. Unfortunately, the sole vote against the bill came from Sen Paul (R,KY). One vote should not make a difference, but Paul is one of a handful of Senators that has an established reputation for objecting to unanimous consent motions for consideration of legislation. Typically, Paul does not need to have a specific problem with legislation to object to such motions, but a problem with a bill would certainly make such an objection that much more likely.
If the bill were to be considered under regular order, it would almost certainly pass with strong bipartisan support. Unfortunately, regular order takes too much of the Senate’s limited time for it to be used for any but the most politically important bills. This bill hardly meets that standard. So, the most likely way that this bill would be taken up by the Senate is through the unanimous consent process with fingers crossed.