[Senate Report 117-131]
[From the U.S. Government Publishing Office]
Calendar No. 446
117th Congress } { Report
SENATE
2d Session } { 117-131
_______________________________________________________________________
FEDERAL CYBERSECURITY WORKFORCE EXPANSION ACT
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
S. 2274
TO AUTHORIZE THE DIRECTOR OF THE CYBERSECURITY AND
INFRASTRUCTURE SECURITY AGENCY TO ESTABLISH AN
APPRENTICESHIP PROGRAM AND TO ESTABLISH A PILOT
PROGRAM ON CYBERSECURITY TRAINING FOR VETERANS AND
MEMBERS OF THE ARMED FORCES TRANSITIONING TO CIVILIAN LIFE, AND FOR
OTHER PURPOSES
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
July 18, 2022.--Ordered to be printed
_________
U.S. GOVERNMENT PUBLISHING OFFICE
29-010 WASHINGTON : 2022
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware ROB PORTMAN, Ohio
MAGGIE HASSAN, New Hampshire RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona RAND PAUL, Kentucky
JACKY ROSEN, Nevada JAMES LANKFORD, Oklahoma
ALEX PADILLA, California MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
JOSH HAWLEY, Missouri
David M. Weinberg, Staff Director
Zachary I. Schram, Chief Counsel
Lena C. Chang, Director of Governmental Affairs
Devin M. Parsons, Professional Staff Member
Pamela Thiessen, Minority Staff Director
Sam J. Mulopulos, Minority Deputy Staff Director
Cara G. Mumford, Minority Director of Governmental Affairs
Andrew J. Hopkins, Minority Counsel
Laura W. Kilbride, Chief Clerk
Calendar No. 446
117th Congress } { Report
SENATE
2d Session } { 117-131
======================================================================
FEDERAL CYBERSECURITY WORKFORCE EXPANSION ACT
_______
July 18, 2022.--Ordered to be printed
_______
Mr. Peters, from the Committee on Homeland Security and Governmental
Affairs, submitted the following
R E P O R T
[To accompany S. 2274]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (S. 2274) to authorize
the Director of the Cybersecurity and Infrastructure Security
Agency to establish an apprenticeship program and to establish
a pilot program on cybersecurity training for veterans and
members of the Armed Forces transitioning to civilian life, and
for other purposes, having considered the same, reports
favorably thereon with an amendment (in the nature of a
substitute) and recommends that the bill, as amended, do pass.
CONTENTS
Page
I. Purpose and Summary.............................................. 1
II. Background and Need for the Legislation.......................... 2
III. Legislative History.............................................. 4
IV. Section-by-Section Analysis of the Bill, as Reported............. 4
V. Evaluation of Regulatory Impact.................................. 7
VI. Congressional Budget Office Cost Estimate........................ 8
VII. Changes in Existing Law Made by the Bill, as Reported........... 10
I. Purpose and Summary
S. 2274, the Federal Cybersecurity Workforce Expansion Act,
augments cybersecurity workforce development pathways by adding
two new pilot programs. The bill establishes a five-year
cybersecurity registered apprenticeship pilot program within
the Department of Homeland Security (DHS). The bill also
directs the Secretary of Homeland Security, in coordination
with the Secretary of Veterans Affairs, to establish a pilot
program to provide cybersecurity training at no cost to
veterans and military spouses.
II. Background and Need for the Legislation
There is a national shortage of qualified cybersecurity
personnel. According to CyberSeek, a project supported by the
National Initiative for Cybersecurity Education (NICE) at the
National Institute of Standards and Technology (NIST), there
are nearly 600,000 cybersecurity job openings in the United
States, including nearly 40,000 in the public sector.\1\
---------------------------------------------------------------------------
\1\Cyberseek, Interactive Map (www.cyberseek.org/heatmap.html)
(accessed Dec. 14, 2021).
---------------------------------------------------------------------------
The consistent shortage of cybersecurity personnel
represents a high risk to national security. Federal cyber
workforce management challenges have been on the High-Risk List
of the Government Accountability Office (GAO) since 2003.\2\ In
a 2003 High-Risk Series report, GAO stated:
---------------------------------------------------------------------------
\2\Government Accountability Office, High-Risk Series: Protecting
Information Systems Supporting the Federal Government and the Nation's
Critical Infrastructures (GAO-03-121) (Jan. 2003) (www.gao.gov/assets/
gao-03-121.pdf).
Agencies must have the technical expertise they need
to select, implement, and maintain controls that
protect their information systems. Similarly, the
federal government must maximize the value of its
technical staff by sharing expertise and information.
The availability of adequate technical and audit
expertise is a continuing concern to agencies.\3\
---------------------------------------------------------------------------
\3\Id.
In a March 2021 High-Risk Series report, GAO noted that
``federal agencies continue to face challenges in addressing
needs related to their cyber workforce'' and that the Office of
Management and Budget and DHS need to take dedicated action to
address the cybersecurity workforce shortage.\4\
---------------------------------------------------------------------------
\4\Government Accountability Office, High-Risk Series: Federal
Government Needs to Urgently Pursue Critical Actions to Address Major
Cybersecurity Challenges (GAO-21-288) (Mar. 2021) (www.gao.gov/assets/
gao-21-288.pdf).
---------------------------------------------------------------------------
The problem of cybersecurity workforce shortages has taken
on new urgency as the United States faces escalating threats
from hostile cyber actors. On May 12, 2021, multiple high-
profile cybersecurity incidents including the SolarWinds
security breach, Microsoft Exchange Server hack, and Colonial
Pipeline ransomware attack prompted President Biden to issue an
Executive Order aimed at improving the nation's cybersecurity
preparedness systems.\5\ As part of the Biden Administration's
cyber preparedness efforts, DHS Secretary Mayorkas launched a
60-Day Cybersecurity Workforce Sprint in early May 2021.\6\ On
July 1, 2021, the Secretary announced that 12% of over 2,000
vacancies had been filled as a result of the hiring sprint,
noting that although progress has been made, ``we still have
more work to do.''\7\
---------------------------------------------------------------------------
\5\Exec. Order No. 14028, 86 Fed. Reg. 26633 (May 12, 2021).
\6\Department of Homeland Security, Secretary Mayorkas Urges Small
Businesses to Protect Themselves Against Ransomware (May 5, 2021)
(www.dhs.gov/news/2021/05/05/secretary-mayorkas-urges-small-businesses-
protect-themselves-against-ransomware).
\7\Department of Homeland Security, Secretary Mayorkas Announces
Most Successful Cybersecurity Hiring Initiative in DHS History (July 1,
2021) (www.dhs.gov/news/2021/07/01/secretary-mayorkas-announces-most-
successful-cybersecurity-hiring-initiative-dhs).
---------------------------------------------------------------------------
The Senate Committee on Homeland Security and Governmental
Affairs has held multiple hearings in the 117th Congress to
address the government's preparedness, response, and recovery
efforts with regard to cybersecurity.\8\ During one such
hearing on September 23, 2021, entitled National Cybersecurity
Strategy: Protection of Federal and Critical Infrastructure
Systems, Senator Margaret Hassan asked Jen Easterly, Director
of the Cybersecurity and Infrastructure Security Agency (CISA),
about how an apprenticeship program would help address
workforce challenges at CISA.\9\ Director Easterly said:
---------------------------------------------------------------------------
\8\See Senate Committee on Homeland Security and Governmental
Affairs, Hearing on Prevention, Response and Recovery: Improving
Federal Cybersecurity Post-SolarWinds, 117th Cong. (May 11, 2021);
Senate Committee on Homeland Security and Governmental Affairs, Hearing
on Threats to Critical Infrastructure: Examining the Colonial Pipeline
Cyber Attack, 117th Cong. (June 8, 2021); and Senate Committee on
Homeland Security and Governmental Affairs, Hearing on National
Cybersecurity Strategy: Protection of Federal and Critical
Infrastructure Systems, 117th Cong. (Sep. 23, 2021).
\9\ Senate Committee on Homeland Security and Governmental Affairs,
Transcript, Hearing on National Cybersecurity Strategy: Protection of
Federal and Critical Infrastructure Systems, 117th Cong. (Sep. 23,
2021) (https://plus.cq.com/doc/congressionaltranscripts-
6351036?4&searchId=9Svfjbqf).
---------------------------------------------------------------------------
We've already started talking about how we could
implement apprenticeships at CISA . . . . I think we
need to be as creative as possible in all our
approaches to deal with the deficit that we have across
the country and then across the federal cyber
workforce.\10\
---------------------------------------------------------------------------
\10\Id.
---------------------------------------------------------------------------
Fellow witness Chris Inglis, National Cyber Director in the
Executive Office of the President, agreed with Director
Easterly's remarks and added that:
[A]pprenticeships are essential, not simply because
they provide experience for its own sake, but they
bridge the gap between aspiration that is often
supported by training and education and the real
experience that employers need or want when you show up
at that door.\11\
---------------------------------------------------------------------------
\11\Id.
The Federal Cybersecurity Workforce Expansion Act will help
strengthen the cybersecurity talent pipeline within the federal
government by establishing a registered apprenticeship pilot
program at DHS in which participants receive on-the-job
cybersecurity training. Upon successful completion of the
program, participants may be appointed to cybersecurity-
specific excepted service positions within a federal agency.
Appointed participants then enter into a service agreement in
which they commit to working in the federal government for a
period of service equal to the length of the apprenticeship.
The Federal Cybersecurity Workforce Expansion Act also
directs the Secretary of Homeland Security, in partnership with
the Secretary of Veterans Affairs, to establish a pilot program
to provide cybersecurity training at no cost to veterans and
military spouses. The pilot program will incorporate
coursework, virtual learning opportunities, and federal work-
based learning opportunities and will lead to a recognized
postsecondary credential.
This bill incorporates recommendations from a report
published by the Cyberspace Solarium Commission in March 2020.
The report recommends that the federal government ``develop
work-based learning programs and apprenticeships to supplement
classroom learning'' as a step to improve cyber-oriented
education.\12\ Another recommendation calls for designing
``cybersecurity-specific upskilling and transition assistance
programs for veterans and transitioning military service
members to move into federal civilian cybersecurity jobs.''\13\
The Federal Cybersecurity Workforce Expansion Act will help
bring these expert recommendations to fruition and improve our
national security by augmenting cybersecurity workforce
development pathways.
---------------------------------------------------------------------------
\12\Cyberspace Solarium Commission, A Warning From Tomorrow (Mar.
2020) (drive.google.com/file/d/1ryMCIL_dZ30QyjFqFkkf10MxIXJGT4yv/view).
\13\Id. at 44.
---------------------------------------------------------------------------
III. Legislative History
Senator Margaret Hassan (D-NH) introduced S. 2274, the
Federal Cybersecurity Workforce Expansion Act, on June 24,
2021, with Senator John Cornyn (R-TX). The bill was referred to
the Committee on Homeland Security and Governmental Affairs.
The Committee considered S. 2274 at a business meeting on
November 3, 2021. During the business meeting, Senator Hassan
offered a modification to her substitute amendment that was
adopted by unanimous consent. The substitute amendment made a
number of changes to the underlying bill, including a change to
establish the veterans' cybersecurity training pilot program at
the Department of Homeland Security rather than the Department
of Veterans Affairs and setting a cap on the number apprentices
in the cybersecurity apprenticeship pilot program. The
modification to the substitute amendment cut the language
authorizing ``such sums as necessary'' to carry out the
cybersecurity apprenticeship pilot program. As modified,
Senator Hassan's substitute amendment was adopted by unanimous
consent.
Senator Lankford offered an amendment to change the
standard by which agencies can use direct hire authority, which
was not adopted by voice vote.
The bill, as amended by the Hassan modified substitute
amendment, was ordered reported favorably by voice vote en
bloc, with Senators Peters, Hassan, Sinema, Rosen, Padilla,
Ossoff, Portman, Johnson, Lankford, Romney, Scott, and Hawley
present.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1. Short title
This section establishes the short title of the bill as the
``Federal Cybersecurity Workforce Expansion Act.''
Sec. 2. Findings
This section includes findings indicating the need for
additional federal cybersecurity professionals.
Sec. 3. Definitions
This section defines ``Department,'' ``institution of
higher education,'' and ``Secretary'' in the context of this
bill.
Sec. 4. Cybersecurity apprenticeship pilot program
Subsection (a) defines ``area career and technical
education school,'' ``community college,'' ``competitive
service,'' ``cyber workforce position,'' ``early college high
school; educational service agency; local educational agency;
secondary school; state educational agency,'' ``education and
training provider,'' ``eligible entity,'' ``excepted service,''
``local workforce development board,'' ``minority-serving
institution,'' ``nonprofit organization,'' ``qualified
intermediary,'' ``partnerships,'' ``provider of adult
education,'' ``related instruction,'' ``sponsor,'' ``state,''
``state apprenticeship agency,'' ``state workforce development
board,'' and ``WIOA terms'' in the context of this section.
Subsection (b) directs the Secretary of Homeland Security
to establish an apprenticeship pilot program within three years
of this bill's enactment. There can be up to 25 apprentices who
will be employed in cyber workforce positions within DHS while
participating in the program. The learning opportunities in the
program will be based on the NICE Workforce Framework for
Cybersecurity, or a successor framework, and prepare the
participant for a cyber workforce position within a federal
agency. The program must be a registered apprenticeship and
approved by the Department of Veterans Affairs as an
apprenticeship where veterans can use their educational
assistance.
Subsection (c) directs the Secretary of Homeland Security
to consult with the Secretary of Labor, the Director of NIST,
the Secretary of Defense, the Director of the National Science
Foundation, and the Director of the Office of Personnel
Management (OPM) when developing the apprenticeship pilot
program.
Subsection (d) outlines options available to the DHS
Secretary for getting help implementing the apprenticeship
program including contracts, cooperative agreements, or grants.
The entity chosen to provide the program must have demonstrated
experience in implementing apprenticeship programs, have
knowledge of cybersecurity workforce development, have an
ability to provide participants with one or more recognized
postsecondary credentials, use instruction that is specifically
aligned with the needs of federal agencies, and have
demonstrated success in connecting apprenticeship participants
with careers relevant to the program.
Subsection (e) describes how eligible entities seeking a
contract, cooperative agreement, or grant under subsection (d)
must submit an application to the DHS Secretary with such
information as the Secretary may require.
Subsection (f) states that the Secretary may prioritize an
eligible entity in the context of subsection (d) that: (1) is a
member of an industry or sector partnership that sponsors or
participates in an apprenticeship program; (2) provides related
instruction for a registered apprenticeship program; (3) works
to transition members of the Armed Forces and veterans to
apprenticeship programs in a relevant sector; (4) plans to
carry out the apprenticeship program with an entity that
receives state funding or is operated by a state agency; (5)
has successfully increased the representation of women,
minorities, and individuals from other underrepresented
communities in cybersecurity; or (6) has focused on recruiting
women, minorities, and individuals from other underrepresented
communities.
Subsection (g) directs the DHS Secretary to provide
technical assistance to eligible entities selected under
subsection (d) to leverage any existing and relevant federal
job training and education programs.
Subsection (h) requires individuals who successfully
complete the apprenticeship program to enter into an agreement
in which they accept an offer for a cyber workforce position
within a federal agency and serve in that position for a length
of time equal to the length of the apprenticeship program. If
an individual does not satisfy the requirements of the service
agreement, they will be required to repay the cost of the
education and training provided, reduced by an amount factoring
in the extent to which any service obligations were met. The
Secretary is authorized to provide a waiver of service or
repayment requirements as appropriate.
Subsection (i) specifies that participants in the
apprenticeship program may be appointed to cybersecurity
positions in the excepted service.
Subsection (j) specifies that individuals who successfully
complete the apprenticeship program may be appointed to
cybersecurity position in the excepted service.
Subsection (k) specifies that federal service following the
apprenticeship program will be subject to the completion of a
trial period in accordance with any applicable law or
regulation.
Subsection (l) requires the Secretary to submit an annual
report starting two years after the beginning of the
apprenticeship program that includes a description of: (1) any
activity carried out by DHS under this section; (2) any
eligible entity selected and activity carried out under
subsection (d); (3) best practices used; (4) an assessment of
the results achieved by the apprenticeship program, including
the rate of continued employment within a federal agency, the
demographics of the apprenticeship participants, the rate of
completion by program participants, and the return on
investment of the pilot program. This subsection also directs
the GAO to conduct a study on the apprenticeship pilot program
within four years after the program is established.
Subsection (m) sunsets the apprenticeship pilot program in
five years.
Sec. 5. Pilot program on cybersecurity training for veterans and
military spouses
Subsection (a) defines the terms ``eligible individual,''
``recognized postsecondary credential,'' ``veteran,'' and
``work-based learning.''
Subsection (b) directs the DHS Secretary, in consultation
with the Secretary of Veterans Affairs, to establish a pilot
program to provide cybersecurity training to veterans and
military spouses within three years of the enactment of this
bill.
Subsection (c) requires the pilot program to incorporate:
(1) coursework and training that qualifies toward postsecondary
credit; (2) virtual learning opportunities; (3) hands-on
learning and performance-based assessments; (4) federal work-
based learning opportunities; and (5) the provision of
recognized postsecondary credentials to participants who
complete the program.
Subsection (d) requires the pilot program to align with the
NICE Workforce Framework for Cybersecurity or a successor
framework.
Subsection (e) directs the DHS Secretary to coordinate with
the Secretary of Veterans Affairs, Secretary of Defense,
Secretary of Labor, Director of NIST, and Director of OPM to
leverage and prevent duplication of existing training,
platforms, and frameworks within the federal government for
cybersecurity education and training. The DHS Secretary is
directed to coordinate with the Secretary of Veterans Affairs
to ensure that eligible individuals can use existing
educational assistance to the greatest extent possible. The DHS
Secretary is directed to coordinate with the Secretary of
Veterans Affairs, Secretary of Defense, Secretary of Labor,
Director of OPM, and any other appropriate agencies to identify
and create interagency opportunities to allow program
participants to demonstrate competencies necessary to qualify
for federal employment.
Subsection (f) authorizes the Secretary to expand existing
training, platforms, and frameworks or develop and procure
resources as necessary to carry out the program. The Secretary
may provide additional funding, staff, or other resources to:
(1) recruit and retain women, minorities, and individuals from
other underrepresented communities; (2) provide administrative
support; (3) ensure ongoing engagement and success of eligible
individuals participating in the program; (4) connect
participants who complete the program with job opportunities in
the federal government; and (5) allocate dedicated positions
for term employment to enable federal work-based learning
opportunities.
Subsection (g) requires the Secretary to submit an annual
report starting two years after the beginning of the pilot
program that includes a description of: (1) any activity
carried by DHS under this section; (2) existing training,
platforms, and frameworks used; (3) the results achieved by the
apprenticeship program, including the admittance rate into the
program, the demographics of program participants, the rate of
completion by program participants, transfer rates to other
academic or vocational programs, the rate of continued
employment within a federal agency, and the median annual
salary of participants employed after completing the program.
This subsection also directs the GAO to conduct a study on the
pilot program within four years after the program is
established.
Subsection (h) sunsets the pilot program in five years.
Sec. 6. Federal cybersecurity workforce assessment extension
This section extends from 2022 to 2025 the requirement that
each federal agency submit an annual report to OPM identifying
cyber-related work roles of critical need in the agency's
workforce.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill and determined
that the bill will have no regulatory impact within the meaning
of the rules. The Committee agrees with the Congressional
Budget Office's statement that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act (UMRA) and would impose no costs
on state, local, or tribal governments.
VI. Congressional Budget Office Cost Estimate
U.S. Congress,
Congressional Budget Office,
Washington, DC, February 3, 2022.
Hon. Gary C. Peters,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S.
Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for S. 2274, the Federal
Cybersecurity Workforce Expansion Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Aldo
Prosperi.
Sincerely,
Phillip L. Swagel,
Director.
Enclosure.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
The bill would:
Establish a cybersecurity apprenticeship
program
Create a cybersecurity training program for
veterans and spouses of military personnel
Extend reporting requirements for federal
positions related to information technology and
cybersecurity
Estimated budgetary effects would mainly stem from:
Hiring and training cybersecurity
apprentices
Developing cybersecurity training courses
for veterans and military spouses
Spending veterans' education benefits on
cybersecurity training
Bill summary: S. 2274 would require the Department of
Homeland Security (DHS) to establish a cybersecurity
apprenticeship program to recruit and hire people to perform
information technology and cybersecurity roles for the
department. DHS also would provide apprentices with training
courses and career development materials.
S. 2274 would require DHS to establish a program to provide
cybersecurity training without charge to veterans who are
eligible for education benefits administered by the Department
of Veterans Affairs (VA).
Estimated Federal cost: The estimated budgetary effects of
S. 2274 are shown in Table 1. The costs of the legislation fall
within budget function 050 (national defense).
TABLE 1.--ESTIMATED BUDGETARY EFFECTS OF S. 2274
----------------------------------------------------------------------------------------------------------------
By fiscal year, millions of dollars--
-------------------------------------------------------
2022 2023 2024 2025 2026 2022-2026
----------------------------------------------------------------------------------------------------------------
Cybersecurity Apprentices
Estimated Authorization............................. 0 2 5 5 5 17
Estimated Outlays................................... 0 2 5 5 5 17
Curriculum and Training
Estimated Authorization............................. 0 4 0 0 0 4
Estimated Outlays................................... 0 2 2 0 0 4
Program Management Staff
Estimated Authorization............................. * 1 1 1 1 4
Estimated Outlays................................... * 1 1 1 1 4
Total Changes.......................................
Estimated Authorization......................... * 7 6 6 6 25
Estimated Outlays............................... * 5 8 6 6 25
----------------------------------------------------------------------------------------------------------------
* = between zero and $500,000.
In addition to the budgetary effects shown above, CBO estimates that enacting S. 2274 would have insignificant
effects on direct spending and the deficit over the 2022-2031 period.
Basis of estimate: For this estimate, CBO assumes that S.
2274 will be enacted in the middle of fiscal year 2022 and that
the required pilot programs would begin in fiscal year 2023.
CBO also expects that cybersecurity apprentices would serve for
a two-year term. Outlays are based on historical spending
patterns for existing or similar programs.
Spending subject to appropriation: CBO estimates that
implementing the bill would cost $25 million over the 2022-2026
period. Such spending would be subject to the availability of
appropriated funds.
Cybersecurity Apprentices. S. 2274 would require DHS to
recruit and hire apprentices to fill a range of information
technology and cybersecurity roles across the department. On
the basis of information from the Department of Labor about the
average duration and salaries of apprenticeships, CBO expects
that each apprentice would serve for two years at an average
annual cost of about $85,000 for salaries and benefits. CBO
anticipates that DHS would hire the first cohort of apprentices
in 2023 and that each cohort would include 25 people, the
maximum annual number of new hires permitted under S. 2274.
Because each cohort would serve for two years, CBO expects that
DHS would employ 50 cyber apprentices each year once the second
cohort is hired. On that basis and accounting for the effects
of anticipated inflation, CBO estimates that salaries and
benefits expenses of apprentices hired under S. 2274 would
total $17 million over the 2023-2026 period.
Curriculum and Training. S. 2274 would require DHS to
develop cybersecurity training courses for the apprenticeship
and veteran training programs authorized under the bill. CBO
expects that DHS would contract with private-sector
cybersecurity firms to design the curricula for these courses
and create the online platforms to access the training. Based
on the costs of similar programs at DHS, CBO estimates that
cyber training services and materials would cost about $4
million.
Program Management Staff. Using information about similar
training programs, CBO anticipates that DHS would need five
full-time employees to create and manage these new programs.
CBO estimates that staff salaries would average about $1
million annually over the 2022-2026 period.
Direct Spending: Several provisions in S. 2274 would have
insignificant effects on direct spending over the 2022-2031
period.
Cybersecurity Training for Veterans and Military Spouses.
CBO expects that some veterans who are eligible for education
benefits administered by VA would increase their use of those
benefits as a result of the cybersecurity training program.
Conversely, some veterans who otherwise would have used their
benefits to enroll in a postsecondary education program would
instead use them for cybersecurity training (which would
typically cost less). The costs of VA education benefits are
paid from mandatory appropriations. CBO estimates that the
changes in the use of benefits would have insignificant net
effects on direct spending over the 2022-2031 period.
Cyber Security Workforce Assessment Extension. S. 2274
would extend, from 2022 to 2025, the reporting requirements
established under the Federal Cybersecurity Workforce
Assessment Act. Enacting that extension could affect direct
spending by some agencies that use fees, receipts from the sale
of goods, and other collections to cover operating costs. CBO
estimates that any net changes in direct spending by those
agencies would be negligible because most of them can adjust
amounts collected to accommodate changes in operating costs.
Pay-As-You-Go considerations: The Statutory Pay-As-You-Go
Act of 2010 establishes budget-reporting and enforcement
procedures for legislation affecting direct spending or
revenues. CBO estimates that enacting S. 2274 would have
insignificant effects on direct spending and the deficit.
Increase in long-term deficits: None.
Mandates: None.
Estimate prepared by: Federal Costs: Aldo Prosperi
(Department of Homeland Security); Paul B.A. Holland
(Department of Veterans Affairs); Mandates: Brandon Lever.
Estimate reviewed by: David Newman, Chief, Defense,
International Affairs, and Veterans' Affairs Cost Estimates
Unit, Leo Lex, Deputy Director of Budget Analysis; Theresa
Gullo, Director of Budget Analysis.
VII. Changes in Existing Law Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows: (existing law
proposed to be omitted is enclosed in brackets, new matter is
printed in italic, and existing law in which no change is
proposed is shown in roman):
UNITED STATES CODE
* * * * * * *
TITLE 5--GOVERNMENT ORGANIZATION AND EMPLOYEES
* * * * * * *
PART I--THE AGENCIES GENERALLY
* * * * * * *
CHAPTER 3--POWERS
* * * * * * *
SEC. 301. DEPARTMENTAL REGULATIONS
* * * * * * *
STATUTORY NOTES
* * * * * * *
FEDERAL CYBERSECURITY WORKFORCE ASSESSMENT
* * * * * * *
SEC. 304. IDENTIFICATION OF CYBER RELATED WORK ROLES OF CRITICAL NEED
(a) In General.--Beginning not later than 1 year after the
date on which the employment codes are assigned to employees
pursuant to section 303(b)(2), and annually thereafter through
[2022] 2025, the head of each Federal agency, in consultation
with the Director, the Director of the National Institute of
Standards and Technology, and the Secretary of Homeland
Security, shall--
(1) identify information technology, cybersecurity,
or other cyber-related roles of critical need in the
agency's workforce; and
(2) submit a report to the Director that--
(A) describes the information technology,
cybersecurity, or other cyber-related roles
identified under paragraph (1); and
(B) substantiates the critical need
designations.
* * * * * * *
[all]