Homeland Security Cybersecurity Boots-on-the-Ground Act

Homeland Security Cybersecurity Boots-on-the-Ground Act
Long title	To require the Secretary of Homeland Security to establish cybersecurity occupation classifications, assess the cybersecurity workforce, develop a strategy to address identified gaps in the cybersecurity workforce, and for other purposes.
Announced in	the 113th United States Congress
Sponsored by	Rep. Yvette D. Clarke (D, NY-9)
Number of co-sponsors	0
Codification
Agencies affected	United States Congress, National Security Agency, Department of Homeland Security
Legislative history
	Introduced in the House as H.R. 3107 by Rep. Yvette D. Clarke (D, NY-9) on September 17, 2013; Committee consideration by United States House Committee on Homeland Security, United States House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies; Passed the House on July 28, 2014 (Roll Call Vote 457: 395-8);

The Homeland Security Cybersecurity Boots-on-the-Ground Act (H.R. 3107) is a bill that would require the United States Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce.^[1] DHS would also be required to create a strategy for recruiting and training additional cybersecurity employees.^[2]

The bill was introduced into the United States House of Representatives during the 113th United States Congress.

Background edit

Computer security (also known as cybersecurity or IT security) is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide.^[3]

Provisions of the bill edit

This summary is based largely on the summary provided by the Congressional Research Service, a public domain source.^[4]

The Homeland Security Cybersecurity Boots-on-the-Ground Act would require the United States Secretary of Homeland Security to: (1) develop occupation classifications for individuals performing activities in furtherance of the cybersecurity mission of the United States Department of Homeland Security (DHS), (2) ensure that such classifications may be used throughout DHS and are made available to other federal agencies, and (3) assess the readiness and capacity of DHS to meet its cybersecurity mission.^[4]

The bill would define "cybersecurity mission" as threat and vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace.^[4]

The bill would direct the Secretary, acting through the DHS Chief Human Capital Officer and Chief Information Officer, to include in such readiness assessment information on which cybersecurity positions are performed by: (1) permanent full-time departmental employees (together with demographic information about such employees' race, ethnicity, gender, disability status, and veterans status); (2) individuals employed by independent contractors; and (3) individuals employed by other federal agencies, including the National Security Agency (NSA). Requires the assessment to address vacancies within the supervisory workforce, job training, and recruiting costs.^[4]

The bill would direct the Secretary to develop: (1) a workforce strategy that enhances the readiness, capacity, training, recruitment, and retention of the DHS cybersecurity workforce, including a multiphased recruitment plan, a 5-year implementation plan, and a 10-year projection of federal workforce needs; and (2) a process to verify that employees of independent contractors who serve in DHS cybersecurity positions receive initial and recurrent information security and role-based security training commensurate with assigned responsibilities.^[4]

The bill would require the Secretary to provide Congress with annual updates regarding such strategies, assessments, and training.^[4]

The bill would require the Comptroller General (GAO) to study and report to the Secretary and Congress with respect to such assessments and strategies.^[4]

The bill would direct the Secretary to report to Congress regarding the feasibility of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for undergraduate and doctoral candidates who agree to work for DHS for an agreed-upon period of time.^[4]

Congressional Budget Office report edit

This summary is based largely on the summary provided by the Congressional Budget Office, as reported by the House Committee on Homeland Security on December 12, 2013. This is a public domain source.^[1]

H.R. 3107 would require the Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce. In particular, the bill would require that DHS prepare a report on that workforce—based on occupational classifications—assessing training, hiring, vacancies, and other factors that could affect readiness. The bill also would require DHS to develop a cybersecurity workforce strategy that would enable the department to develop and retain an effective cybersecurity workforce.^[1]

In preparing the assessments and strategy required by the bill, the Congressional Budget Office (CBO) expects that DHS would be able to draw from several similar federal efforts—such as the National Cybersecurity Workforce Framework, the Information Technology Workforce Assessment for Cybersecurity, and DHS’s Coordinated Recruiting and Outreach Strategy—and therefore, that the cost of completing those new requirements would total less than $500,000.^[1]

The bill also would require DHS to maintain documentation verifying that contractors who serve in cybersecurity roles at DHS receive the training necessary to perform their assigned responsibilities. CBO anticipates that effort would require additional staffing and resources. Based on the cost of similar personnel, CBO estimates that implementing that requirement would cost approximately $2 million over the 2014-2019 period, subject to the availability of appropriated funds.^[1]

Enacting H.R. 3107 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.^[1]

H.R. 3107 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments.^[1]

Procedural history edit

The Homeland Security Cybersecurity Boots-on-the-Ground Act was introduced into the United States House of Representatives by Rep. Yvette D. Clarke (D, NY-9).^[5] The bill was referred to the United States House Committee on Homeland Security and the United States House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. On December 12, 2013, the bill was reported (amended) alongside House Report 113-294.^[5] On July 28, 2014, the House voted in Roll Call Vote 457 to pass the bill 395-8.^[5]^[6]

Debate and discussion edit

Rep. Bennie Thompson (D-MS), who co-sponsored the bill, said that "DHS' success depends on how well it recruits, hires, and trains its cyber workforce."^[2]^[6]

Rep. Pat Meehan (R-PA) supported the bill, saying that "the cyber risk is among the most serious our nation faces today. Terrorist groups like Hamas, nation-states like Iran, China and Russia and criminal gangs across the world are constantly attempting to breach our systems. But existing laws that have been on the books for years are not designed to cope with the threat."^[7]

References edit

^ ^a ^b ^c ^d ^e ^f ^g "H.R. 3107 - CBO" (PDF). Congressional Budget Office. Retrieved 30 July 2014.
^ ^a ^b Medici, Andy (29 July 2014). "House passes DHS cyber bills". Federal Times. Retrieved 30 July 2014.
^ "Reliance spells end of road for ICT amateurs", May 07, 2013, The Australian
^ ^a ^b ^c ^d ^e ^f ^g ^h "H.R. 3107 - Summary". United States Congress. 29 July 2014. Retrieved 30 July 2014.
^ ^a ^b ^c "H.R. 3107 - All Actions". United States Congress. 29 July 2014. Retrieved 30 July 2014.
^ ^a ^b Waddell, Melanie. "House Panel Passes Cybersecurity Bills". ThinkAdvisor. Retrieved 30 July 2014.
^ "3 Bills To Protect Critical Infrastructure From Cyber Attack Passed By House". Homeland Security Today. 28 July 2014. Retrieved 30 July 2014.

External links edit

This article incorporates public domain material from websites or documents of the United States Government.

[3107cbo-1] ^ ^a ^b ^c ^d ^e ^f ^g "H.R. 3107 - CBO" (PDF). Congressional Budget Office. Retrieved 30 July 2014.

[FTmedici-2] Medici, Andy (29 July 2014). "House passes DHS cyber bills". Federal Times. Retrieved 30 July 2014.

[3] "Reliance spells end of road for ICT amateurs", May 07, 2013, The Australian

[3107sum-4] ^ ^a ^b ^c ^d ^e ^f ^g ^h "H.R. 3107 - Summary". United States Congress. 29 July 2014. Retrieved 30 July 2014.

[3107allactions-5] "H.R. 3107 - All Actions". United States Congress. 29 July 2014. Retrieved 30 July 2014.

[Waddell1-6] Waddell, Melanie. "House Panel Passes Cybersecurity Bills". ThinkAdvisor. Retrieved 30 July 2014.

[HSTodayPassed28-7] "3 Bills To Protect Critical Infrastructure From Cyber Attack Passed By House". Homeland Security Today. 28 July 2014. Retrieved 30 July 2014.

[1]

[2]

[3]

[4]

[5]

[6]

[7]