Skilled federal cybersecurity workers could be rotated among civilian agencies under bipartisan legislation the Senate passed Tuesday.
The intent is not only to help fill specific gaps in the workforce, but also to help agencies recruit and retain people by offering opportunities “to enhance their careers, broaden their professional experience, and foster collaborative networks by experiencing and contributing to the cyber mission beyond their home agencies,” the bill’s sponsors, Sens. Gary Peters, D-Mich., and John Hoeven, R-N.D., said in a news release.
The legislation — the Federal Rotational Cyber Workforce Program Act of 2019 — passed by unanimous consent. There is no companion bill in the House, but a congressional source told FedScoop that Senate sponsors have reached out to the other chamber about how to move the legislation forward.
Supporters see the bill as an extension of several initiatives from Congress and the White House, including the Federal Cybersecurity Workforce Assessment Act of 2015, which required the Office of Personnel Management (OPM) and other agencies to identify and describe their cyber-related jobs, and the Trump administration’s broad government reorganization plan from June 2018, which included proposals to alleviate shortages in the cybersecurity workforce.
Silicon Valley’s ability to attract much of the best cybersecurity talent is a chief concern, whether the focus is new graduates looking for their first jobs or current federal workers who are aware of the higher salaries and richer benefits packages in the private sector. A surplus of job openings around the country — most estimates say tens of thousands of cybersecurity positions are currently unfilled — complicates the situation even more for the government.
Rotations for cybersecurity workers would be limited to 180 days, with an option for a 60-day extension. Employees would have to return to their home agencies afterward and remain there for at least the same amount of time before being rotated out again.
OPM, the federal Chief Human Capital Officers Council and the Department of Homeland Security would have to develop an operation plan “that establishes the procedures and requirements for the program, including the employee application and selection process and agency management of cyber employees participating in the program,” according to the committee report that accompanied the bill.
The Government Accountability Office would have to report on the program, and the legislation would sunset after five years.
The Trump administration has moved ahead independently with efforts to help fill gaps in the cybersecurity workforce, notably the Federal Cyber Reskilling Academy, which aims to provide hands-on training to federal employees who are not currently working in IT. The program, created in late 2018, is already looking to fill its second cohort of trainees.
DHS also is developing a Cyber Talent Management System that will allow the department “to align prospective cybersecurity talent to the most pressing cybersecurity needs and will allow these technical professionals to accelerate their careers as rapidly as their aptitudes allow.”
Peters is ranking member of the Homeland Security and Governmental Affairs Committee, which approved the bill in March. That panel’s chairman, Ron Johnson, R-Wis., is a cosponsor, as is committee member Maggie Hassan, D-N.H.