113 HR 3107 RH: Homeland Security Cybersecurity Boots-on-the-Ground Act U.S. House of Representatives 2013-12-12 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

IB Union Calendar No. 212 113th CONGRESS1st Session H. R. 3107 [Report No. 113–294] IN THE HOUSE OF REPRESENTATIVES September 17, 2013 Ms. Clarke introduced the following bill; which was referred to the Committee on Homeland Security December 12, 2013 Additional sponsors: Mr. Horsford, Mr. Meehan, and Mr. Thompson of Mississippi December 12, 2013 Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed Strike out all after the enacting clause and insert the part printed in italic For text of introduced bill, see copy of bill as introduced on September 17, 2013 A BILL To require the Secretary of Homeland Security to establish cybersecurity occupation classifications, assess the cybersecurity workforce, develop a strategy to address identified gaps in the cybersecurity workforce, and for other purposes.

1.

Short title

This Act may be cited as the Homeland Security Cybersecurity Boots-on-the-Ground Act.

2.

Cybersecurity occupation classifications, workforce assessment, and strategy

(a)

Cybersecurity occupation classifications

(1)

In general

Not later than 90 days after the date of the enactment of this Act, the Secretary of Homeland Security shall develop and issue comprehensive occupation classifications for individuals performing activities in furtherance of the cybersecurity mission of the Department of Homeland Security. (2)

Applicability

The Secretary of Homeland Security shall ensure that the comprehensive occupation classifications issued under paragraph (1) are used throughout the Department of Homeland Security and are made available to other Federal agencies. (b)

Cybersecurity workforce assessment

(1)

In general

Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security, acting through the Chief Human Capital Officer and Chief Information Officer of the Department of Homeland Security, shall assess the readiness and capacity of the Department to meet its cybersecurity mission. (2)

Contents

The assessment required under paragraph (1) shall, at a minimum, include the following: (A)Information where cybersecurity positions are located within the Department of Homeland Security, specified in accordance with the cybersecurity occupation classifications issued under subsection (a). (B)Information on which cybersecurity positions are— (i)performed by— (I)permanent full time departmental employees, together with demographic information about such employees’ race, ethnicity, gender, disability status, and veterans status; (II)individuals employed by independent contractors; and (III)individuals employed by other Federal agencies, including the National Security Agency; and (ii)vacant. (C)The number of individuals hired by the Department pursuant to the authority granted to the Secretary of Homeland Security in 2009 to permit the Secretary to fill 1,000 cybersecurity positions across the Department over a three year period, and information on what challenges, if any, were encountered with respect to the implementation of such authority. (D)Information on vacancies within the Department’s cybersecurity supervisory workforce, from first line supervisory positions through senior departmental cybersecurity positions. (E)Information on the percentage of individuals within each cybersecurity occupation classification who received essential training to perform their jobs, and in cases in which such training is not received, information on what challenges, if any, were encountered with respect to the provision of such training. (F)Information on recruiting costs incurred with respect to efforts to fill cybersecurity positions across the Department in a manner that allows for tracking of overall recruiting and identifying areas for better coordination and leveraging of resources within the Department. (c)

Workforce strategy

(1)

In general

Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security shall develop a comprehensive workforce strategy that enhances the readiness, capacity, training, and recruitment and retention of the cybersecurity workforce of the Department of Homeland Security. (2)

Contents

The comprehensive workforce strategy developed under paragraph (1) shall include— (A)a multiphased recruitment plan, including relating to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans; (B)a 5-year implementation plan; and (C)a 10-year projection of Federal workforce needs. (d)

Information security training

Not later than 270 days after the date of the enactment of this Act, the Secretary of Homeland Security shall establish and maintain a process to verify on an ongoing basis that individuals employed by independent contractors who serve in cybersecurity positions at the Department of Homeland Security receive initial and recurrent information security training comprised of general security awareness training necessary to perform their job functions, and role-based security training that is commensurate with assigned responsibilities. The Secretary shall maintain documentation to ensure that training provided to an individual under this subsection meets or exceeds requirements for such individual’s job function. (e)

Updates

Together with the submission to Congress of annual budget requests, the Secretary of Homeland Security shall provide updates regarding the cybersecurity workforce assessment required under subsection (b), information on the progress of carrying out the comprehensive workforce strategy developed under subsection (c), and information on the status of the implementation of the information security training required under subsection (d). (f)

GAO study

The Secretary of Homeland Security shall provide the Comptroller General of the United States with information on the cybersecurity workforce assessment required under subsection (a) and progress on carrying out the comprehensive workforce strategy developed under subsection (c). The Comptroller General shall submit to the Secretary, the Committee on Homeland Security of the House of Representatives, and the Committee on Homeland Security and Governmental Affairs of the Senate a study on such assessment and strategy.

3.

Cybersecurity Fellowship Program

Not later than 120 days after the date of the enactment of this Act, the Secretary of Homeland Security shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the feasibility of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for undergraduate and doctoral candidates who agree to work for the Department of Homeland Security for an agreed-upon period of time.

4.

Definition

In this Act, the term cybersecurity mission means activities that encompass the full range of threat reduction, vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace.

December 12, 2013 Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed