[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[S. 2354 Reported in Senate (RS)]

                                                       Calendar No. 463
113th CONGRESS
  2d Session
                                S. 2354

                          [Report No. 113-207]

          To improve cybersecurity recruitment and retention.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                              May 20, 2014

  Mr. Carper introduced the following bill; which was read twice and 
referred to the Committee on Homeland Security and Governmental Affairs

                             July 14, 2014

               Reported by Mr. Carper, with an amendment
                  [Insert the part printed in italic]

_______________________________________________________________________

                                 A BILL


 
          To improve cybersecurity recruitment and retention.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``DHS Cybersecurity Workforce 
Recruitment and Retention Act of 2014''.

SEC. 2. CYBERSECURITY RECRUITMENT AND RETENTION.

    (a) In General.--At the end of subtitle C of title II of the 
Homeland Security Act of 2002 (6 U.S.C. 141 et seq.), add the 
following:

``SEC. 226. CYBERSECURITY RECRUITMENT AND RETENTION.

    ``(a) Definitions.--In this section:
            ``(1) Appropriate committees of congress.--The term 
        `appropriate committees of Congress' means the Committee on 
        Homeland Security and Governmental Affairs and the Committee on 
        Appropriations of the Senate and the Committee on Homeland 
        Security and the Committee on Appropriations of the House of 
        Representatives.
            ``(2) Collective bargaining agreement.--The term 
        `collective bargaining agreement' has the meaning given that 
        term in section 7103(a)(8) of title 5, United States Code.
            ``(3) Excepted service.--The term `excepted service' has 
        the meaning given that term in section 2103 of title 5, United 
        States Code.
            ``(4) Preference eligible.--The term `preference eligible' 
        has the meaning given that term in section 2108 of title 5, 
        United States Code.
            ``(5) Qualified position.--The term `qualified position' 
        means a position, designated by the Secretary for the purpose 
        of this section, in which the incumbent performs, manages, or 
        supervises functions that execute the responsibilities of the 
        Department relating to cybersecurity.
            ``(6) Senior executive service.--The term `Senior Executive 
        Service' has the meaning given that term in section 2101a of 
        title 5, United States Code.
    ``(b) General Authority.--
            ``(1) Establish positions, appoint personnel, and fix rates 
        of pay.--
                    ``(A) General authority.--The Secretary may--
                            ``(i) establish, as positions in the 
                        excepted service, such qualified positions in 
                        the Department as the Secretary determines 
                        necessary to carry out the responsibilities of 
                        the Department relating to cybersecurity, 
                        including positions formerly identified as--
                                    ``(I) senior level positions 
                                designated under section 5376 of title 
                                5, United States Code; and
                                    ``(II) positions in the Senior 
                                Executive Service;
                            ``(ii) appoint an individual to a qualified 
                        position (after taking into consideration the 
                        availability of preference eligibles for 
                        appointment to the position); and
                            ``(iii) subject to the requirements of 
                        paragraphs (2) and (3), fix the compensation of 
                        an individual for service in a qualified 
                        position.
                    ``(B) Construction with other laws.--The authority 
                of the Secretary under this subsection applies without 
                regard to the provisions of any other law relating to 
                the appointment, number, classification, or 
                compensation of employees.
            ``(2) Basic pay.--
                    ``(A) Authority to fix rates of basic pay.--In 
                accordance with this section, the Secretary shall fix 
                the rates of basic pay for any qualified position 
                established under paragraph (1) in relation to the 
                rates of pay provided for employees in comparable 
                positions in the Department of Defense and subject to 
                the same limitations on maximum rates of pay 
                established for such employees by law or regulation.
                    ``(B) Prevailing rate systems.--The Secretary may, 
                consistent with section 5341 of title 5, United States 
                Code, adopt such provisions of that title as provide 
                for prevailing rate systems of basic pay and may apply 
                those provisions to qualified positions for employees 
                in or under which the Department may employ individuals 
                described by section 5342(a)(2)(A) of that title.
            ``(3) Additional compensation, incentives, and 
        allowances.--
                    ``(A) Additional compensation based on title 5 
                authorities.--The Secretary may provide employees in 
                qualified positions compensation (in addition to basic 
                pay), including benefits, incentives, and allowances, 
                consistent with, and not in excess of the level 
                authorized for, comparable positions authorized by 
                title 5, United States Code.
                    ``(B) Allowances in nonforeign areas.--An employee 
                in a qualified position whose rate of basic pay is 
                fixed under paragraph (2)(A) shall be eligible for an 
                allowance under section 5941 of title 5, United States 
                Code, on the same basis and to the same extent as if 
                the employee was an employee covered by such section 
                5941, including eligibility conditions, allowance 
                rates, and all other terms and conditions in law or 
                regulation.
            ``(4) Plan for execution of authorities.--Not later than 
        120 days after the date of enactment of this section, the 
        Secretary shall submit a report to the appropriate committees 
        of Congress with a plan for the use of the authorities provided 
        under this subsection.
            ``(5) Collective bargaining agreements.--Nothing in 
        paragraph (1) may be construed to impair the continued 
        effectiveness of a collective bargaining agreement with respect 
        to an office, component, subcomponent, or equivalent of the 
        Department that is a successor to an office, component, 
        subcomponent, or equivalent of the Department covered by the 
        agreement before the succession.
            ``(6) Required regulations.--The Secretary, in coordination 
        with the Director of the Office of Personnel Management, shall 
        prescribe regulations for the administration of this section.
    ``(c) Annual Report.--Not later than 1 year after the date of 
enactment of this section, and every year thereafter for 4 years, the 
Secretary shall submit to the appropriate committees of Congress a 
detailed report that--
            ``(1) discusses the process used by the Secretary in 
        accepting applications, assessing candidates, ensuring 
        adherence to veterans' preference, and selecting applicants for 
        vacancies to be filled by an individual for a qualified 
        position;
            ``(2) describes--
                    ``(A) how the Secretary plans to fulfill the 
                critical need of the Department to recruit and retain 
                employees in qualified positions;
                    ``(B) the measures that will be used to measure 
                progress; and
                    ``(C) any actions taken during the reporting period 
                to fulfill such critical need;
            ``(3) discusses how the planning and actions taken under 
        paragraph (2) are integrated into the strategic workforce 
        planning of the Department;
            ``(4) provides metrics on actions occurring during the 
        reporting period, including--
                    ``(A) the number of employees in qualified 
                positions hired by occupation and grade and level or 
                pay band;
                    ``(B) the placement of employees in qualified 
                positions by directorate and office within the 
                Department;
                    ``(C) the total number of veterans hired;
                    ``(D) the number of separations of employees in 
                qualified positions by occupation and grade and level 
                or pay band;
                    ``(E) the number of retirements of employees in 
                qualified positions by occupation and grade and level 
                or pay band; and
                    ``(F) the number and amounts of recruitment, 
                relocation, and retention incentives paid to employees 
                in qualified positions by occupation and grade and 
                level or pay band; and
            ``(5) describes the training provided to supervisors of 
        employees in qualified positions at the Department on the use 
        of the new authorities.
    ``(d) Three-Year Probationary Period.--The probationary period for 
all employees hired under the authority established in this section 
shall be 3 years.
    ``(e) Incumbents of Existing Competitive Service Positions.--
            ``(1) In general.--An individual serving in a position on 
        the date of enactment of this section that is selected to be 
        converted to a position in the excepted service under this 
        section shall have the right to refuse such conversion.
            ``(2) Subsequent conversion.--After the date on which an 
        individual who refuses a conversion under paragraph (1) stops 
        serving in the position selected to be converted, the position 
        may be converted to a position in the excepted service.''.
    (b) Conforming Amendment.--Section 3132(a)(2) of title 5, United 
States Code, is amended in the matter following subparagraph (E)--
            (1) in clause (i), by striking ``or'' at the end;
            (2) in clause (ii), by inserting ``or'' after the 
        semicolon; and
            (3) by inserting after clause (ii) the following:
            ``(iii) any position established as a qualified position in 
        the excepted service by the Secretary of Homeland Security 
        under section 226 of the Homeland Security Act of 2002;''.
    (c) Table of Contents Amendment.--The table of contents in section 
1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 et seq.) is 
amended by inserting after the item relating to section 225 the 
following:

``Sec. 226. Cybersecurity recruitment and retention.''.

SEC. 3. HOMELAND SECURITY CYBERSECURITY WORKFORCE ASSESSMENT.

    (a) Short Title.--This section may be cited as the ``Homeland 
Security Cybersecurity Workforce Assessment Act''.
    (b) Definitions.--In this section:
            (1) Appropriate congressional committees.--The term 
        ``appropriate congressional committees'' means--
                    (A) the Committee on Homeland Security and 
                Governmental Affairs of the Senate;
                    (B) the Committee on Homeland Security of the House 
                of Representatives; and
                    (C) the Committee on House Administration of the 
                House of Representatives.
            (2) Cybersecurity work category; data element code; 
        specialty area.--The terms ``Cybersecurity Work Category'', 
        ``Data Element Code'', and ``Specialty Area'' have the meanings 
        given such terms in the Office of Personnel Management's Guide 
        to Data Standards.
            (3) Department.--The term ``Department'' means the 
        Department of Homeland Security.
            (4) Director.--The term ``Director'' means the Director of 
        the Office of Personnel Management.
            (5) Secretary.--The term ``Secretary'' means the Secretary 
        of Homeland Security.
    (c) National Cybersecurity Workforce Measurement Initiative.--
            (1) In general.--The Secretary shall--
                    (A) identify all cybersecurity workforce positions 
                within the Department;
                    (B) determine the primary Cybersecurity Work 
                Category and Specialty Area of such positions; and
                    (C) assign the corresponding Data Element Code, as 
                set forth in the Office of Personnel Management's Guide 
                to Data Standards which is aligned with the National 
                Initiative for Cybersecurity Education's National 
                Cybersecurity Workforce Framework report, in accordance 
                with paragraph (2).
            (2) Employment codes.--
                    (A) Procedures.--Not later than 90 days after the 
                date of the enactment of this Act, the Secretary shall 
                establish procedures--
                            (i) to identify open positions that include 
                        cybersecurity functions (as defined in the OPM 
                        Guide to Data Standards); and
                            (ii) to assign the appropriate employment 
                        code to each such position, using agreed 
                        standards and definitions.
                    (B) Code assignments.--Not later than 9 months 
                after the date of the enactment of this Act, the 
                Secretary shall assign the appropriate employment code 
                to--
                            (i) each employee within the Department who 
                        carries out cybersecurity functions; and
                            (ii) each open position within the 
                        Department that have been identified as having 
                        cybersecurity functions.
            (3) Progress report.--Not later than 1 year after the date 
        of the enactment of this Act, the Director shall submit a 
        progress report on the implementation of this subsection to the 
        appropriate congressional committees.
    (d) Identification of Cybersecurity Specialty Areas of Critical 
Need.--
            (1) In general.--Beginning not later than 1 year after the 
        date on which the employment codes are assigned to employees 
        pursuant to subsection (c)(2)(B), and annually through 2021, 
        the Secretary, in consultation with the Director, shall--
                    (A) identify Cybersecurity Work Categories and 
                Specialty Areas of critical need in the Department's 
                cybersecurity workforce; and
                    (B) submit a report to the Director that--
                            (i) describes the Cybersecurity Work 
                        Categories and Specialty Areas identified under 
                        subparagraph (A); and
                            (ii) substantiates the critical need 
                        designations.
            (2) Guidance.--The Director shall provide the Secretary 
        with timely guidance for identifying Cybersecurity Work 
        Categories and Specialty Areas of critical need, including--
                    (A) current Cybersecurity Work Categories and 
                Specialty Areas with acute skill shortages; and
                    (B) Cybersecurity Work Categories and Specialty 
                Areas with emerging skill shortages.
            (3) Cybersecurity critical needs report.--Not later than 18 
        months after the date of the enactment of this Act, the 
        Secretary, in consultation with the Director, shall--
                    (A) identify Specialty Areas of critical need for 
                cybersecurity workforce across the Department; and
                    (B) submit a progress report on the implementation 
                of this subsection to the appropriate congressional 
                committees.
    (e) Government Accountability Office Status Reports.--The 
Comptroller General of the United States shall--
            (1) analyze and monitor the implementation of subsections 
        (c) and (d); and
            (2) not later than 3 years after the date of the enactment 
        of this Act, submit a report to the appropriate congressional 
        committees that describes the status of such implementation.
                                                       Calendar No. 463

113th CONGRESS

  2d Session

                                S. 2354

                          [Report No. 113-207]

_______________________________________________________________________

                                 A BILL

          To improve cybersecurity recruitment and retention.

_______________________________________________________________________

                             July 14, 2014

                       Reported with an amendment