[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 754 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 440
115th CONGRESS
  2d Session
                                 S. 754

                          [Report No. 115-263]

 To support meeting our Nation's growing cybersecurity workforce needs 
           by expanding the cybersecurity education pipeline.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 28, 2017

   Mr. Kaine (for himself, Mr. Wicker, Mrs. Murray, Mr. Perdue, Mr. 
 Nelson, and Mr. Thune) introduced the following bill; which was read 
     twice and referred to the Committee on Commerce, Science, and 
                             Transportation

                              June 5, 2018

                Reported by Mr. Thune, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
 To support meeting our Nation's growing cybersecurity workforce needs 
           by expanding the cybersecurity education pipeline.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Cyber Scholarship 
Opportunities Act of 2017''.</DELETED>

<DELETED>SEC. 2. FINDINGS.</DELETED>

<DELETED>    Congress finds the following:</DELETED>
        <DELETED>    (1) A well-trained workforce is essential to 
        meeting the Nation's growing cybersecurity needs.</DELETED>
        <DELETED>    (2) A 2015 report by the National Academy of 
        Public Administration found that the United States faces a 
        severe shortage of properly trained and equipped cybersecurity 
        professionals.</DELETED>
        <DELETED>    (3) A 2015 study of the information security 
        workforce found that the information security workforce 
        shortfall is widening.</DELETED>
        <DELETED>    (4) The National Science Foundation's CyberCorps: 
        Scholarship-for-Service program is a successful effort to 
        support capacity building in institutions of higher education 
        and scholarships for students to pursue cybersecurity 
        careers.</DELETED>

<DELETED>SEC. 3. SENSE OF CONGRESS.</DELETED>

<DELETED>    It is the sense of Congress that--</DELETED>
        <DELETED>    (1) given the current need for cybersecurity 
        professionals in the public and private sectors, Congress and 
        the Federal Government should support existing programs to 
        boost their success;</DELETED>
        <DELETED>    (2) the Federal Government should also build upon 
        and develop existing programs to meet emerging challenges, such 
        as the need to protect critical infrastructure and the greater 
        need for cybersecurity professionals of various skill 
        levels;</DELETED>
        <DELETED>    (3) there is a need for greater engagement with 
        students at the kindergarten through grade 12 level to recruit 
        young people to pursue career paths in cybersecurity;</DELETED>
        <DELETED>    (4) many community colleges offer degrees or 
        industry-recognized credentials in cybersecurity and related 
        fields that prepare students to fill high-demand cybersecurity 
        jobs, and the Federal Government should support programs at 2-
        year institutions of higher education that help students 
        develop skills necessary to support the Nation's cybersecurity 
        missions; and</DELETED>
        <DELETED>    (5) the Federal Government should expand existing 
        programs to support re-training mid-career individuals, such as 
        veterans of the Armed Forces, to fill cybersecurity 
        positions.</DELETED>

<DELETED>SEC. 4. FEDERAL CYBER SCHOLARSHIP-FOR-SERVICE 
              PROGRAM.</DELETED>

<DELETED>    Section 302 of the Cybersecurity Enhancement Act of 2014 
(15 U.S.C. 7442) is amended--</DELETED>
        <DELETED>    (1) in subsection (a), by adding at the end the 
        following: ``Not less than 5 percent of scholarships provided 
        under this section shall be provided to eligible students who 
        are pursuing an associate's degree in a cybersecurity field 
        without the intent of transferring to a bachelor's degree 
        program and either have a bachelor's degree already or are 
        veterans of the Armed Forces.'';</DELETED>
        <DELETED>    (2) in subsection (d), by adding at the end the 
        following: ``In the case of a scholarship recipient who is 
        pursuing a doctoral or master's degree, such agreement may 
        include (if determined appropriate on a case-by-case basis by 
        the Director of the National Science Foundation) an agreement 
        for the recipient to work at an institution of higher education 
        or for a local educational agency teaching cybersecurity skills 
        for a period equal to the length of the scholarship following 
        receipt of such degree.'';</DELETED>
        <DELETED>    (3) in subsection (f)--</DELETED>
                <DELETED>    (A) by striking paragraph (3) and 
                inserting the following:</DELETED>
        <DELETED>    ``(3) have demonstrated a high level of competency 
        in relevant knowledge, skills, and abilities, as described in 
        the national cybersecurity awareness and education program 
        under section 401;''; and</DELETED>
                <DELETED>    (B) by striking paragraph (4) and 
                inserting the following:</DELETED>
        <DELETED>    ``(4) be a student in an eligible degree program 
        at a qualified institution of higher education, as determined 
        by the Director of the National Science Foundation, who is--
        </DELETED>
                <DELETED>    ``(A) a full-time student; or</DELETED>
                <DELETED>    ``(B) a student who is enrolled for study 
                leading to a degree on a less than full-time basis but 
                not less than half-time basis; and'';</DELETED>
        <DELETED>    (4) by striking subsection (m) and inserting the 
        following:</DELETED>
<DELETED>    ``(m) Evaluation and Report.--</DELETED>
        <DELETED>    ``(1) In general.--The Director of the National 
        Science Foundation shall evaluate and make public, in a manner 
        that protects the personally identifiable information of 
        scholarship recipients, information on the success of 
        recruiting individuals for scholarships under this section and 
        on hiring and retaining those individuals in the public sector 
        workforce, including on--</DELETED>
                <DELETED>    ``(A) placement rates;</DELETED>
                <DELETED>    ``(B) where students are placed;</DELETED>
                <DELETED>    ``(C) student salary ranges for students 
                not released from obligations under this 
                section;</DELETED>
                <DELETED>    ``(D) how long after graduation they are 
                placed;</DELETED>
                <DELETED>    ``(E) how long they stay in the positions 
                they enter upon graduation;</DELETED>
                <DELETED>    ``(F) how many students are released from 
                obligations; and</DELETED>
                <DELETED>    ``(G) what (if any) remedial training 
                needs are required.</DELETED>
        <DELETED>    ``(2) Regular reports.--The Director of the 
        National Science Foundation shall submit reports to Congress 
        under paragraph (1) not less often than once every 5 years.''; 
        and</DELETED>
        <DELETED>    (5) by adding at the end the following:</DELETED>
<DELETED>    ``(n) Resources.--The Director of the National Science 
Foundation shall work with the Director of the Office of Personnel 
Management to provide adequate resources to the CyberCorps community in 
the form of an online resource center, where all other relevant 
websites will be consolidated or eliminated, if possible. To the extent 
applicable, such websites shall--</DELETED>
        <DELETED>    ``(1) present up-to-date, accurate information 
        about existing scholarship programs and job 
        opportunities;</DELETED>
        <DELETED>    ``(2) present a modernized view of cybersecurity 
        careers;</DELETED>
        <DELETED>    ``(3) improve user friendliness; and</DELETED>
        <DELETED>    ``(4) allow prospective job applicants to search 
        positions by State, salary, and title.</DELETED>
<DELETED>    ``(o) Advertisements.--The Director of the National 
Science Foundation shall work with the Director of the Office of 
Personnel Management and State, local, and tribal agencies to advertise 
cybersecurity positions to scholarship recipients under this section, 
such as by hosting, in coordination with such office and agencies, a 
virtual job fair for scholarship recipients.</DELETED>
<DELETED>    ``(p) Cybersecurity at Kindergarten Through Grade 12 
Level.--The Director of the National Science Foundation, in 
coordination with other Federal agencies as necessary, shall carry out 
a program to grow and improve cybersecurity education at the 
kindergarten through grade 12 level that--</DELETED>
        <DELETED>    ``(1) increases interest in cybersecurity 
        careers;</DELETED>
        <DELETED>    ``(2) helps students practice correct and safe 
        online behavior and understand the foundational principles of 
        cybersecurity; and</DELETED>
        <DELETED>    ``(3) improves teaching methods for delivering 
        cybersecurity content for kindergarten through grade 12 
        computer science curricula.</DELETED>
<DELETED>    ``(q) Critical Infrastructure Protection.--Due to the need 
for skilled cybersecurity professionals to protect the Nation's 
critical infrastructure, the Director of the National Science 
Foundation may--</DELETED>
        <DELETED>    ``(1) grant exceptions to students for fulfilling 
        post-award employment obligations under this section (on a 
        case-by-case basis and in coordination with other Federal 
        agencies) who agree to work in a critical infrastructure 
        mission at a Federal Government corporation or a State, local, 
        or tribal government-affiliated asset, system, or network that 
        is considered to be part of a critical infrastructure sector as 
        described in Presidential Policy Directive-21, issued February 
        12, 2013 (related to critical infrastructure security and 
        resilience), or any successor; and</DELETED>
        <DELETED>    ``(2) develop a pilot program to enhance critical 
        infrastructure protection training for students pursuing 
        careers in cybersecurity.</DELETED>
<DELETED>    ``(r) Study.--The Director of the National Science 
Foundation, in coordination with the Director of the Office of 
Personnel Management, shall assess the potential benefits and 
feasibility of granting scholarship awards under this section to 
students who do not possess a bachelor's degree to pursue an 
associate's degree or an industry-recognized credential in a 
cybersecurity field.''.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Scholarship Opportunities Act 
of 2017''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) A well-trained workforce is essential to meeting the 
        Nation's cybersecurity needs.
            (2) An October 2015 report by the National Academy of 
        Public Administration entitled ``Increasing the Effectiveness 
        of the Federal Role in Cybersecurity Education'' noted that the 
        United States faces a severe shortage of properly trained and 
        equipped cybersecurity professionals in both the government and 
        private sector workforce.
            (3) The 2015 (ISC)\2\ Global Information Security Workshop 
        Study stated that ``the information security workforce 
        shortfall is widening.''
            (4) The National Science Foundation's Federal Cyber 
        Scholarship-for-Service program is a successful effort to 
        support capacity building in institutions of higher education 
        and scholarships for students to pursue cybersecurity careers.

SEC. 3. COMMUNITY COLLEGE CYBER PILOT PROGRAM AND ASSESSMENT.

    (a) Pilot Program.--Not later than 1 year after the date of 
enactment of this Act, as part of the Federal Cyber Scholarship-for-
Service program established under section 302 of the Cybersecurity 
Enhancement Act of 2014 (15 U.S.C. 7442), the Director of the National 
Science Foundation, in coordination with the Director of the Office of 
Personnel Management, shall develop and implement a pilot program at 
not more than 10, but at least 5, community colleges to provide 
scholarships to eligible students who--
            (1) are pursuing associate degrees or specialized program 
        certifications in the field of cybersecurity; and
            (2)(A) have bachelor's degrees; or
            (B) are veterans of the armed forces.
    (b) Assessment.--Not later than 1 year after the date of enactment 
of this Act, as part of the Federal Cyber Scholarship-for-Service 
program established under section 302 of the Cybersecurity Enhancement 
Act of 2014 (15 U.S.C. 7442), the Director of the National Science 
Foundation, in coordination with the Director of the Office of 
Personnel Management, shall assess the potential benefits and 
feasibility of providing scholarships through community colleges to 
eligible students who are pursuing associate degrees, but do not have 
bachelor's degrees.

SEC. 4. FEDERAL CYBER SCHOLARSHIP-FOR SERVICE PROGRAM UPDATES.

    (a) In General.--Section 302 of the Cybersecurity Enhancement Act 
of 2014 (15 U.S.C. 7442) is amended--
            (1) by striking subsection (b)(3) and inserting the 
        following:
            ``(3) prioritize the employment placement of at least 80 
        percent of scholarship recipients in an executive agency (as 
        defined in section 105 of title 5, United States Code); and
            ``(4) provide awards to improve cybersecurity education at 
        the kindergarten through grade 12 level--
                    ``(A) to increase interest in cybersecurity 
                careers;
                    ``(B) to help students practice correct and safe 
                online behavior and understand the foundational 
                principles of cybersecurity;
                    ``(C) to improve teaching methods for delivering 
                cybersecurity content for kindergarten through grade 12 
                computer science curricula; and
                    ``(D) to promote teacher recruitment in the field 
                of cybersecurity.'';
            (2) by amending subsection (d) to read as follows:
    ``(d) Post-award Employment Obligations.--Each scholarship 
recipient, as a condition of receiving a scholarship under the program, 
shall enter into an agreement under which the recipient agrees to work 
for a period equal to the length of the scholarship, following receipt 
of the student's degree, in the cybersecurity mission of--
            ``(1) an executive agency (as defined in section 105 of 
        title 5, United States Code);
            ``(2) Congress, including any agency, entity, office, or 
        commission established in the legislative branch;
            ``(3) an interstate agency;
            ``(4) a State, local, or tribal government; or
            ``(5) a State, local, or tribal government-affiliated non-
        profit that is considered to be critical infrastructure (as 
        defined in section 1016(e) of the USA Patriot Act (42 U.S.C. 
        5195c(e))).'';
            (3) in subsection (f)--
                    (A) by amending paragraph (3) to read as follows:
            ``(3) have demonstrated a high level of competency in 
        relevant knowledge, skills, and abilities, as defined by the 
        national cybersecurity awareness and education program under 
        section 401;''; and
                    (B) by amending paragraph (4) to read as follows:
            ``(4) be a full-time student in an eligible degree program 
        at a qualified institution of higher education, as determined 
        by the Director of the National Science Foundation, except that 
        in the case of a student who is enrolled in a community 
        college, be a student pursuing a degree on a less than full-
        time basis, but not less than half-time basis; and''; and
            (4) by amending subsection (m) to read as follows:
    ``(m) Public Information.--
            ``(1) Evaluation.--The Director of the National Science 
        Foundation, in coordination with the Director of the Office of 
        Personnel Management, shall periodically evaluate and make 
        public, in a manner that protects the personally identifiable 
        information of scholarship recipients, information on the 
        success of recruiting individuals for scholarships under this 
        section and on hiring and retaining those individuals in the 
        public sector cyber workforce, including on--
                    ``(A) placement rates;
                    ``(B) where students are placed, including job 
                titles and descriptions;
                    ``(C) student salary ranges for students not 
                released from obligations under this section;
                    ``(D) how long after graduation they are placed;
                    ``(E) how long they stay in the positions they 
                enter upon graduation;
                    ``(F) how many students are released from 
                obligations; and
                    ``(G) what, if any, remedial training is required.
            ``(2) Reports.--The Director of the National Science 
        Foundation, in coordination with the Office of Personnel 
        Management, shall submit, at least once every 3 years, to the 
        Committee on Commerce, Science, and Transportation of the 
        Senate and the Committee on Science, Space, and Technology of 
        the House of Representatives a report, including the results of 
        the evaluation under paragraph (1) and any recent statistics 
        regarding the size, composition, and educational requirements 
        of the Federal cyber workforce.
            ``(3) Resources.--The Director of the National Science 
        Foundation, in coordination with the Director of the Office of 
        Personnel Management, shall provide consolidated and user-
        friendly online resources for prospective scholarship 
        recipients, including, to the extent practicable--
                    ``(A) searchable, up-to-date, and accurate 
                information about participating institutions of higher 
                education and job opportunities related to the field of 
                cybersecurity; and
                    ``(B) a modernized description of cybersecurity 
                careers.''.
    (b) Savings Provision.--Nothing in this section, or an amendment 
made by this section, shall affect any agreement, scholarship, loan, or 
repayment, under section 302 of the Cybersecurity Enhancement Act of 
2014 (15 U.S.C. 7442), in effect on the day before the date of 
enactment of this Act.

SEC. 5. CYBERSECURITY TEACHING.

    Section 10A(i) of the National Science Foundation Authorization Act 
of 2002 (42 U.S.C. 1862n-1(i)) is amended--
            (1) by amending paragraph (5) to read as follows:
            ``(5) the term `mathematics and science teacher' means a 
        science, technology, engineering, mathematics, or computer 
        science, including cybersecurity, teacher at the elementary 
        school or secondary school level;''; and
            (2) by amending paragraph (7) to read as follows:
            ``(7) the term `science, technology, engineering, or 
        mathematics professional' means an individual who holds a 
        baccalaureate, master's, or doctoral degree in science, 
        technology, engineering, mathematics, or computer science, 
        including cybersecurity, and is working in or had a career in 
        such field or a related area; and''.
                                                       Calendar No. 440

115th CONGRESS

  2d Session

                                 S. 754

                          [Report No. 115-263]

_______________________________________________________________________

                                 A BILL

 To support meeting our Nation's growing cybersecurity workforce needs 
           by expanding the cybersecurity education pipeline.

_______________________________________________________________________

                              June 5, 2018

                       Reported with an amendment