[Congressional Record Volume 160, Number 119 (Monday, July 28, 2014)]
[House]
[Pages H6925-H6928]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                              {time}  1730
        HOMELAND SECURITY CYBERSECURITY BOOTS-ON-THE-GROUND ACT

  Mr. MEEHAN. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 3107) to require the Secretary of Homeland Security to 
establish cybersecurity occupation classifications, assess the 
cybersecurity workforce, develop a strategy to address identified gaps 
in the cybersecurity workforce, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 3107

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. HOMELAND SECURITY CYBERSECURITY WORKFORCE.

       (a) In General.--Subtitle C of title II of the Homeland 
     Security Act of 2002 (6 U.S.C. 141 et seq.) is amended by 
     adding at the end the following new section:

     ``SEC. 226. CYBERSECURITY OCCUPATION CATEGORIES, WORKFORCE 
                   ASSESSMENT, AND STRATEGY.

       ``(a) Short Title.--This section may be cited as the 
     `Homeland Security Cybersecurity Boots-on-the-Ground Act'.
       ``(b) Cybersecurity Occupation Categories.--
       ``(1) In general.--Not later than 90 days after the date of 
     the enactment of this section, the Secretary shall develop 
     and issue comprehensive occupation categories for individuals 
     performing activities in furtherance of the cybersecurity 
     mission of the Department.
       ``(2) Applicability.--The Secretary shall ensure that the 
     comprehensive occupation categories issued under paragraph 
     (1) are used throughout the Department and are made available 
     to other Federal agencies.
       ``(c) Cybersecurity Workforce Assessment.--
       ``(1) In general.--Not later than 180 days after the date 
     of the enactment of this section and annually thereafter, the 
     Secretary shall assess the readiness and capacity of the 
     workforce of the Department to meet its cybersecurity 
     mission.
       ``(2) Contents.--The assessment required under paragraph 
     (1) shall, at a minimum, include the following:
       ``(A) Information where cybersecurity positions are located 
     within the Department, specified in accordance with the 
     cybersecurity occupation categories issued under subsection 
     (b).
       ``(B) Information on which cybersecurity positions are--
       ``(i) performed by--

       ``(I) permanent full time departmental employees, together 
     with demographic information about such employees' race, 
     ethnicity, gender, disability status, and veterans status;
       ``(II) individuals employed by independent contractors; and

[[Page H6926]]

       ``(III) individuals employed by other Federal agencies, 
     including the National Security Agency; and

       ``(ii) vacant.
       ``(C) The number of individuals hired by the Department 
     pursuant to the authority granted to the Secretary in 2009 to 
     permit the Secretary to fill 1,000 cybersecurity positions 
     across the Department over a three year period, and 
     information on what challenges, if any, were encountered with 
     respect to the implementation of such authority.
       ``(D) Information on vacancies within the Department's 
     cybersecurity supervisory workforce, from first line 
     supervisory positions through senior departmental 
     cybersecurity positions.
       ``(E) Information on the percentage of individuals within 
     each cybersecurity occupation category who received essential 
     training to perform their jobs, and in cases in which such 
     training is not received, information on what challenges, if 
     any, were encountered with respect to the provision of such 
     training.
       ``(F) Information on recruiting costs incurred with respect 
     to efforts to fill cybersecurity positions across the 
     Department in a manner that allows for tracking of overall 
     recruiting and identifying areas for better coordination and 
     leveraging of resources within the Department.
       ``(d) Workforce Strategy.--
       ``(1) In general.--Not later than 180 days after the date 
     of the enactment of this section, the Secretary shall 
     develop, maintain, and, as necessary, update, a comprehensive 
     workforce strategy that enhances the readiness, capacity, 
     training, recruitment, and retention of the cybersecurity 
     workforce of the Department.
       ``(2) Contents.--The comprehensive workforce strategy 
     developed under paragraph (1) shall include--
       ``(A) a multiphased recruitment plan, including relating to 
     experienced professionals, members of disadvantaged or 
     underserved communities, the unemployed, and veterans;
       ``(B) a 5-year implementation plan;
       ``(C) a 10-year projection of the Department's 
     cybersecurity workforce needs; and
       ``(D) obstacles impeding the hiring and development of a 
     cybersecurity workforce at the Department.
       ``(e) Information Security Training.--Not later than 270 
     days after the date of the enactment of this section, the 
     Secretary shall establish and maintain a process to verify on 
     an ongoing basis that individuals employed by independent 
     contractors who serve in cybersecurity positions at the 
     Department receive initial and recurrent information security 
     training comprised of general security awareness training 
     necessary to perform their job functions, and role-based 
     security training that is commensurate with assigned 
     responsibilities. The Secretary shall maintain documentation 
     to ensure that training provided to an individual under this 
     subsection meets or exceeds requirements for such 
     individual's job function.
       ``(f) Updates.--The Secretary shall submit to the 
     appropriate congressional committees annual updates regarding 
     the cybersecurity workforce assessment required under 
     subsection (c), information on the progress of carrying out 
     the comprehensive workforce strategy developed under 
     subsection (d), and information on the status of the 
     implementation of the information security training required 
     under subsection (e).
       ``(g) GAO Study.--The Secretary shall provide the 
     Comptroller General of the United States with information on 
     the cybersecurity workforce assessment required under 
     subsection (c) and progress on carrying out the comprehensive 
     workforce strategy developed under subsection (d). The 
     Comptroller General shall submit to the Secretary and the 
     appropriate congressional committees a study on such 
     assessment and strategy.
       ``(h) Cybersecurity Fellowship Program.--Not later than 120 
     days after the date of the enactment of this section, the 
     Secretary shall submit to the appropriate congressional 
     committees a report on the feasibility of establishing a 
     Cybersecurity Fellowship Program to offer a tuition payment 
     plan for undergraduate and doctoral candidates who agree to 
     work for the Department for an agreed-upon period of time.''.
       (b) Clerical Amendment.--The table of contents in section 
     1(b) of such Act is amended by adding after the item relating 
     to section 225 the following new item:

``Sec. 226. Cybersecurity occupation categories, workforce assessment, 
              and strategy.''.

     SEC. 2. PERSONNEL AUTHORITIES.

       (a) In General.--Subtitle C of title II of the Homeland 
     Security Act of 2002, as amended by section 1 of this Act, is 
     further amended by adding at the end the following new 
     section:

     ``SEC. 227. PERSONNEL AUTHORITIES.

       ``(a) In General.--
       ``(1) Personnel authorities.--The Secretary may exercise 
     with respect to qualified employees of the Department the 
     same authority that the Secretary of Defense has with respect 
     to civilian intelligence personnel and the scholarship 
     program under sections 1601, 1602, 1603, and 2200a of title 
     10, United States Code, to establish as positions in the 
     excepted service, appoint individuals to such positions, fix 
     pay, and pay a retention bonus to any employee appointed 
     under this section if the Secretary determines that such is 
     needed to retain essential personnel. Before announcing the 
     payment of a bonus under this paragraph, the Secretary shall 
     submit to the Committee on Homeland Security of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate a written explanation of 
     such determination. Such authority shall be exercised--
       ``(A) to the same extent and subject to the same conditions 
     and limitations that the Secretary of Defense may exercise 
     such authority with respect to civilian intelligence 
     personnel of the Department of Defense; and
       ``(B) in a manner consistent with the merit system 
     principles set forth in section 2301 of title 5, United 
     States Code.
       ``(2) Civil service protections.--Sections 1221 and 2302, 
     and chapter 75 of title 5, United States Code, shall apply to 
     the positions established pursuant to the authorities 
     provided under paragraph (1).
       ``(3) Plan for execution of authorities.--Not later than 
     120 days after the date of the enactment of this section, the 
     Secretary shall submit to the Committee on Homeland Security 
     of the House of Representatives and the Committee on Homeland 
     Security and Governmental Affairs of the Senate a report that 
     contains a plan for the use of the authorities provided under 
     this subsection.
       ``(b) Annual Report.--Not later than one year after the 
     date of the enactment of this section and annually thereafter 
     for four years, the Secretary shall submit to the Committee 
     on Homeland Security of the House of Representatives and the 
     Committee on Homeland Security and Governmental Affairs of 
     the Senate a detailed report (including appropriate metrics 
     on actions occurring during the reporting period) that 
     discusses the processes used by the Secretary in implementing 
     this section and accepting applications, assessing 
     candidates, ensuring adherence to veterans' preference, and 
     selecting applicants for vacancies to be filled by a 
     qualified employee.
       ``(c) Definition of Qualified Employee.--In this section, 
     the term `qualified employee' means an employee who performs 
     functions relating to the security of Federal civilian 
     information systems, critical infrastructure information 
     systems, or networks of either of such systems.''.
       (b) Clerical Amendment.--The table of contents in section 
     1(b) of such Act is amended by adding after the item relating 
     to section 226 (as added by section 1 of this Act) the 
     following new item:

``Sec. 227. Personnel authorities.''.

     SEC. 3. CLARIFICATION REGARDING AUTHORIZATION OF 
                   APPROPRIATIONS.

       No additional amounts are authorized to be appropriated by 
     reason of this Act or the amendments made by this Act.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Pennsylvania (Mr. Meehan) and the gentlewoman from New York (Ms. 
Clarke) each will control 20 minutes.
  The Chair recognizes the gentleman from Pennsylvania.


                             General Leave

  Mr. MEEHAN. Mr. Speaker, I ask unanimous consent that all Members may 
have 5 legislative days in which to revise and extend their remarks and 
include any extraneous material on the bill under consideration.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Pennsylvania?
  There was no objection.
  Mr. MEEHAN. Mr. Speaker, I yield myself such time as I may consume.
  I rise today in support of H.R. 3107, which is the Homeland Security 
Cybersecurity Boots-on-the-Ground Act, and it is sponsored by the 
ranking member of the Cybersecurity, Infrastructure Protection, and 
Security Technologies Subcommittee, Ms. Yvette Clarke of New York. This 
critical piece of legislation is necessary to ensure that the 
Department of Homeland Security can address gaps in the Department's 
cybersecurity workforce.
  I am proud to cosponsor this legislation, as it will direct the 
Department to assess its cyber workforce, create occupational 
classifications, and develop a cybersecurity workforce strategy.
  Throughout the past year, our subcommittee has worked in a bipartisan 
fashion to identify the cyber threat to our Nation's critical 
infrastructure, as well as to assess the Department's ability to 
prevent major cyber attacks. Through our oversight capacity, we have 
identified areas where Congress can act to neutralize this evolving 
threat. I am particularly proud of the work we did to tweak this 
legislation and to incorporate it into the larger committee cyber bill.
  I believe that today's markup will go a long way in supporting this 
mission, and I urge support for this crucial piece of legislation.
  Mr. Speaker, I reserve the balance of my time.
  Ms. CLARKE of New York. Mr. Speaker, I yield myself such time as I 
may consume.
  I rise in strong support of H.R. 3107, the Homeland Security 
Cybersecurity

[[Page H6927]]

Boots-on-the-Ground Act. This is a bill I introduced to address 
fundamental challenges in the cyber workforce at the Department of 
Homeland Security. It has gained bipartisan support, as acknowledged by 
the gentleman from Pennsylvania (Mr. Meehan), our chairman.
  Since the attacks of September 11, the urgent need to fill critical 
national security positions at times has led to actions that may have 
inadvertently heightened our vulnerability and fostered an over-
reliance on private contractors. From a recruitment and retention 
standpoint, it is critical that the Department of Homeland Security 
clearly identifies job classifications for the cyber positions it seeks 
to fill. That was one of the major conclusions of the Cyber Skills Task 
Force that the Homeland Security Advisory Committee assembled at the 
request of then-DHS Secretary Janet Napolitano in 2012.
  I introduced the Homeland Security Cybersecurity Boots-on-the-Ground 
Act to implement a number of the task force's key recommendations.
  First, the bill directs DHS to develop and issue comprehensive 
occupation classifications for persons performing activities in 
furtherance of the Department's cybersecurity missions.
  Secondly, the bill requires the Secretary to assess the readiness and 
capacity of the Department to meet its cybersecurity mission. As part 
of the assessment, the Department has to identify where positions are 
located, whether these positions are vacant, and whether they are held 
by full-time employees or contractors.
  Thirdly, the bill requires the Secretary to develop a comprehensive 
workforce strategy. This strategy will be implemented to enhance the 
readiness, capacity, training, recruitment, and retention of the 
Department's cybersecurity workforce.
  Finally, the bill requires the Secretary to establish and maintain a 
process to verify that individuals employed by private contractors who 
serve in cybersecurity positions at the Department receive initial and 
recurrent information security training.
  H.R. 3107 takes a holistic approach to the challenge of recruiting, 
training, and retraining the cybersecurity workforce that DHS needs.
  I thank Ranking Member Meehan for all of his support and for all of 
the work that we have done together in a bipartisan way to bring this 
legislation to the floor, as well as the suite of cybersecurity 
legislation that we brought forth to the floor today.
  I want to also thank the staff of both the committee and my office 
for the work and the diligence that they have put into bringing forth 
what I call real 21st century legislation. It is very important 
legislation. And our very way of life depends on its success.
  Since 2008, the Department of Homeland Security has been the lead 
Federal civilian agency for cybersecurity. It has been responsible for 
working with Federal agencies to secure their IT networks, and the 
private sector, particularly critical infrastructure owners and 
operators, to raise the level of cyber hygiene and address threats in a 
timely manner.
  My legislation will help ensure that DHS has the workforce it needs 
to execute these critical responsibilities. For that reason, I urge all 
of my colleagues to support H.R. 3107.
  With that, Mr. Speaker, I yield back the balance of my time.
  Mr. MEEHAN. Mr. Speaker, I am very grateful for the gentlewoman's 
presentation of this issue, and I yield myself such time as I may 
consume.
  I just want to conclude my remarks on this bill by pointing to the 
preparation that went into this bill. I would also recognize the 
importance of not just this issue and the challenges that we face with 
the complexity of this issue but to recognize that in order for the 
Department to fulfill its mission, they have to have the kind of 
workforce that is capable of doing it. And in areas like this, that 
requires a skilled workforce and, some would say, a uniquely skilled 
workforce.
  I think the gentlewoman's wisdom in recognizing that once you develop 
that skilled workforce, when 90 percent of the assets are out in the 
private sector, it does not take too long before that private sector 
comes knocking on the door and starts to say, we want your people out 
here. And so wisely, the gentlewoman has pointed to allowing us to have 
a plan in place that looks at the three Rs: readiness, recruitment, and 
retention. And that is the essence of what we want to try to do with 
this very, very important legislation. We want to give some flexibility 
and control to the Department to not only train and make sure we have 
got the best next generation of those who will commit themselves to our 
Nation by service through the Department and protecting our homeland 
but, once they have developed those skills, that we are able, as much 
as possible, to retain them within here by virtue of allowing them the 
capacity and flexibility to do the work that they do best. There will 
still be plenty of opportunity to find bright people in the private 
sector as well. But we have got to make sure the mission of homeland 
security is not affected.
  For those reasons, I urge all Members to join me in supporting this 
bill, and I yield back the balance of my time.
  Mr. THOMPSON of Mississippi. Mr. Speaker, I rise today to express my 
support for H.R. 3107, the ``Homeland Security Cybersecurity Boots-on-
the-Ground Act''.
  I would like to commend Subcommittee Ranking Member Clarke for her 
commitment to addressing a critical issue for the Department of 
Homeland Security--how to recruit and retain a robust cybersecurity 
workforce.
  There is an urgent need for greater protection of our cyber 
infrastructure, with the rate and intensity of system breaches at an 
all-time high and the mounting source of cyber threats.
  The Department of Homeland Security is the lead Federal agency for 
protecting the government's Internet platform ``.gov'' and for 
partnering with the private sector on cybersecurity.
  Attracting the best and brightest in the cybersecurity field has been 
a chronic challenge for the Department. In an effort to come up with 
some effective strategies to overcome that challenge, in July 2012, 
then-Secretary Janet Napolitano directed the Homeland Security Advisory 
Committee to assemble a ``Task Force on CyberSkills''.
  The Task Force issued a series of recommendations that included the 
adoption of a list of mission-critical cybersecurity tasks and a model 
for assessing the competency and progress of the existing and future 
DHS mission-critical cybersecurity workforce.
  H.R. 3107 adopts many of the Task Force's key recommendations.
  For instance, in order to recruit the Department with the cyber 
workforce it needs, H.R. 3107 requires DHS to have comprehensive 
occupation classifications to categorize what types of work will be 
done in each position.
  Today, DHS does not utilize a uniform classification system and, as a 
result, positions get posted that offer little clarity on what 
knowledge, skills, and experience is sought.
  Sophisticated cyber mission-critical skills are not a dime-a-dozen, 
and Federal agencies have to compete among themselves, and especially 
private sector employers for talent.
  This bill seeks to ensure that DHS has an effective approach to 
attracting, hiring, and retaining a mission-critical cybersecurity 
workforce.
  I urge my colleagues to support this bipartisan legislation.
  Mr. McCAUL. Mr. Speaker, I rise today in support of H.R. 3107, the 
Homeland Security Cybersecurity Boots-on-the-Ground Act, sponsored by 
Ranking Member Clarke.
  H.R. 3107 includes important provisions to bolster the cybersecurity 
workforce at the Department of Homeland Security. Across our nation, 
businesses, colleges and universities are transforming their 
organizations to include strong and robust cybersecurity practices. It 
is essential that DHS is hiring the best and the brightest that this 
emerging field has to offer. The Department's efforts to protect the 
homeland from an attack depend on it.
  The legislation offered by Ms. Clarke was introduced and passed out 
of the committee with bipartisan support and we were pleased to have 
worked with her to adjust the language to mirror the workforce 
provisions in the full committee's cyber bill. It will require the 
Department to take inventory of its cyber workforce, including those of 
other Federal agencies. Subsequently, the Secretary will be required to 
present to Congress a workforce strategy, focused on how to attract and 
maintain top cybersecurity experts.
  These new provisions will help ensure the Department has a coherent 
plan to address their need to hire cyber professionals and fill those 
much needed positions.
  I would like to thank Ranking Member Clarke for all of her work on 
this important subject, I urge support for the bill.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Pennsylvania (Mr. Meehan) that the House suspend the 
rules and pass the bill, H.R. 3107, as amended.

[[Page H6928]]

  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. MEEHAN. Mr. Speaker, I object to the vote on the ground that a 
quorum is not present and make the point of order that a quorum is not 
present.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX, further 
proceedings on this question will be postponed.
  The point of no quorum is considered withdrawn.

                          ____________________