[Congressional Record Volume 167, Number 130 (Monday, July 26, 2021)]
[House]
[Pages H3875-H3877]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




         FEDERAL ROTATIONAL CYBER WORKFORCE PROGRAM ACT OF 2021

  Ms. NORTON. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 3599) to establish a Federal rotational cyber workforce 
program for the Federal cyber workforce, and for other purposes, as 
amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 3599

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Federal Rotational Cyber 
     Workforce Program Act of 2021''.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Agency.--The term ``agency'' has the meaning given the 
     term ``Executive agency'' in section 105 of title 5, United 
     States Code, except that the term does not include the 
     Government Accountability Office.
       (2) Competitive service.--The term ``competitive service'' 
     has the meaning given that term in section 2102 of title 5, 
     United States Code.
       (3) Councils.--The term ``Councils'' means--
       (A) the Chief Human Capital Officers Council established 
     under section 1303 of the Chief Human Capital Officers Act of 
     2002 (5 U.S.C. 1401 note); and
       (B) the Chief Information Officers Council established 
     under section 3603 of title 44, United States Code.
       (4) Cyber workforce position.--The term ``cyber workforce 
     position'' means a position identified as having information 
     technology, cybersecurity, or other cyber-related functions 
     under section 303 of the Federal Cybersecurity Workforce 
     Assessment Act of 2015 (5 U.S.C. 301 note).
       (5) Director.--The term ``Director'' means the Director of 
     the Office of Personnel Management.
       (6) Employee.--The term ``employee'' has the meaning given 
     the term in section 2105 of title 5, United States Code.
       (7) Employing agency.--The term ``employing agency'' means 
     the agency from which an employee is detailed to a rotational 
     cyber workforce position.
       (8) Excepted service.--The term ``excepted service'' has 
     the meaning given that term in section 2103 of title 5, 
     United States Code.
       (9) Rotational cyber workforce position.--The term 
     ``rotational cyber workforce position'' means a cyber 
     workforce position with respect to which a determination has 
     been made under section 3(a)(1).
       (10) Rotational cyber workforce program.--The term 
     ``rotational cyber workforce program'' means the program for 
     the detail of employees among rotational cyber workforce 
     positions at agencies.
       (11) Secretary.--The term ``Secretary'' means the Secretary 
     of Homeland Security.

     SEC. 3. ROTATIONAL CYBER WORKFORCE POSITIONS.

       (a) Determination With Respect to Rotational Service.--
       (1) In general.--The head of each agency may determine that 
     a cyber workforce position in that agency is eligible for the 
     rotational cyber workforce program, which shall not be 
     construed to modify the requirement under section 4(b)(3) 
     that participation in the rotational cyber workforce program 
     by an employee shall be voluntary.
       (2) Notice provided.--The head of an agency shall submit to 
     the Director--
       (A) notice regarding any determination made by the head of 
     the agency under paragraph (1); and
       (B) for each position with respect to which the head of the 
     agency makes a determination under paragraph (1), the 
     information required under subsection (b)(1).
       (b) Preparation of List.--The Director, with assistance 
     from the Councils and the Secretary, shall develop a list of 
     rotational cyber workforce positions that--
       (1) with respect to each such position, to the extent that 
     the information does not disclose sensitive national security 
     information, includes--
       (A) the title of the position;
       (B) the occupational series with respect to the position;
       (C) the grade level or work level with respect to the 
     position;
       (D) the agency in which the position is located;
       (E) the duty location with respect to the position; and
       (F) the major duties and functions of the position; and
       (2) shall be used to support the rotational cyber workforce 
     program.
       (c) Distribution of List.--Not less frequently than 
     annually, the Director shall distribute an updated list 
     developed under subsection (b) to the head of each agency and 
     other appropriate entities.

     SEC. 4. ROTATIONAL CYBER WORKFORCE PROGRAM.

       (a) Operation Plan.--
       (1) In general.--Not later than 270 days after the date of 
     enactment of this Act, and in consultation with the Councils, 
     the Secretary, representatives of other agencies, and any 
     other entity as the Director determines appropriate, the 
     Director shall develop and issue a Federal Rotational Cyber 
     Workforce Program operation plan providing policies, 
     processes, and procedures for a program for the detailing of 
     employees among rotational cyber workforce positions at 
     agencies, which may be incorporated into and implemented 
     through mechanisms in existence on the date of enactment of 
     this Act.
       (2) Updating.--The Director may, in consultation with the 
     Councils, the Secretary, and other entities as the Director 
     determines appropriate, periodically update the operation 
     plan developed and issued under paragraph (1).
       (b) Requirements.--The operation plan developed and issued 
     under subsection (a) shall, at a minimum--
       (1) identify agencies for participation in the rotational 
     cyber workforce program;
       (2) establish procedures for the rotational cyber workforce 
     program, including--
       (A) any training, education, or career development 
     requirements associated with participation in the rotational 
     cyber workforce program;
       (B) any prerequisites or requirements for participation in 
     the rotational cyber workforce program; and
       (C) appropriate rotational cyber workforce program 
     performance measures, reporting requirements, employee exit 
     surveys, and other accountability devices for the evaluation 
     of the program;
       (3) provide that participation in the rotational cyber 
     workforce program by an employee shall be voluntary;
       (4) provide that an employee shall be eligible to 
     participate in the rotational cyber workforce program if the 
     head of the employing agency of the employee, or a designee 
     of the head of the employing agency of the employee, approves 
     of the participation of the employee;
       (5) provide that the detail of an employee to a rotational 
     cyber workforce position under the rotational cyber workforce 
     program shall be on a nonreimbursable basis;
       (6) provide that agencies may agree to partner to ensure 
     that the employing agency of an employee that participates in 
     the rotational cyber workforce program is able to fill the 
     position vacated by the employee;
       (7) require that an employee detailed to a rotational cyber 
     workforce position under the rotational cyber workforce 
     program, upon the end of the period of service with respect 
     to the detail, shall be entitled to return to the position 
     held by the employee, or an equivalent position, in the 
     employing agency of the employee without loss of pay, 
     seniority, or other rights or benefits to which the employee 
     would have been entitled had the employee not been detailed;
       (8) provide that discretion with respect to the assignment 
     of an employee under the rotational cyber workforce program 
     shall remain with the employing agency of the employee;
       (9) require that an employee detailed to a rotational cyber 
     workforce position under the rotational cyber workforce 
     program in an agency that is not the employing agency of the 
     employee shall have all the rights that would be available to 
     the employee if the employee were detailed under a provision 
     of law other than this Act from the employing agency to the 
     agency in which the rotational cyber workforce position is 
     located;
       (10) provide that participation by an employee in the 
     rotational cyber workforce program shall not constitute a 
     change in the conditions of the employment of the employee; 
     and
       (11) provide that an employee participating in the 
     rotational cyber workforce program shall receive performance 
     evaluations relating to service in the rotational cyber 
     workforce program in a participating agency that are--
       (A) prepared by an appropriate officer, supervisor, or 
     management official of the employing agency, acting in 
     coordination with the supervisor at the agency in which the 
     employee is performing service in the rotational cyber 
     workforce position;
       (B) based on objectives identified in the operation plan 
     with respect to the employee; and
       (C) based in whole or in part on the contribution of the 
     employee to the agency in which the employee performed such 
     service, as communicated from that agency to the employing 
     agency of the employee.
       (c) Program Requirements for Rotational Service.--
       (1) In general.--An employee serving in a cyber workforce 
     position in an agency may, with the approval of the head of 
     the agency, submit an application for detail to a rotational 
     cyber workforce position that appears on the list developed 
     under section 3(b).

[[Page H3876]]

       (2) Opm approval for certain positions.--An employee 
     serving in a position in the excepted service may only be 
     selected for a rotational cyber workforce position that is in 
     the competitive service with the prior approval of the Office 
     of Personnel Management, in accordance with section 300.301 
     of title 5, Code of Federal Regulations, or any successor 
     thereto.
       (3) Selection and term.--
       (A) Selection.--The head of an agency shall select an 
     employee for a rotational cyber workforce position under the 
     rotational cyber workforce program in a manner that is 
     consistent with the merit system principles under section 
     2301(b) of title 5, United States Code.
       (B) Term.--Except as provided in subparagraph (C), and 
     notwithstanding section 3341(b) of title 5, United States 
     Code, a detail to a rotational cyber workforce position shall 
     be for a period of not less than 180 days and not more than 1 
     year.
       (C) Extension.--The Chief Human Capital Officer of the 
     agency to which an employee is detailed under the rotational 
     cyber workforce program may extend the period of a detail 
     described in subparagraph (B) for a period of 60 days unless 
     the Chief Human Capital Officer of the employing agency of 
     the employee objects to that extension.
       (4) Written service agreements.--
       (A) In general.--The detail of an employee to a rotational 
     cyber workforce position shall be contingent upon the 
     employee entering into a written service agreement with the 
     employing agency under which the employee is required to 
     complete a period of employment with the employing agency 
     following the conclusion of the detail that is equal in 
     length to the period of the detail.
       (B) Other agreements and obligations.--A written service 
     agreement under subparagraph (A) shall not supersede or 
     modify the terms or conditions of any other service agreement 
     entered into by the employee under any other authority or 
     relieve the obligations between the employee and the 
     employing agency under such a service agreement. Nothing in 
     this subparagraph prevents an employing agency from 
     terminating a service agreement entered into under any other 
     authority under the terms of such agreement or as required by 
     law or regulation.

     SEC. 5. REPORTING BY GAO.

       Not later than the end of the third fiscal year after the 
     fiscal year in which the operation plan under section 4(a) is 
     issued, the Comptroller General of the United States shall 
     submit to Congress a report assessing the operation and 
     effectiveness of the rotational cyber workforce program, 
     which shall address, at a minimum--
       (1) the extent to which agencies have participated in the 
     rotational cyber workforce program, including whether the 
     head of each such participating agency has--
       (A) identified positions within the agency that are 
     rotational cyber workforce positions;
       (B) had employees from other participating agencies serve 
     in positions described in subparagraph (A); and
       (C) had employees of the agency request to serve in 
     rotational cyber workforce positions under the rotational 
     cyber workforce program in participating agencies, including 
     a description of how many such requests were approved; and
       (2) the experiences of employees serving in rotational 
     cyber workforce positions under the rotational cyber 
     workforce program, including an assessment of--
       (A) the period of service;
       (B) the positions (including grade level and occupational 
     series or work level) held by employees before completing 
     service in a rotational cyber workforce position under the 
     rotational cyber workforce program;
       (C) the extent to which each employee who completed service 
     in a rotational cyber workforce position under the rotational 
     cyber workforce program achieved a higher skill level, or 
     attained a skill level in a different area, with respect to 
     information technology, cybersecurity, or other cyber-related 
     functions; and
       (D) the extent to which service in rotational cyber 
     workforce positions has affected intra-agency and interagency 
     integration and coordination of cyber practices, functions, 
     and personnel management.

     SEC. 6. SUNSET.

       Effective 5 years after the date of enactment of this Act, 
     this Act is repealed.

     SEC. 7. DETERMINATION OF BUDGETARY EFFECTS.

       The budgetary effects of this Act, for the purpose of 
     complying with the Statutory Pay-As-You-Go Act of 2010, shall 
     be determined by reference to the latest statement titled 
     ``Budgetary Effects of PAYGO Legislation'' for this Act, 
     submitted for printing in the Congressional Record by the 
     Chairman of the House Budget Committee, provided that such 
     statement has been submitted prior to the vote on passage.
  The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from 
the District of Columbia (Ms. Norton) and the gentleman from 
Pennsylvania (Mr. Keller) each will control 20 minutes.
  The Chair recognizes the gentlewoman from the District of Columbia.


                             General Leave

  Ms. NORTON. Mr. Speaker, I ask unanimous consent that all Members 
have 5 legislative days within which to revise and extend their remarks 
and insert extraneous material on H.R. 3599.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from the District of Columbia?
  There was no objection.
  Ms. NORTON. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, I rise to support H.R. 3599, the Federal Rotational 
Cyber Workforce Program Act. This bill is the product of bipartisan 
cooperation of our Oversight and Reform Committee members, 
Representatives Ro Khanna and Nancy Mace, and I want to thank them for 
their work on this bill.
  Earlier this year, our committee held a hearing on the Government 
Accountability Office's 2021 High-Risk Report, which details the areas 
of government operations at greatest risk of failing to meet the 
considerable challenges they face.
  Cybersecurity was near the top of the list, along with the cyber 
skills gap that persists across the Federal workforce. As the 
Government Accountability Office report described, Federal agencies are 
struggling to ensure that staff have the skills required to address the 
critical cybersecurity risks and challenges that our government faces.
  Recent cyberattacks have demonstrated the dire consequences of 
failing to improve the Federal Government's cybersecurity operations. 
These include the SolarWinds breach, in which Russian hackers 
infiltrated the networks of nine Federal agencies and went undetected 
for months.
  Around the same time, cyberattacks linked to the Chinese government 
targeted Microsoft's enterprise email software and threatened the 
internal data of Federal agencies. In addition, Russian hackers 
successfully breached the servers of the U.S. Department of State and 
stole thousands of emails.
  The Federal Rotational Cyber Workforce Program Act, as it is called, 
would enable cybersecurity professionals in the Federal Government to 
rotate through assignments outside of their regular position. This 
would allow more agencies to benefit from their enterprise and give 
program participants the opportunities for professional development. 
The program would be authorized for 5 years and, after 3 years, the 
Government Accountability Office would assess the operation and 
effectiveness of the program.
  This legislation would go a long way toward improving Federal 
agencies' capacity to strengthen cybersecurity operations, help retain 
top talent, and facilitate the exchange of expertise in this critical 
field.
  The security of Federal information technology systems and data is 
essential to national security, to preserving public trust in 
government institutions, and to ensuring that agencies meet their 
missions in serving the American people.
  I strongly support this bill, and I urge my colleagues to do the 
same.
  Mr. Speaker, I reserve the balance of my time.
  Mr. KELLER. Mr. Speaker, I yield myself such time as I may consume.
  Mr. Speaker, the Federal Government has significant work to do on the 
cybersecurity front. My colleagues, Representatives Khanna and Mace, 
recognized this harsh reality when crafting their bill to improve our 
Federal workforce's cybersecurity and IT expertise.
  We face many challenges, including adequately securing IT 
infrastructure from cyber intrusions, supply chain hacks, and 
ransomware, each the subject of recent front-page news.
  Our cyber readiness depends, in part, upon our ability to maintain a 
prepared and capable Federal workforce to defend our Nation's 
government from a relentless onslaught of cyberattacks.
  Toward that end, the Federal Rotational Cyber Workforce Program Act 
continues efforts created and implemented during the Trump 
administration to promote cyber rotational details throughout Federal 
agencies so that our valuable Federal cyber experts continue to sharpen 
their skills.
  This bill seeks to codify an additional rotational opportunity for 
cyber-focused professionals throughout the Federal Government.
  Former President Trump's executive order, ``America's Cybersecurity 
Workforce,'' established a mechanism for Federal employees to be 
detailed to

[[Page H3877]]

other agencies through a cybersecurity rotational assignment program. 
The Federal Rotational Cyber Workforce Program Act places management of 
a similar type of program under the Office of Personnel Management.
  Importantly, for oversight purposes, the bill establishes 
requirements for a detailed operational plan and a report from the 
Government Accountability Office to enable congressional oversight. 
This will help Congress evaluate whether the rotational program is 
running as intended and meaningfully addressing both personnel and 
agency needs.
  If this new rotational program is not providing the intended value to 
the Federal Government, then Congress will have the opportunity to 
decline reauthorizing the program after it sunsets in 5 years. This is 
a valuable safety valve to the expansion of the Federal Government, 
which I am glad to see included in this bill.
  I thank my colleagues for their work on this bipartisan bill, which 
builds upon the cyber workforce efforts of the prior administration.
  Mr. Speaker, I reserve the balance of my time.
  Ms. NORTON. Mr. Speaker, I yield 2 minutes to the gentleman from 
California (Mr. Khanna).
  Mr. KHANNA. Mr. Speaker, I thank Delegate Norton for her leadership, 
and I thank Ranking Member Comer for his leadership on the bill and, of 
course, Representative Mace, who has been a colleague and helped craft 
this.
  Everyone recognizes that our country faces cyberattacks. In the 
private sector, we don't silo cybersecurity officials. You don't say, 
``You just work in one department.'' They rotate through a company. We 
shouldn't have separate silos in the Federal Government.
  This bill is just common sense. It says that we need to have a 
rotational system in the Federal Government so that you can have 
expertise from all the different agencies, and we can have a 
comprehensive response. It helps us get talent. And it is bipartisan.
  We should give credit to the previous administration for having, as 
was pointed out, the executive order. I worked with Matt Lira at the 
previous White House. There is nothing that is partisan about making 
sure that America isn't attacked with cybercrimes and cyberattacks. 
That is a bipartisan initiative, and this does build on the work they 
did. It makes it stronger, and we put, ultimately, resources toward it.
  But I am proud of the work. I am proud of working with Representative 
Mace on it. Frankly, I think we ought to be doing more things in this 
body in a bipartisan way that strengthen American security.
  Mr. KELLER. Mr. Speaker, I yield such time as she may consume to the 
gentlewoman from South Carolina (Ms. Mace).
  Ms. MACE. Mr. Speaker, today, I rise in support of H.R. 3599, the 
Federal Rotational Cyber Workforce Program Act. It is a long title, but 
it is a very good bill. I thank my colleague, Ro Khanna, for his 
leadership.
  Cybersecurity is national security, and this is one area where it is 
not Democrat or Republican. When 11 Federal agencies were hacked last 
year by an organization affiliated with Russia, they didn't care if you 
had an R or a D by your name.
  Imagine if, in the Federal Government, or at least a portion of the 
Federal Government, we could work and operate more like a business than 
a bureaucracy. Well, we can do that right here today with H.R. 3599.
  I thank, again, Ro Khanna for his leadership and for allowing me the 
opportunity to work together with him on this. This is the third bill I 
have worked on that I hope will pass on the floor of the House tonight.
  We have an opportunity to show tremendous leadership here today. I 
have heard a number of my colleagues here this afternoon, Republicans 
and Democrats, working together for the American people, putting the 
American people first, and that is what we are doing.
  Every day, criminal elements are attempting to steal our secrets, 
disrupt our infrastructure, and damage our economy by extorting money 
from businesses and organizations across the United States.
  Most recently, in the State of South Carolina, we saw the high-
profile Colonial Pipeline hacking and attack. It is a reminder that 
America's adversaries are creative and cunning and that our government 
must be the same to combat this growing threat.
  It is imperative that our government be able to obtain, train, and 
retain the cyber and technology talent needed to counter these 
sophisticated hackers across the globe. The Federal Rotational Cyber 
Workforce Program Act will allow Federal employees to collaborate and 
broaden their work experiences, their knowledge, and their skill sets 
across Federal agencies, much in the same way their counterparts do in 
the private sector.
  I thank my colleagues today, Republicans and Democrats, and I urge 
each and every one of them to vote in favor of this legislation this 
evening.
  Mr. KELLER. Mr. Speaker, I have no further speakers, and I am 
prepared to close.
  Mr. Speaker, it is important to improve the readiness of our Nation's 
cyber workforce through the expansion of cyber rotations between our 
Federal agencies. I encourage my colleagues to support this important 
legislation.
  Mr. Speaker, I yield back the balance of my time.
  Ms. NORTON. Mr. Speaker, I urge passage of H.R. 3599, and I yield 
back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentlewoman from the District of Columbia (Ms. Norton) that the House 
suspend the rules and pass the bill, H.R. 3599, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mrs. GREENE of Georgia. Mr. Speaker, on that I demand the yeas and 
nays.
  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

                          ____________________