[House Report 117-323]
[From the U.S. Government Publishing Office]


117th Congress    }                                  {       Report
                        HOUSE OF REPRESENTATIVES
 2d Session       }                                  {       117-323

======================================================================



 
              CYBERSECURITY GRANTS FOR SCHOOLS ACT OF 2022

                                _______
                                

  May 13, 2022.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Thompson of Mississippi, from the Committee on Homeland Security, 
                        submitted the following

                              R E P O R T

                        [To accompany H.R. 6868]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 6868) to amend the Homeland Security Act of 2002 
to provide for financial assistance to fund certain 
cybersecurity and infrastructure security education and 
training programs and initiatives, and for other purposes, 
having considered the same, reports favorably thereon with an 
amendment and recommends that the bill as amended do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     2
Background and Need for Legislation..............................     2
Hearing..........................................................     3
Committee Consideration..........................................     4
Committee Votes..................................................     4
Committee Oversight Findings.....................................     5
C.B.O. Estimate, New Budget Authority, Entitlement Authority, and 
  Tax Expenditures...............................................     5
Federal Mandates Statement.......................................     6
Duplicative Federal Programs.....................................     6
Statement of General Performance Goals and Objectives............     6
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................     7
Advisory Committee Statement.....................................     7
Applicability to Legislative Branch..............................     7
Section-by-Section Analysis of the Legislation...................     7
Changes in Existing Law Made by the Bill, as Reported............     7

    The amendment is as follows:
  Strike out all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Cybersecurity Grants for Schools Act 
of 2022''.

SEC. 2. STRENGTHENING CYBERSECURITY EDUCATION SUPPORT.

  (a) In General.--Section 2220 of the Homeland Security Act of 2002 (6 
U.S.C. 665f) is amended by adding at the end the following new 
subsection:
  ``(e) Grants and Cooperative Agreements.--The Director may award 
financial assistance in the form of grants or cooperative agreements to 
States, local governments, institutions of higher education (as such 
term is defined in section 101 of the Higher Education Act of 1965 (20 
U.S.C. 1001)), nonprofit organizations, and other non-Federal entities 
as determined appropriate by the Director for the purpose of funding 
cybersecurity and infrastructure security education and training 
programs and initiatives to--
          ``(1) carry out the purposes of CETAP; and
          ``(2) enhance CETAP to address the national shortfall of 
        cybersecurity professionals.''.
  (b) Briefings.--Paragraph (2) of subsection (c) of section 2220 of 
the Homeland Security Act of 2002 (6 U.S.C. 665f) is amended--
          (1) by redesignating subparagraphs (C) and (D) as 
        subparagraphs (D) and (E) respectively; and
          (2) by inserting after subparagraph (B) the following new 
        subparagraph:
                  ``(C) information on any grants or cooperative 
                agreements made pursuant to subsection (e), including 
                how any such grants or cooperative agreements are being 
                used to enhance cybersecurity education for underserved 
                populations or communities;''.

                          Purpose and Summary

    H.R. 6868, the ``Cybersecurity Grants for Schools Act of 
2022,'' authorizes the Cybersecurity and Infrastructure 
Security Agency (CISA) to provide grants or cooperative 
agreements to States, local governments, institutions of higher 
education, nonprofit organizations, and other non-Federal 
entities to carry out the purposes of the Cybersecurity 
Education and Training Assistance Program (CETAP), as 
authorized last year.\1\ CETAP's purpose is to support CISA's 
efforts to build and strengthen ``a national cybersecurity 
workforce pipeline capacity through enabling elementary and 
secondary cybersecurity education.''\2\ To further the CETAP 
program, this legislation grants CISA the authority to provide 
grants to organizations to carry out the program to help 
enhance cybersecurity education at the elementary and secondary 
levels.
---------------------------------------------------------------------------
    \1\Pub. L. 116-283,  1719 (2021).
    \2\Id.
---------------------------------------------------------------------------

                  Background and Need for Legislation

    Cybersecurity expertise is a critical component of national 
security; however, the U.S. has struggled to cultivate a 
cybersecurity talent pipeline, develop academic curriculum, and 
promote awareness and interest among potential job candidates.
    The cybersecurity workforce shortage is a global problem. 
Research conducted by (ISC)\2\, the world's largest nonprofit 
association of cybersecurity professionals, estimates there is 
gap of 3.1 million between the number of skilled professionals 
needed and the number individuals trained to perform that 
work.\3\ According to National Institute for Standards and 
Technology (NIST)-funded research, in the U.S. alone, there is 
a deficit of 464,420 cybersecurity employees; this is a sizable 
gap considering that the total employed in the U.S. cyber 
workforce is just 956,341.\4\
---------------------------------------------------------------------------
    \3\``Cybersecurity Professionals Stand Up to a Pandemic: (ISC)\2\ 
Cybersecurity Workforce Study, 2000,'' (ISC)\2\, available at https://
www.isc2.org/-/media/ISC2/Research/2020/Workforce-Study/
ISC2ResearchDrivenWhitepaperFINAL.ashx.
    \4\``Cybersecurity Supply/Demand Heat Map,'' CyberSeek, (accessed 
July 25, 2021), available at https://www.cyberseek.org/heatmap.html.
---------------------------------------------------------------------------
    Moreover, the demographic composition of the cybersecurity 
workforce lacks the diversity of the U.S. population. A 2018 
deep-dive analysis of the gender, age, tenure, ethnicity, and 
race of the U.S. cyber workforce, carried out by the 
International Information System Security Certification 
Consortium, (ISC)\2\, and the International Consortium of 
Minority Cybersecurity Professionals, found that women 
comprised just 11 percent of the workforce and that African 
Americans and Hispanic Americans accounted for 9 and 4 percent 
respectively.\5\ In 2019, (ISC)\2\ expanded the scope of the 
survey beyond traditional cybersecurity professionals to IT 
professionals who spend at least 25 percent of their time on 
cybersecurity. In that survey, some of these statistical 
averages seemed to increase (e.g., women in cybersecurity 
jumped to 24 percent), but (ISC)\2\ concluded that the change 
may be linked more to methodological differences between 
surveys than an increase in the number of women in the 
field.\6\ These numbers demonstrate that, despite the range of 
government- and industry-driven initiatives to grow the 
cybersecurity workforce, many talent pipelines remain untapped.
---------------------------------------------------------------------------
    \5\Jason Reed and Jonathan Acosta-Rubio, ``Innovation Through 
Inclusion: The Multicultural Cybersecurity Workforce,'' Frost & 
Sullivan (with (ISC)\2\, the International Consortium of Minority 
Professionals, and the Center for Cyber Safety and Education), (2018), 
available at https://www.isc2.org/-/media/Files/Research/Innovation-
Through-Inclusion-Report.ashx.
    \6\``Women in Cybersecurity: Young, Educated and Ready to Take 
Charge,'' (ISC)\2\, (2019), available at https://www.isc2.org/-/media/
ISC2/Research/ISC2-Women-in-Cybersecurity-Report.ashx.
---------------------------------------------------------------------------
    Other factors may be exacerbating the shortage of 
cybersecurity expertise, such as the relative difficulty of 
teaching cybersecurity in a classroom, the shortage of teachers 
who are able to confidently teach cybersecurity to students, 
and the daunting task, particularly in higher education, of 
constantly updating curriculum and syllabi to keep pace with a 
rapidly changing field.\7\ At the K-12 level, a 2020 survey 
found that fewer than half of the participating districts and 
schools had cybersecurity education programs and that rural and 
low-income school districts were less likely to have 
cybersecurity education resources for students.\8\
---------------------------------------------------------------------------
    \7\Laura Bate, ``Cybersecurity Workforce Development: A Primer,'' 
New America, (Nov. 1, 2018), available at https://www.newamerica.org/
cybersecurity-initiative/reports/cybersecurity-workforce-development/.
    \8\``The State of Cybersecurity Education in K-12 Schools,'' EdWeek 
Research Center and CYBER.ORG, (2020), available at https://cyber.org/
sites/default/files/2020-06/
The%20State%20of%20Cybersecurity%20Education%20in%20K-12%20Schools.pdf.
---------------------------------------------------------------------------
    To address the long-standing struggles to grow the cyber 
talent pipeline, CISA launched CETAP to deliver free 
cybersecurity, STEM, and computer science curricula and 
resources to K-12 educators. H.R. 6868 would enhance 
participation in CETAP by authorizing the CISA Director to 
award financial assistance in the form of grants or cooperative 
agreements to States, local governments, institutions of higher 
learning, nonprofit organizations, and other non-Federal 
entities for the purpose of funding cybersecurity and 
infrastructure security education, training programs, and 
initiatives.

                                Hearing

    For the purposes of clause 3(c)(6) of rule XIII of the 
Rules of the House of Representatives, the following hearing 
was used to develop H.R. 6868:
           On July 29, 2021, the Subcommittee on 
        Cybersecurity, Infrastructure Protection, and 
        Innovation held a hearing entitled ``The Cyber Talent 
        Pipeline: Educating a Workforce to Match Today's 
        Threats.'' The Subcommittee received testimony from Mr. 
        Kevin Nolten, Director of Academic Outreach at 
        CYBER.ORG; Dr. Tony Coulson, Executive Director of the 
        Cybersecurity Center and Lead at the National Centers 
        of Academic Excellence in Cybersecurity Community, 
        California State University, San Bernardino; Mr. Ralph 
        Ley, Department Manager of National and Homeland 
        Security Workforce Development and Training at the 
        Idaho National Laboratory; and Mr. Max Stier, President 
        and CEO, Partnership for Public Service.

                        Committee Consideration

    The Committee met on March 2, 2022, a quorum being present, 
to consider H.R. 6868 and ordered the measure to be favorably 
reported to the House, as amended, by a recorded vote of 33-0.

                            Committee Votes

    Clause 3(b) of rule XIII requires the Committee to list the 
recorded votes on the motion to report legislation and 
amendments thereto.
          1. A motion by Mr. Cleaver to favorably report H.R. 
        6824, H.R. 6868, and H.R. 6873, as amended, en bloc, to 
        the House was agreed to by a recorded vote of 33 ayes 
        to 0 noes (Rollcall No. 32).

                                            Committee Rollcall No. 32
       Motion by Mr. Cleaver to Favorably Report H.R. 6824, H.R. 6868, and H.R. 6873, As Amended, En Bloc
                                          Agreed to: 33 ayes to 0 noes
----------------------------------------------------------------------------------------------------------------
                Majority Members                     Vote                Minority Members               Vote
----------------------------------------------------------------------------------------------------------------
Ms. Jackson Lee................................  ............  Mr. Katko..........................          Aye
Mr. Langevin...................................          Aye   Mr. McCaul.........................  ............
Mr. Payne......................................          Aye   Mr. Higgins (LA)...................          Aye
Mr. Correa.....................................          Aye   Mr. Guest..........................          Aye
Ms. Slotkin....................................          Aye   Mr. Bishop (NC)....................          Aye
Mr. Cleaver....................................          Aye   Mr. Van Drew.......................          Aye
Mr. Green (TX).................................          Aye   Mr. Norman.........................          Aye
Ms. Clarke (NY)................................          Aye   Mrs. Miller-Meeks..................          Aye
Mr. Swalwell...................................          Aye   Mrs. Harshbarger...................          Aye
Ms. Titus......................................          Aye   Mr. Clyde..........................          Aye
Mrs. Watson Coleman............................          Aye   Mr. Gimenez........................          Aye
Miss Rice (NY).................................          Aye   Mr. LaTurner.......................          Aye
Mrs. Demings...................................          Aye   Mr. Meijer.........................          Aye
Ms. Barragan...................................          Aye   Mrs. Cammack.......................          Aye
Mr. Gottheimer.................................          Aye   Mr. Pfluger........................          Aye
Mrs. Luria.....................................          Aye   Mr. Garbarino......................          Aye
Mr. Malinowski.................................          Aye
Mr. Torres (NY)................................          Aye
Mr. Thompson (MS), Chairman....................          Aye
----------------------------------------------------------------------------------------------------------------

                      Committee Oversight Findings

    In compliance with clause 3(c)(1) of rule XIII, the 
Committee advises that the findings and recommendations of the 
Committee, based on oversight activities under clause 2(b)(1) 
of rule X, are incorporated in the descriptive portions of this 
report.

congressional budget office estimate, new budget authority, entitlement 
                    authority, and tax expenditures

    With respect to the requirements of clause 3(c)(2) of rule 
XIII and section 308(a) of the Congressional Budget Act of 
1974, and with respect to the requirements of clause 3(c)(3) of 
rule XIII and section 402 of the Congressional Budget Act of 
1974, the Committee adopts as its own the estimate of any new 
budget authority, spending authority, credit authority, or an 
increase or decrease in revenues or tax expenditures contained 
in the cost estimate prepared by the Director of the 
Congressional Budget Office.

                                     U.S. Congress,
                               Congressional Budget Office,
                                    Washington, DC, April 27, 2022.
Hon. Bennie G. Thompson,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 6868, the 
Cybersecurity Grants for Schools Act of 2022.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Aldo 
Prosperi.
            Sincerely,
                                         Phillip L. Swagel,
                                                          Director.
    Enclosure.

	    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    

    H.R. 6868 would authorize the Cybersecurity and 
Infrastructure Security Agency (CISA) to award grants to cyber 
education and training programs. The bill also would require 
the agency to report to the Congress on the effectiveness of 
its efforts.
    CISA is already providing the grants that would be 
authorized under H.R. 6868 through the Cybersecurity Education 
and Training Assistance Program; thus, the bill would codify 
those responsibilities and would not impose any new grant 
requirements on the agency.
    The agency could expand a report provided under current law 
to satisfy the new reporting requirement in the bill. CBO 
estimates that doing so would cost less than $500,000 over the 
2022-2026 period; such spending would be subject to the 
availability of appropriated funds.
    The CBO staff contact for this estimate is Aldo Prosperi. 
The estimate was reviewed by Leo Lex, Deputy Director of Budget 
Analysis.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                      Duplicative Federal Programs

    Pursuant to clause 3(c) of rule XIII, the Committee finds 
that H.R. 6868 does not contain any provision that establishes 
or reauthorizes a program known to be duplicative of another 
Federal program.

         Statement of General Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of rule XIII, the objective of 
H.R. 6868 is to enhance CISA's ability to support cybersecurity 
education programs and grow the cybersecurity talent pipeline.

   Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
                                Benefits

    In compliance with rule XXI, this bill, as reported, 
contains no congressional earmarks, limited tax benefits, or 
limited tariff benefits as defined in clause 9(d), 9(e), or 
9(f) of rule XXI.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  Applicability to Legislative Branch

    The Committee finds that H.R. 6868 does not relate to the 
terms and conditions of employment or access to public services 
or accommodations within the meaning of section 102(b)(3) of 
the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation

    Section 1. Short Title.

    This section states that the Act may be cited as the 
``Cybersecurity Grants for Schools Act of 2022''.

    Sec. 2. Strengthening cybersecurity education support.

    This section authorizes the CISA Director to award 
financial assistance in the form of grants or cooperative 
agreements to States, local governments, institutions of higher 
learning, nonprofit organizations, and other non-Federal 
entities for the purpose of funding cybersecurity and 
infrastructure security education and training programs and 
initiatives to carry out the purposes of CETAP and enhance 
CETAP to address the national shortfall of cybersecurity 
professionals.
    This section also amends the Secretary of Homeland 
Security's obligations to brief relevant congressional 
committees about CETAP's activities and requires such briefings 
to include information on any grants or cooperative agreements 
entered into, including how any such grants or cooperative 
agreements are being used to enhance cybersecurity education in 
underserved populations or communities.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italics, and existing law in which no 
change is proposed is shown in roman):

                     HOMELAND SECURITY ACT OF 2002



           *       *       *       *       *       *       *
      TITLE XXII--CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY

Subtitle A--Cybersecurity and Infrastructure Security

           *       *       *       *       *       *       *


SEC. 2220. CYBERSECURITY EDUCATION AND TRAINING PROGRAMS..

  (a) Establishment.--
          (1) In general.--The Cybersecurity Education and 
        Training Assistance Program (referred to in this 
        section as ``CETAP'') is established within the Agency.
          (2) Purpose.--The purpose of CETAP shall be to 
        support the effort of the Agency in building and 
        strengthening a national cybersecurity workforce 
        pipeline capacity through enabling elementary and 
        secondary cybersecurity education, including by--
                  (A) providing foundational cybersecurity 
                awareness and literacy;
                  (B) encouraging cybersecurity career 
                exploration; and
                  (C) supporting the teaching of cybersecurity 
                skills at the elementary and secondary 
                education levels.
  (b) Requirements.--In carrying out CETAP, the Director 
shall--
          (1) ensure that the program--
                  (A) creates and disseminates cybersecurity-
                focused curricula and career awareness 
                materials appropriate for use at the elementary 
                and secondary education levels;
                  (B) conducts professional development 
                sessions for teachers;
                  (C) develops resources for the teaching of 
                cybersecurity-focused curricula described in 
                subparagraph (A);
                  (D) provides direct student engagement 
                opportunities through camps and other 
                programming;
                  (E) engages with State educational agencies 
                and local educational agencies to promote 
                awareness of the program and ensure that 
                offerings align with State and local curricula;
                  (F) integrates with existing post-secondary 
                education and workforce development programs at 
                the Department;
                  (G) promotes and supports national standards 
                for elementary and secondary cyber education;
                  (H) partners with cybersecurity and education 
                stakeholder groups to expand outreach; and
                  (I) any other activity the Director 
                determines necessary to meet the purpose 
                described in subsection (a)(2); and
          (2) enable the deployment of CETAP nationwide, with 
        special consideration for underserved populations or 
        communities.
  (c) Briefings.--
          (1) In general.--Not later than 1 year after the 
        establishment of CETAP, and annually thereafter, the 
        Secretary shall brief the Committee on Homeland 
        Security and Governmental Affairs of the Senate and the 
        Committee on Homeland Security of the House of 
        Representatives on the program.
          (2) Contents.--Each briefing conducted under 
        paragraph (1) shall include--
                  (A) estimated figures on the number of 
                students reached and teachers engaged;
                  (B) information on outreach and engagement 
                efforts, including the activities described in 
                subsection (b)(1)(E);
                  (C) information on any grants or cooperative 
                agreements made pursuant to subsection (e), 
                including how any such grants or cooperative 
                agreements are being used to enhance 
                cybersecurity education for underserved 
                populations or communities;
                  [(C)] (D) information on new curricula 
                offerings and teacher training platforms; and
                  [(D)] (E) information on coordination with 
                post-secondary education and workforce 
                development programs at the Department.
  (d) Mission Promotion.--The Director may use appropriated 
amounts to purchase promotional and recognition items and 
marketing and advertising services to publicize and promote the 
mission and services of the Agency, support the activities of 
the Agency, and to recruit and retain Agency personnel.
  (e) Grants and Cooperative Agreements.--The Director may 
award financial assistance in the form of grants or cooperative 
agreements to States, local governments, institutions of higher 
education (as such term is defined in section 101 of the Higher 
Education Act of 1965 (20 U.S.C. 1001)), nonprofit 
organizations, and other non-Federal entities as determined 
appropriate by the Director for the purpose of funding 
cybersecurity and infrastructure security education and 
training programs and initiatives to--
          (1) carry out the purposes of CETAP; and
          (2) enhance CETAP to address the national shortfall 
        of cybersecurity professionals.

           *       *       *       *       *       *       *


                                  [all]