[Senate Report 118-331]
[From the U.S. Government Publishing Office]
Calendar No. 751
118th Congress } { Report
SENATE
2d Session } { 118-331
_______________________________________________________________________
DHS CYBERSECURITY INTERNSHIP
PROGRAM ACT
__________
R E P O R T
of the
COMMITTEE ON HOMELAND SECURITY AND
GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
to accompany
S. 5321
TO AMEND THE HOMELAND SECURITY ACT OF 2002 TO
ESTABLISH DHS CYBERSECURITY INTERNSHIP
PROGRAM, AND FOR OTHER PURPOSES
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
December 19 (legislative day, December 16), 2024.--Ordered to be
printed
------
U.S. GOVERNMENT PUBLISHING OFFICE
59-010 WASHINGTON : 2025
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
GARY C. PETERS, Michigan, Chairman
THOMAS R. CARPER, Delaware RAND PAUL, Kentucky
MAGGIE HASSAN, New Hampshire RON JOHNSON, Wisconsin
KYRSTEN SINEMA, Arizona JAMES LANKFORD, Oklahoma
JACKY ROSEN, Nevada MITT ROMNEY, Utah
JON OSSOFF, Georgia RICK SCOTT, Florida
RICHARD BLUMENTHAL, Connecticut JOSH HAWLEY, Missouri
ADAM SCHIFF, California ROGER MARSHALL, Kansas
David M. Weinberg, Staff Director
Alan S. Kahn, Chief Counsel
Christopher J. Mulkins, Director of Homeland Security
Emily A. Ferguson, Professional Staff Member
William E. Henderson III, Minority Staff Director
Christina N. Salazar, Minority Chief Counsel
Andrew J. Hopkins, Minority Counsel
Kendal B. Tigner, Minority Professional Staff Member
Laura W. Kilbride, Chief Clerk
Calendar No. 751
118th Congress } { Report
SENATE
2d Session } { 118-331
======================================================================
DHS CYBERSECURITY INTERNSHIP PROGRAM ACT
_______
December 19 (legislative day, December 16), 2024.--Ordered to be
printed
_______
Mr. Peters, from the Committee on Homeland Security and
Governmental Affairs, submitted the following
R E P O R T
[To accompany S. 5321]
The Committee on Homeland Security and Governmental
Affairs, to which was referred the bill (S. 5321) to amend the
Homeland Security Act of 2002 to establish a DHS Cybersecurity
Internship Program, and for other purposes, having considered
the same, reports favorably thereon with an amendment, in the
nature of a substitute, and recommends that the bill, as
amended, do pass.
CONTENTS
Page
I. Purpose and Summary..............................................1
II. Background and Need for the Legislation..........................2
III. Legislative History..............................................3
IV. Section-by-Section Analysis of the Bill, as Reported.............3
V. Evaluation of Regulatory Impact..................................4
VI. Changes in Existing Law Made by the Bill, as Reported............4
I. Purpose and Summary
S. 5321, the DHS Cybersecurity Internship Act, codifies the
Department of Homeland Security (DHS) cyber internship program.
This bill authorizes DHS to provide paid cybersecurity
internships to students at secondary schools, technical
schools, community colleges, undergraduate programs, and
postgraduate programs. It directs DHS to, as practicable,
ensure each internship class includes members from across the
eligible institution types. Additionally, the bill requires DHS
to provide an annual report to Congress on the number of
participating individuals, their job duties, and DHS components
supported, as well as outreach and recruiting efforts by DHS
for the program.
II. Background and Need for the Legislation
Cybersecurity threats against both the government and
private sector are a matter of national security.\1\ In Fiscal
Year 2023 alone, the total number of cyber incidents faced by
federal agencies increased from 29,319 to 32,229.\2\ Globally,
cyber threats increased by 30% from 2023 to 2024, with
education, government, military, and healthcare industries as
the most prominent targets.\3\ To properly combat cyber threats
and defend the nation's cyber networks and systems, the United
States needs a capable and sustainable cybersecurity
workforce.\4\ However, according to the National Center for
Science and Engineering Statistics' 2024 Cybersecurity
Workforce Supply and Demand Report, in the past five years, the
gap between the supply and demand of cybersecurity workers has
continued to be a major challenge for the United States.\5\
Furthermore, the International Information System Security
Certification Consortium (ISC2) also estimated that in 2024
there were 542,687 unfilled cyber positions in the public and
private sectors in the United States, an increase of 4.0% from
2023.\6\ The hiring challenges faced in the public sector are
even more stark because pay differences may be 20 to 50%
greater in the private sector for similar job roles.\7\ Despite
this challenge, it is essential to fill these roles within
government as cybersecurity personnel protect the nation from
cyberattacks and ensure confidentiality, integrity, and access
to information for citizens and employees.
---------------------------------------------------------------------------
\1\White House, National Cybersecurity Strategy (March 2, 2023)
(www.whitehouse.gov/oncd/
national-cybersecurity-strategy/) and Exec. Order No. 14028 86 FR 26633
(May 12, 2021).
\2\Office of Management and Budget, Federal Information Security
Modernization Act of 2014 Annual Report Fiscal Year 2023 (June 2024)
(www.whitehouse.gov/wp-content/uploads/2024/06/FY23-FISMA-Report.pdf).
\3\Check Point, Check Point Research Reports Highest Increase of
Global Cyber Attacks seen in last two years--a 30% Increase in Q2 2024
Global Cyber Attacks (July 16, 2024) (https://blog. checkpoint.com/
research/check-point-research-reports-highest-increase-of-global-cyber-
attacks-seen-in-last-two-years-a-30-increase-in-q2-2024-global-cyber-
attacks).
\4\Department of Defense, DOD Cyber Workforce Strategy: 2023-2027
(March 1, 2023) (https://dodcio.defense.gov/Portals/0/Documents/
Library/CWF-Strategy.pdf).
\5\National Center for Science and Engineering Statistics,
Cybersecurity Workforce Supply and Demand Report (May 2024) (https://
ncses.nsf.gov/760/assets/0/files/ncses-cwdi-supply-demand-
report.pdf).
\6\ISC2, Global Cybersecurity Workforce Prepares for an AI-Driven
World, at 11 (2024) (https://edge.sitecorecloud.io/internationf173-
xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/doc uments/
research/2024-ISC2-WFS.pdf).
\7\StateTech, How Thoughtful Cybersecurity Training Yields Benefits
for Government Workers (February 2, 2022) (statetechmagazine.com/
article/2022/02/how-thoughtful-cybersecurity-training
-yields-benefits-government-workers); RAND, Comparison of Public and
Private Sector Cybersecurity and IT Workforces (February 7, 2023)
(www.rand.org/pubs/research_reports/RRA660-7.html).
---------------------------------------------------------------------------
Recognizing the increased need for a talented cyber
workforce, the Department of Homeland Security (DHS) launched
its cyber security college internship program as part of the
National Initiative for Cybersecurity Careers and Studies
(NICCS) in 2013.\8\ The program is designed to allow current
high school and college students to work alongside cyber
experts at DHS to support agency mission goals.\9\ DHS
established this program under the authorities of 5 U.S.C.
Sec. 3111a, which allows agency heads to create internship
programs and to pay those interns.\10\
---------------------------------------------------------------------------
\8\Department of Homeland Security, DHS Launches National
Initiative for Cybersecurity Careers and Studies (February 21, 2013).
\9\Department of Homeland Security, Cybersecurity Internship
Program (accessed December 4, 2024) (https://www.dhs.gov/homeland-
security-careers/cybersecurity-internship-program).
\10\5 U.S.C. Sec. 3111(a).
---------------------------------------------------------------------------
In June 2024, DHS's Chief Information Officer and Chief
Artificial Intelligence Officer, Eric Hysen, testified before
the United States House of Representatives Committee on
Homeland Security that despite DHS employing over 8,000
cybersecurity professionals there are an estimated 2,000 cyber
job openings just within DHS.\11\ The DHS Cybersecurity
Internship Act would address the need to bolster the United
States' cyber workforce by codifying DHS's cyber internship
program, solidifying an established pipeline for cyber talent
to enter federal service. The bill also includes several
reporting requirements to increase oversight and ensure the
program's effectiveness, which DHS can then use to modify and
improve the program. Additionally, requiring the Secretary of
Homeland Security to consider participants from various
institutions, including technical schools and community
colleges, will allow for a cohort with a wider range of
background experiences within the internship program.
---------------------------------------------------------------------------
\11\United States House of Representatives Committee on Homeland
Security, Testimony Submitted for the Record of Eric Hysen, Dept. of
Homeland Security, Finding 500,000: Addressing America's Cyber
Workforce Gap, 118th Cong. (Jun. 26, 2024).
---------------------------------------------------------------------------
III. Legislative History
Senator Peters (D-MI) introduced S. 5321, the DHS
Cybersecurity Internship Program Act, on November 14, 2024. The
bill was referred to the Senate Committee on Homeland Security
and Governmental Affairs.
The Committee considered S. 5321 at a business meeting on
November 20, 2024. At the business meeting, Chairman Peters
offered a substitute amendment to the bill, which gave a
technical correction clarifying that eligible individuals may
participate but are not required to participate in the program.
The Committee adopted the Peters substitute amendment with
unanimous consent with Senators Peters, Hassan, Rosen, Ossoff,
Blumenthal, Butler, Lankford, and Hawley present.
The bill, amended by the Peters substitute amendment was
ordered reported favorably by a roll call vote of 7 yeas to 1
nay with Senators Peters, Hassan, Rosen, Ossoff, Blumenthal,
Butler, and Lankford voting in the affirmative, and Senator
Hawley voting in the negative. Senators Carper, Sinema, Romney
and Marshall voted yea by proxy, and Senators Paul, Johnson and
Scott voted nay by proxy for the record only.
IV. Section-by-Section Analysis of the Bill, as Reported
Section 1: Short title
This section establishes the short title of the bill as the
``DHS Cybersecurity Internship Program Act.''
Section 2: Cybersecurity internship program
Subsection (a) includes the following subparagraphs by
amending subtitle D of title XIII of the Homeland Security Act
of 2002 to add Sec. 1334.
Subsection (a) of Sec. 1334 defines ``historically
black college or university,'' ``institution of higher
education,'' ``junior or community college,''
``minority-serving institution,'' ``secondary school,''
and ``technical, trade, or vocational school.''
Subsection (b) of Sec. 1334 requires the Secretary of
Homeland Security to have a paid cybersecurity
internship program for eligible participants at the
Department of Homeland Security. The Secretary will
align duties with the participant's education, skills,
and experience.
Subsection (c) of Sec. 1334 defines the eligibility
of a participant in the cybersecurity internship
program as a citizen of the United States, be at least
16 years old, and be enrolled in a secondary school,
technical, trade, or vocational school, or institution
of higher education.
Subsection (d) of Sec. 13334 requires the Secretary
of Homeland Security to ensure participants for each
intern class in the cybersecurity internship program
include students enrolled in secondary education,
junior or community colleges, undergraduate degree
programs, postgraduate degree programs, and technical,
trade or vocational schools.
Subsection (e) of Sec. 1334 requires the Secretary of
Homeland Security to submit an annual report beginning
1 year after the date of enactment to the Committee on
Homeland Security and Governmental Affairs of the
Senate and the Committee on Homeland Security of the
House of Representatives containing a description of
outreach efforts to raise awareness of the
cybersecurity internship program, information on
specific recruiting efforts by the Secretary to
increase participation in the Program, and the number
of individuals participating in the Program, listed by
the type of school or program in which the individual
is enrolled at the time of participation, and
information on the nature of each such participation,
including Department components supported, and the
duties of each such individual.
Subsection (b) makes a clerical amendment to add ``Sec.
1334. Cybersecurity internship program,'' to the table of
contents accompanying the Homeland Security Act of 2002.
V. Evaluation of Regulatory Impact
Pursuant to the requirements of paragraph 11(b) of rule
XXVI of the Standing Rules of the Senate, the Committee has
considered the regulatory impact of this bill and determined
that the bill will have no regulatory impact within the meaning
of the rules. The Committee agrees with the Congressional
Budget Office's statement that the bill contains no
intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act (UMRA) and would impose no costs
on state, local, or tribal governments.
VI. Changes in Existing Law Made by the Bill, as Reported
In compliance with paragraph 12 of rule XXVI of the
Standing Rules of the Senate, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in brackets, new matter is
printed in italic, and existing law in which no change is
proposed is shown in roman):
HOMELAND SECURITY ACT OF 2002
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--this Act may be cited as the ``Homeland
Security Act of 2002''.
(b) Table of Contents.--The table of contents for this Act
is as follows:
* * * * * * *
TITLE XIII--FEDERAL WORKFORCE
IMPROVEMENT
Subtitle D--Academic Training
* * * * * * *
SEC. 1334. CYBERSECURITY INTERNSHIP PROGRAM.
* * * * * * *
TITLE XIII--FEDERAL WORKFORCE
IMPROVEMENT
* * * * * * *
Subtitle D--Academic Training
* * * * * * *
SEC. 1334. CYBERSECURITY INTERNSHIP PROGRAM.
(a) Definitions.--In this section:
(1) Historically black college or university.--The
term `historically Black college or university' has the
meaning given the term `part B institution' in section
322 of the Higher Education Act of 1965 (20 U.S.C.
1061).
(2) Institution of higher education.--The term
`institution of higher education' has the meaning given
that term in section 101 of the Higher Education Act of
1965 (20 U.S.C. 1001).
(3) Junior or community college.--The term `junior or
community college' has the meaning given that term in
section 312 of the Higher Education Act of 1965 (20
U.S.C. 1058).
(4) Minority serving institution.--The term
`minority-serving institution' means an eligible
institution of higher education described in section
371(a) of the Higher Education Act of 1965 (20 U.S.C.
1067q(a)).
(5) Secondary school.--The term `secondary school'
means a school or program that provides secondary
education, as determined under State law, except that
the term does not include any education beyond grade
12.
(6) Technical, trade, or vocational school.--The term
`technical, trade, or vocational school' has the
meaning given that term in section 411.167 of title 20,
Code of Federal Regulations.
(b) Program.--The Secretary shall carry out a cybersecurity
internship program (in this section referred to as the
`Program') under which an eligible individual participates in a
paid cybersecurity internship at the Department with duties
aligned to such participant's respective education, skills, and
experience.
(c) Eligibility.--To be eligible to participate in the
Program, an individual shall--
(1) be a citizen of the United States;
(2) be at least 16 years old; and
(3) be enrolled in a secondary school, technical,
trade, or vocational school, or institution of higher
education, in accordance with subsection (d).
(d) Composition.--The Secretary shall, as practicable,
ensure that participants selected for the Program for each
intern class include students enrolled in each of the
following:
(1) Secondary schools.
(2) Junior or community colleges.
(3) Undergraduate degree programs.
(4) Postgraduate degree programs.
(5) Technical, trade, or vocational schools.
(e) Reports.--
(1) Reports.--Not later than 1 year after the date of
enactment of the DHS Cybersecurity Internship Program
Act and annually thereafter, the Secretary shall submit
to the Committee on Homeland Security and Governmental
Affairs of the Senate and the Committee on Homeland
Security of the House of Representatives a report on
the Program.
(2) Matters.--Each report under paragraph (1) shall
include, with respect to the most recent Program year,
the following:
(A) A description of outreach efforts by the
Secretary to raise awareness of the Program
among secondary schools and institutions of
higher education, including among junior or
community colleges, historically Black colleges
and universities, and other minority-serving
institutions.
(B) Information on specific recruiting
efforts by the Secretary to increase
participation in the Program.
(C) The number of individuals participating
in the Program, listed by the type of school or
program in which the individual is enrolled at
the time of participation, and information on
the nature of each such participation,
including Department components supported, and
the duties of each such individual.
(3) Consolidation.--Reports submitted under this
subsection may be consolidated with the reports
required under section 1333(e).
* * * * * * *
[all]