Bill Would Create Cyber Workforce Training Programs at CISA and VA

Senators from both sides of the aisle want to improve government cybersecurity by bolstering the workforce through two new federally-focused training programs.

The bipartisan Federal Cybersecurity Workforce Expansion Act was introduced Friday by Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas. The bill would create two new cybersecurity training programs: an apprenticeship program based out of the government’s central cybersecurity office, the Cybersecurity and Infrastructure Security Agency, or CISA, and another at the Veterans Affairs Department targeted toward veterans.

If passed, the legislation would require CISA to create at least one apprenticeship program within the next two years, designed to prepare the trainees for a job at CISA or “a position with a company or other entity provided that the position is certified by the director as contributing to the national cybersecurity of the United States; and funded at least in majority part through a contract, grant or cooperative agreement with the agency.”

The program must also be registered with the Labor Department’s Office of Apprenticeship.

VA would be on a tighter timeline, required to create “a pilot program under which the secretary shall provide cyber-specific training for eligible individuals” within one year of the law being enacted.

The veteran-focused program would be required to offer:

• Virtual platforms for coursework and training.
• Hands-on skills labs and assessments.
• Federal work-based learning opportunities and programs.
• The provision of portable credentials to eligible individuals who graduate from the pilot program.

Those “portable credentials” could be a “degree, diploma, license, certificate, badge and professional or industry certification” that meet a litany of specific requirements outlined in the bill, including enabling “a holder of the credential to move vertically and horizontally within and across training and education systems for the attainment of other credentials.”

This latest cybersecurity workforce legislation is a direct response to recent major breaches affecting the federal government and critical infrastructure sectors.

“The need for qualified cybersecurity personnel is greater than ever, as demonstrated by the recent SolarWinds breach and the growing spate of ransomware attacks on critical infrastructure entities and State and local governments,” the bill text states.

In a statement Friday, Hassan specifically called out the SolarWinds incident, which exposed supply chain vulnerabilities in at least nine federal agencies and will require significant work to remediate and prevent future breaches.

“In order to bolster our cyber defenses and protect our critical infrastructure, we need to increase the number of cybersecurity professionals in the federal government,” she said. “This bipartisan bill will also help address the workforce challenges in the veteran community by standing up a cyber-training program at the VA to help veterans secure good-paying, stable jobs, and I urge my colleagues to join me in supporting this legislation.”

Both programs would need to conform to the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education, or NICE, framework, which sets standards for “work roles and associated tasks, knowledge and skills” for the industry.

And while both programs are intended to bolster the cybersecurity workforce nationwide, all training should specifically prepare candidates to work in the federal government.

“Cyber threats are evolving each day, and we must have a workforce prepared to respond,” Cornyn said. “By harnessing the experience of our veterans and creating more opportunities for hands-on learning, this legislation would help ensure we are ready to fend off cyberattacks from our adversaries.”