Senate Passes Bennet, Portman Measure to Strengthen Federal Cybersecurity

Measure Included in Cybersecurity Information Sharing Act (CISA)

Would Ensure Federal Agencies Have Skilled, Trained Workforce to Combat Cyber Threats

Washington, DC - Today, the U.S. Senate passed a provision written by U.S. Senators Michael Bennet (D-CO) and Rob Portman (R-OH) to strengthen federal cybersecurity by implementing a consistent framework for identifying cyber-related positions and recruiting qualified personnel across the federal government. The measure was included as part of the bipartisan Cybersecurity Information Sharing Act (CISA), which allows public and private sector entities to share cyber threat data through a centralized Department of Homeland Security (DHS) portal.

"Cyber attacks are a growing national problem that will only increase as we rely more heavily on the Internet, mobile devices, and other new technologies," Bennet said. "Recent attacks, like the Office of Personnel Management breach, have exposed federal cyber vulnerabilities. We need to take steps to pinpoint our weaknesses and deploy the resources and personnel to combat these evolving threats. Our measure will implement a uniform system for identifying areas where we are susceptible to attacks and ensure that federal agencies have the highly-trained personnel that they need."

"Recent hacks have exposed the need to improve the federal government's ability to protect sensitive information and infrastructure," Portman stated. "To keep us secure, we need world-class, highly-trained cybersecurity employees in the right places in the federal workforce. Our bill takes important steps towards accomplishing that goal and I am pleased that it has passed the Senate today."

Over the past several decades, agencies across the federal government have established individual hiring processes and approaches to manage federal IT systems and infrastructure. As cybersecurity threats have increased across the government, it has become increasingly clear a uniform system to better educate, recruit, train, develop, and retain a highly-qualified workforce is essential. In 2011, the Government Accountability Office (GAO) reported on the significant challenges federal agencies face to determine the size and composition of their cybersecurity workforce because of the wide variations in how the work and workforce is defined.

The National Institute for Standards and Technology (NIST), the Department of Homeland Security (DHS), and the Office of Personnel Management (OPM) together launched the National Initiative for Cybersecurity Education (NICE), which is working to uniformly classify cybersecurity job functions. This new framework will help agencies assess their current workforce to identify skill shortages, and provide a comprehensive look at the cybersecurity workforce across the entire federal government.

The Bennet-Portman provision will help move the initiative forward by defining specific tasks, milestones, and timelines for agencies to follow, and directing agencies to assess where their cybersecurity workforces are weakest. The bipartisan proposal will help ensure that the necessary federal departments and agencies are meeting key deadlines and reporting to Congress on time.

This provision follows on a narrower measure Portman and Bennet passed as an amendment to the Department of Homeland Security Workforce Recruitment and Retention Act that extended these security reforms to the Department of Homeland Security.

# # #