Homeland Security Cybersecurity Boots-on-the-Ground Act

The Homeland Security Cybersecurity Boots-on-the-Ground Act is a bill that would require the United States Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce. DHS would also be required to create a strategy for recruiting and training additional cybersecurity employees.

The bill was introduced into the United States House of Representatives during the 113th United States Congress.

Background
Computer security (also known as cybersecurity or IT security) is information security as applied to computing devices such as computers and smartphones, as well as computer networks such as private and public networks, including the Internet. The field covers all the processes and mechanisms by which computer-based equipment, information and services are protected from unintended or unauthorized access, change or destruction, and is of growing importance in line with the increasing reliance on computer systems of most societies worldwide.

Provisions of the bill
This summary is based largely on the summary provided by the Congressional Research Service, a public domain source.

The Homeland Security Cybersecurity Boots-on-the-Ground Act would require the United States Secretary of Homeland Security to: (1) develop occupation classifications for individuals performing activities in furtherance of the cybersecurity mission of the United States Department of Homeland Security (DHS), (2) ensure that such classifications may be used throughout DHS and are made available to other federal agencies, and (3) assess the readiness and capacity of DHS to meet its cybersecurity mission.

The bill would define "cybersecurity mission" as threat and vulnerability reduction, deterrence, incident response, resiliency, and recovery activities to foster the security and stability of cyberspace.

The bill would direct the Secretary, acting through the DHS Chief Human Capital Officer and Chief Information Officer, to include in such readiness assessment information on which cybersecurity positions are performed by: (1) permanent full-time departmental employees (together with demographic information about such employees' race, ethnicity, gender, disability status, and veterans status); (2) individuals employed by independent contractors; and (3) individuals employed by other federal agencies, including the National Security Agency (NSA). Requires the assessment to address vacancies within the supervisory workforce, job training, and recruiting costs.

The bill would direct the Secretary to develop: (1) a workforce strategy that enhances the readiness, capacity, training, recruitment, and retention of the DHS cybersecurity workforce, including a multiphased recruitment plan, a 5-year implementation plan, and a 10-year projection of federal workforce needs; and (2) a process to verify that employees of independent contractors who serve in DHS cybersecurity positions receive initial and recurrent information security and role-based security training commensurate with assigned responsibilities.

The bill would require the Secretary to provide Congress with annual updates regarding such strategies, assessments, and training.

The bill would require the Comptroller General (GAO) to study and report to the Secretary and Congress with respect to such assessments and strategies.

The bill would direct the Secretary to report to Congress regarding the feasibility of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for undergraduate and doctoral candidates who agree to work for DHS for an agreed-upon period of time.

Congressional Budget Office report
''This summary is based largely on the summary provided by the Congressional Budget Office, as reported by the House Committee on Homeland Security on December 12, 2013. This is a public domain source.''

H.R. 3107 would require the Department of Homeland Security (DHS) to undertake several actions designed to improve the readiness and capacity of DHS’s cybersecurity workforce. In particular, the bill would require that DHS prepare a report on that workforce—based on occupational classifications—assessing training, hiring, vacancies, and other factors that could affect readiness. The bill also would require DHS to develop a cybersecurity workforce strategy that would enable the department to develop and retain an effective cybersecurity workforce.

In preparing the assessments and strategy required by the bill, the Congressional Budget Office (CBO) expects that DHS would be able to draw from several similar federal efforts—such as the National Cybersecurity Workforce Framework, the Information Technology Workforce Assessment for Cybersecurity, and DHS’s Coordinated Recruiting and Outreach Strategy—and therefore, that the cost of completing those new requirements would total less than $500,000.

The bill also would require DHS to maintain documentation verifying that contractors who serve in cybersecurity roles at DHS receive the training necessary to perform their assigned responsibilities. CBO anticipates that effort would require additional staffing and resources. Based on the cost of similar personnel, CBO estimates that implementing that requirement would cost approximately $2 million over the 2014-2019 period, subject to the availability of appropriated funds.

Enacting H.R. 3107 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.

H.R. 3107 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act and would not affect the budgets of state, local, or tribal governments.

Procedural history
The Homeland Security Cybersecurity Boots-on-the-Ground Act was introduced into the United States House of Representatives by Rep. Yvette D. Clarke (D, NY-9). The bill was referred to the United States House Committee on Homeland Security and the United States House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies. On December 12, 2013, the bill was reported (amended) alongside House Report 113-294. On July 28, 2014, the House voted in Roll Call Vote 457 to pass the bill 395-8.

Debate and discussion
Rep. Bennie Thompson (D-MS), who co-sponsored the bill, said that "DHS' success depends on how well it recruits, hires, and trains its cyber workforce."

Rep. Pat Meehan (R-PA) supported the bill, saying that "the cyber risk is among the most serious our nation faces today. Terrorist groups like Hamas, nation-states like Iran, China and Russia and criminal gangs across the world are constantly attempting to breach our systems. But existing laws that have been on the books for years are not designed to cope with the threat."