One Hundred Thirteenth Congress of the United States of America
At the Second Session
Begun and held at the City of Washington on Friday, the third day of January, two thousand and fourteen
H. R. 2952
To require the Secretary of Homeland Security to assess the cybersecurity workforce of the Department of Homeland Security and develop a comprehensive workforce strategy, and for other purposes.
This Act may be cited as the
Cybersecurity Workforce Assessment Act
In this Act—
the term Cybersecurity Category means a position’s or incumbent’s primary work function involving cybersecurity, which is further defined by Specialty Area;
the term Department means the Department of Homeland Security;
the term Secretary means the Secretary of Homeland Security; and
the term Specialty Area means any of the common types of cybersecurity work as recognized by the National Initiative for Cybersecurity Education’s National Cybersecurity Workforce Framework report.
Cybersecurity workforce assessment and strategy
Not later than 180 days after the date of enactment of this Act, and annually thereafter for 3 years, the Secretary shall assess the cybersecurity workforce of the Department.
The assessment required under paragraph (1) shall include, at a minimum—
an assessment of the readiness and capacity of the workforce of the Department to meet its cybersecurity mission;
information on where cybersecurity workforce positions are located within the Department;
information on which cybersecurity workforce positions are—
permanent full-time equivalent employees of the Department, including, to the greatest extent practicable, demographic information about such employees;
independent contractors; and
individuals employed by other Federal agencies, including the National Security Agency; or
the percentage of individuals within each Cybersecurity Category and Specialty Area who received essential training to perform their jobs; and
in cases in which such essential training was not received, what challenges, if any, were encountered with respect to the provision of such essential training.
The Secretary shall—
not later than 1 year after the date of enactment of this Act, develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of the cybersecurity workforce of the Department; and
maintain and, as necessary, update the comprehensive workforce strategy developed under subparagraph (A).
The comprehensive workforce strategy developed under paragraph (1) shall include a description of—
a multi-phased recruitment plan, including with respect to experienced professionals, members of disadvantaged or underserved communities, the unemployed, and veterans;
a 5-year implementation plan;
a 10-year projection of the cybersecurity workforce needs of the Department;
any obstacle impeding the hiring and development of a cybersecurity workforce in the Department; and
any gap in the existing cybersecurity workforce of the Department and a plan to fill any such gap.
The Secretary submit to the appropriate congressional committees annual updates on—
the cybersecurity workforce assessment required under subsection (a); and
the progress of the Secretary in carrying out the comprehensive workforce strategy required to be developed under subsection (b).
Cybersecurity Fellowship Program
Not later than 120 days after the date of enactment of this Act, the Secretary shall submit to the appropriate congressional committees a report on the feasibility, cost, and benefits of establishing a Cybersecurity Fellowship Program to offer a tuition payment plan for individuals pursuing undergraduate and doctoral degrees who agree to work for the Department for an agreed-upon period of time.
Speaker of the House of Representatives.
Vice President of the United States and President of the Senate.