HR 334 Introduced – Cybersecurity Education

Earlier this month Rep. Lieu (D,CA) introduced HR 334, the New Collar Jobs Act of 2019. The bill would amend the Internal Revenue Code to add a new section establishing an “employee cybersecurity education credit” {new §45S(a)}.

The Tax Credit

The general business tax credit to be included under 26 USC §38 would be for 50% of cybersecurity education expenses (up to $5,000 per year per employee) “paid or incurred by the employer during such taxable year”. The qualified expenses would be the “amounts paid or incurred for each employee who earns a certificate or degree at the undergraduate or graduate level or industry-recognized certification relating to those specialty areas and work roles that are listed in NCWF Work Roles in the document entitled, ‘NICE Cybersecurity Workforce Framework (NCWF)’ [NIST Special Publication 800-181; NOTE: the link does not work during the current Federal Funding Fiasco]” {new §45S(c)}.

Moving Forward

Because of the politics of the Federal Funding Fiasco the committee membership listing for the House has not yet been completed so it is hard to tell what sort of influence Lieu and his three cosponsors will have to see that HR 334 is considered in committee.

I do not see anything in the bill that would raise any great objection to the bill. I suspect that if it were considered in committee or on the Floor it would generally receive bipartisan support.

Commentary

While there are no definitions in the bill nor can we see the current listing of the ‘specialty areas and work roles’ to which this tax credit would apply, it would be reasonable to assume that it would include cybersecurity training for industrial control systems (ICS). I say this because the Congressional Findings portion of the bill specifically notes {§2(2)}:

“As manufacturers leverage new technologies from robotics to distributed control systems to create modern factories and industrial plants, different employment requirements have emerged including the need for cybersecurity talent.”

The next subparagraph goes on to explain:

“Leading cybersecurity experts have reported spike of 250 percent in industrial automation and control system cyber-incidents occurring during the period between 2011 and 2015 and as a result are seeking personnel with knowledge of their industry coupled with knowledge of security technology to prevent their organization from becoming victims of cyber-attacks.”

I do not believe that the bill would limit the tax credit to just ICS cybersecurity programs, but this clearly explicates the crafters intent that such programs would be covered under this proposed tax credit.