Review - Committee Hearings – Week of 2-2-25

This week, with both the House and Senate in Washington, there is a relatively lite hearing schedule. There is a cyber workforce hearing in the House. The Senate continues to focus on Cabinet approvals.

Cyber Workforce

On Wednesday, the House Homeland Security Committee will hold a hearing on “Preparing the Pipeline: Examining the State of America's Cyber Workforce”. No witness list is currently available.

 

For more information on these hearings, including lists of nomination hearings, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-2-2-25 - subscription required.

Review - S 4715 Introduced – Cyber Workforce Development

Earlier this month Sen Rounds (R,SD) introduced S 4715, the Federal Cyber Workforce Training Act of 2024. The bill would require the National Cyber Director to formulate a plan for the establishment of a federal cyber training institute. It does not authorize the actual establishment of the institute, that would require subsequent legislation. The bill specifically does not authorize new spending.

Moving Forward

This bill is scheduled to be taken up by the Senate Homeland Security and Governmental Affairs Committee tomorrow. This typically means that there is consensus on how to move forward with the bill. I suspect that there will be significant bipartisan support for the bill. The main question is whether or not Sen Paul (R,KY) will support the bill. While the bill can (and probably will) pass without Paul’s vote, his opposition will signal that the bill would not be able to be considered under the Senate’s unanimous consent process, nor would it likely be able to be considered as an amendment to another, more politically important bill.

Commentary

While the proposed institute is not a cybersecurity institute, all cyber work roles should include some level of cybersecurity responsibilities. I think it would be helpful to delineate a responsibility for the institute to establish a minimum level of cybersecurity training for all cyber personnel. To that end, I would like to suggest the insertion of a new §2(b)(2)(C):

“(C) establish a common skill level cybersecurity curriculum for all entry level positions and a more advanced cybersecurity training program for personnel transitioning to mid-career level positions;”

 

For more details about the provisions of this bill, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-4715-introduced - subscription required.

 

Review - Committee Hearings – Week of 6-23-24

With just the House in session this week (the Senate is out for their 2-week 4^th of July holiday, the House joins them next week), there is a moderately busy hearing week. More FY 2025 spending bills will be marked-up. Of specific interest here, there will be a cyber workforce hearing and a critical infrastructure resilience hearing.

Spending Bills

Subcommittees of the House Appropriations Committee will be holding hearings this week, marking up their respective spending bills.

Spending Bill	House Hearings
CJS	Subcommittee
LHH	Subcommittee
THUD	Subcommittee
IER	Subcommittee
EWR	Subcommittee

Other Hearings

Cyber Workforce Hearing - On Wednesday the House Homeland Security Committee will be holding a hearing on “Finding 500,000: Addressing America’s Cyber Workforce Gap”.

Critical Infrastructure Resilience - On Thursday, the Subcommittee on Cybersecurity and Infrastructure Protection of the House Homeland Security Committee will hold a hearing on “Sector Down: Ensuring Critical Infrastructure Resilience”.

Spending Bills on the Floor

As I write this post, the House Rules Committee is in recess on their hearing to formulate a rule for the consideration of three spending bills this week; HR 8752, DHS spending; HR 8774, DOD spending; and HR 8771, State Department. The House plans on completing all four bills before 3:00 pm on Friday.

 

For more information on these hearings, including witness lists, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/committee-hearings-week-of-6-23-24 - subscription required.

Committee Hearings – Week of 4-18-21

This week, with both the House and Senate in session, there is a full slate of committee hearings. Budget hearings continue and there is one cyber workforce hearing scheduled. The House will take-up one chemical security bill and one piece of cyber related legislation this week.

FY 2022 Budget Hearings

4-21-21 Environmental Protection Agency House IER Subcommittee

Cyber Work Forces

On Wednesday the Senate Armed Services Committee will hold a hearing on “To receive testimony on the current and future cyber workforce of the Department of Defense and the military services.” The witness list includes:

• Lieutenant General Dennis Crall, DOD Joint Staff,

• Leonard Litton, Acting Deputy Assistant Secretary for Defense for Military Personnel,

• Veronica Hinton, Acting Deputy Assistant Secretary for Defense for Civilian Personnel Policy,

• John Sherman, Acting Department of Defense Chief Information Officer

Since a major portion of the DOD cyber workforce is on the civilian side of the House, this hearing should provide insights into some of  the problems facing the private sector cybersecurity workforce.

On the Floor

The House is scheduled to take up 23 bills this week under their suspension of the rules process. That means that there will be limited debate, no floor amendments, and the bills will require a supermajority to pass. The House leadership expects that all of the scheduled bills will receive significant bipartisan support.

Included in this week’s consideration are:

HR 397 – CBRN Intelligence and Information Sharing Act of 2021, and

HR 1251 – Cyber Diplomacy Act of 2021

I have not reviewed HR 1251 here as the bill contains no language or definitions that specifically address control system security concerns.

Bills Introduced – 4-13-21

Yesterday, with both the House and Senate in session, there were 84 bills introduced. One of those bills may receive additional coverage in this blog:

S 1097 A bill to establish a Federal rotational cyber workforce program for the Federal cyber workforce. Sen. Peters, Gary C. [D-MI]

I will be watching this bill for specific language and definitions that would include control system workforce personnel.

S 4049 Amendments Adopted – 7-3-20

Yesterday during consideration of S 4049, the FY 2021 National Defense Authorization Act, the Senate adopted by unanimous consent 62 amendments in an en bloc consideration. Four amendments were included that are of interest here. They include:

SA 2178 – Sen Wicker (R,MS) - to improve the cyber workforce and establish cyber challenges [pg S 3569],

SA 2215 – Sen King (I,ME) - to strengthen the Cybersecurity and Infrastructure Security Agency [pg S 3660],

SA 2231 – Sen Fischer (R,NE) - to ensure appropriate prioritization, spectrum planning, and interagency coordination to support the Internet of Things [pg S 3688], and

SA 2275 – Sen Peters (D,MI) - to require a plan for the continuity of the economy [pg S 3719]

Cyber Workforce

SA 2178 would add a new Title, Cyber Workforce Matters, to the bill. It includes sections on:

• Improving national initiative for cybersecurity education,

• Development of standards and guidelines for improving cybersecurity workforce of federal agencies,

• Modifications to federal cyber scholarship-for-service program,

• Modifications to federal cyber scholarship-for-service program,

• Cybersecurity in programs of the national science foundation,

• Cybersecurity in stem programs of the national aeronautics and space administration,

• Cybersecurity in department of transportation programs, and

• National cybersecurity challenges [Similar to S 3712].

The first section of the bill would amend 15 USC 7451(a), National cybersecurity awareness and education program. Part of that amendment would be to add a new subparagraph:

“(8) in coordination with the Department of Defense and the Department of Homeland Security, considering any specific needs of the cybersecurity workforce of critical infrastructure, to include cyber physical systems and control systems;”

The section on DOT programs makes to changes to 49 USC. The first would amend 49 USC 5505, University transportation centers program. The amendment would add to focused research grant program description found in §5505(c)(3)(E):

“, including the cybersecurity implications of technologies relating to connected vehicles, connected infrastructure, and autonomous vehicles”

Strengthening CISA

SA 2215 would move the Cybersecurity and Infrastructure Security Agency (CISA) Director from Level III to Level II of the Executive Schedule, increasing the importance of the Agency. The second section of the amendment would require DHS to conduct a comprehensive review of the ability of CISA to:

• Fulfill the missions of CISA and

• Fulfill the recommendations detailed in the report issued by the Cyberspace Solarium Commission under section 1652(k) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232).

The third section would require a similar review by the Government Services Administration.

Internet of Things

SA 2231 is very similar to S 1611, the Developing Innovation and Growing the Internet of Things Act, that Fischer introduced in 2019 (and earlier versions of the same bill in 2017 and 2016). The bill was passed in the Senate in January under the unanimous consent process. It has not been taken up the House.

Continuity of the Economy

SA 2275 would require the President to “develop and maintain a plan to maintain and restore the economy of the United States in response to a significant event.” {§XXX(a)(1)}. The term significant event is defined as an event that causes severe degradation to economic activity in the United States due to a cyberattack; or another significant event that is natural or human-caused.

Additional Amendments to be Considered

The Senate reached an agreement to resume consideration of the bill after the July 4^th recess (on July 20^th) by taking up six specific amendment with 2 hours of debate on each amendment. Once those amendments are dealt with the Senate will vote on the substitute language. One of the listed amendments address issues that I will cover in this blog.

There still remains a possibility that another batch of en bloc amendments will be considered before the listed amendments are brought up.

Bills Introduced – 09-12-18

Yesterday with both the House and Senate in session, there were 48 bills introduced. Of those three may be of specific interest to readers of this blog:

HR 6776 Making appropriations for the Department of Homeland Security for the fiscal year ending September 30, 2019, and for other purposes. Rep. Yoder, Kevin [R-KS-3]

HR 6791 To establish a grant program within the Department of Labor to support the creation, implementation, and expansion of registered apprenticeship programs in cybersecurity. Rep. Rosen, Jacky [D-NV-3]

S 3437 A bill to establish a Federal rotational cyber workforce program for the Federal cyber workforce. Sen. Peters, Gary C. [D-MI] 

Yes, the last spending bill has finally been introduced. Obviously, this will never make it to the floor of the House, much less the Senate. It may, however, form the base for the final spending bill that will be considered after the election.

Both HR 6791 and S 3437 are at base cybersecurity workforce measures. I will be watching both of these bills for the definitions to see if the bills specifically include industrial control system security folks.

On a lighter note: Election season is here (in case you had not noticed) and we are seeing legislators use the power of proposed legislation to support their campaigns. Usually this takes the form of proposing legislation supporting part of their electoral base. These bills are never really intended to be considered and passed; they just allow the proposer to point to the bill and say; “Look, I am trying to do something about…. Send me back for another term to be able to continue.”

Yesterday we saw the introduction of a resolution that clearly meets that criteria; H Con Res 135; Requiring Members of the House of Representatives and the Senate to participate in random drug testing. Rep Higgins (R,LA) introduced this resolution. It should certainly resonate with his constituents that have mandatory drug testing in their work place.

House Continues Debate on Amendments to HR 6157 – FY 2019 DOD Spending

Yesterday the House continued debate on HR 6157, the Department of Defense Appropriations Act, 2019. Both cyber workforce amendments that I discussed earlier were passed by voice votes. Debate was closed on all 29 additional amendments, but votes remain on five of those amendments and a debate on the final bill. Those votes are expected today.

Rules Committee Okays Additional Amendments for HR 6157, FY 2019 DOD Spending

Yesterday the House Rules Committee set the rule for today’s consideration of additional amendments to HR 6157, Department of Defense Appropriations Act, 2019. Two cyber related amendments from the list I described last week were added to the total of 29 amendments to be considered today.

The two amendments were:

• #4 from Rep. Hastings (D,FL); it would add $5 million dollars for training and retention of cybersecurity personnel DOD wide (it was #31 on the original list); and

• #21 from Rep. Langevin (D,RI); it would add $10 million to the existing Cyber Scholarship program (it was #57 on the original list)

Both amendments are likely to be approved by voice votes.

HR 6157 Introduced – FY 2019 DOD Spending

Last week Rep. Granger (R,TX) introduced HR 6157, the Department of Defense Appropriations Act, 2019. As expected there is no specific cybersecurity language in the bill, even though Congress continues to require DOD to provide specific cybersecurity spending documentation in the President’s budget request.

There are a number of cyber mentions in the Committee Report that deserve at least passing mention. They include:

• Cloud Computing (pg 9);

• Quarterly Cyber Operations Briefing (pg 10);

• Cybersecurity and Supply Chain Risk Management (pg 233);

• Cyber and Electronic Warfare for the Dismounted Soldier (pg 237); and

• Unmanned Aircraft Systems (pg 287)

Moving Forward

The House Rules Committee accepted proposed amendments through last Thursday to possibly be included in the floor debate of this bill. As of today, there have been 131 amendments proposed. Nine of those amendments maybe of specific interest to readers of this blog:

• Rep. Garamendi (D,CA) #24 Provides $5 million for the purposes of carrying out a GPS backup technology demonstration;

• Rep. Hasting (D,FL) (5; #s 29, 30, 31, 32, and 33) adding $10 million to each of five separate accounts for “funding for the training and retention of cybersecurity professionals.

• Rep. Langevin (D,RI) #57 Provides $10 million to be used for the DOD Cyber Scholarship Program within the Information Systems Security Program;

• Rep. Castro (D,TX) #69 Increases funding by $3m to the RDT&E account to develop and evaluate unique combined sensor for detection and suppression of altered GPS signals in adversarial environments;

• Rep. DeSantis (R,FL) #78 Ensures none of the funds made available by this Act may be used for international cooperation in cybersecurity with the Russian Federation or the People’s Republic of China

The Rules Committee will meet on Monday and Tuesday to formulate the rule for the consideration of HR 6157 and determine which amendments will be authorized to be proposed on the floor of the House during the debate (probably Tuesday and Wednesday).

The Appropriations Committee adopted HR 6157 by a strongly bipartisan vote of 48 to 4. This will probably be reflected in strong bipartisan support for the bill on the floor of the House. The Senate Appropriations Committee is scheduled to complete their work on their version of the bill next week. That language will be substituted for the House language in HR 6157. Passage of the Senate version will necessitate a conference committee to work out the differences between the two bills.

HSAAC Meeting Announced – 10-22-14

DHS is publishing a notice in Monday’s Federal Register (79 FR 60179-60180; available on line today) announcing a public meeting of the Homeland Security Academic Advisory Council in Washington, DC on October 22^nd, 2014. Subcommittee reports will include a report by the Cybersecurity Subcommittee.

According to the HSAAC web site the Cybersecurity Subcommittee is mainly tasked to look at cyber-workforce issues. At their last meeting [.PDF Download] they made suggestions like:

• DHS should continue hosting monthly tours of DHS' National Cybersecurity and Communications Integration Center (NCCIC) for secondary, post-secondary and veteran students involved in cybersecurity and other STEM disciplines;

• DHS should target outreach efforts at underserved communities to improve their pathways to cyber-related educational and career opportunities;

• DHS should identify and leverage existing college and university cyber boot camps for ROTC cadets as a model for student veterans; and

• DHS should foster the growth of the U.S . Coast Guard Academy's (CGA) cyber-related educational opportunities and programs;

The one area of non-workforce related focus of the Cybersecurity Subcommittee; better with individual campus information technology departments on the risks towards and attacks on computer systems and networks; did not receive any mention in the last HSAAC meeting.

BTW: There is no subcommittee that looks at hazardous chemical security issues. Given the perennial complaints from the schools that are forced to report Top Screen information for their chemical inventories and the smaller number that have CFATS covered facilities on campus you would think that this might be a focus. Silly me.