Federal Rotational Cyber Workforce Program Act of 2021

Floor Speech

Date: May 10, 2022
Location: Washington, DC

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I move to suspend the rules and pass the bill (S. 1097) to establish a Federal rotational cyber workforce program for the Federal cyber workforce.

The Clerk read the title of the bill.

The text of the bill is as follows: S. 1097

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.

This Act may be cited as the ``Federal Rotational Cyber Workforce Program Act of 2021''. SEC. 2. DEFINITIONS.

In this Act:

(1) Agency.--The term ``agency'' has the meaning given the term ``Executive agency'' in section 105 of title 5, United States Code, except that the term does not include the Government Accountability Office.

(2) Competitive service.--The term ``competitive service'' has the meaning given that term in section 2102 of title 5, United States Code.

(3) Councils.--The term ``Councils'' means--

(A) the Chief Human Capital Officers Council established under section 1303 of the Chief Human Capital Officers Act of 2002 (5 U.S.C. 1401 note); and

(B) the Chief Information Officers Council established under section 3603 of title 44, United States Code.

(4) Cyber workforce position.--The term ``cyber workforce position'' means a position identified as having information technology, cybersecurity, or other cyber-related functions under section 303 of the Federal Cybersecurity Workforce Assessment Act of 2015 (5 U.S.C. 301 note).

(5) Director.--The term ``Director'' means the Director of the Office of Personnel Management.

(6) Employee.--The term ``employee'' has the meaning given the term in section 2105 of title 5, United States Code.

(7) Employing agency.--The term ``employing agency'' means the agency from which an employee is detailed to a rotational cyber workforce position.

(8) Excepted service.--The term ``excepted service'' has the meaning given that term in section 2103 of title 5, United States Code.

(9) Rotational cyber workforce position.--The term ``rotational cyber workforce position'' means a cyber workforce position with respect to which a determination has been made under section 3(a)(1).

(10) Rotational cyber workforce program.--The term ``rotational cyber workforce program'' means the program for the detail of employees among rotational cyber workforce positions at agencies.

(11) Secretary.--The term ``Secretary'' means the Secretary of Homeland Security. SEC. 3. ROTATIONAL CYBER WORKFORCE POSITIONS.

(a) Determination With Respect to Rotational Service.--

(1) In general.--The head of each agency may determine that a cyber workforce position in that agency is eligible for the rotational cyber workforce program, which shall not be construed to modify the requirement under section 4(b)(3) that participation in the rotational cyber workforce program by an employee shall be voluntary.

(2) Notice provided.--The head of an agency shall submit to the Director--

(A) notice regarding any determination made by the head of the agency under paragraph (1); and

(B) for each position with respect to which the head of the agency makes a determination under paragraph (1), the information required under subsection (b)(1).

(b) Preparation of List.--The Director, with assistance from the Councils and the Secretary, shall develop a list of rotational cyber workforce positions that--

(1) with respect to each such position, to the extent that the information does not disclose sensitive national security information, includes--

(A) the title of the position;

(B) the occupational series with respect to the position;

(C) the grade level or work level with respect to the position;

(D) the agency in which the position is located;

(E) the duty location with respect to the position; and

(F) the major duties and functions of the position; and

(2) shall be used to support the rotational cyber workforce program.

(c) Distribution of List.--Not less frequently than annually, the Director shall distribute an updated list developed under subsection (b) to the head of each agency and other appropriate entities. SEC. 4. ROTATIONAL CYBER WORKFORCE PROGRAM.

(a) Operation Plan.--

(1) In general.--Not later than 270 days after the date of enactment of this Act, and in consultation with the Councils, the Secretary, representatives of other agencies, and any other entity as the Director determines appropriate, the Director shall develop and issue a Federal Rotational Cyber Workforce Program operation plan providing policies, processes, and procedures for a program for the detailing of employees among rotational cyber workforce positions at agencies, which may be incorporated into and implemented through mechanisms in existence on the date of enactment of this Act.

(2) Updating.--The Director may, in consultation with the Councils, the Secretary, and other entities as the Director determines appropriate, periodically update the operation plan developed and issued under paragraph (1).

(b) Requirements.--The operation plan developed and issued under subsection (a) shall, at a minimum--

(1) identify agencies for participation in the rotational cyber workforce program;

(2) establish procedures for the rotational cyber workforce program, including--

(A) any training, education, or career development requirements associated with participation in the rotational cyber workforce program;

(B) any prerequisites or requirements for participation in the rotational cyber workforce program; and

(C) appropriate rotational cyber workforce program performance measures, reporting requirements, employee exit surveys, and other accountability devices for the evaluation of the program;

(3) provide that participation in the rotational cyber workforce program by an employee shall be voluntary;

(4) provide that an employee shall be eligible to participate in the rotational cyber workforce program if the head of the employing agency of the employee, or a designee of the head of the employing agency of the employee, approves of the participation of the employee;

(5) provide that the detail of an employee to a rotational cyber workforce position under the rotational cyber workforce program shall be on a nonreimbursable basis;

(6) provide that agencies may agree to partner to ensure that the employing agency of an employee that participates in the rotational cyber workforce program is able to fill the position vacated by the employee;

(7) require that an employee detailed to a rotational cyber workforce position under the rotational cyber workforce program, upon the end of the period of service with respect to the detail, shall be entitled to return to the position held by the employee, or an equivalent position, in the employing agency of the employee without loss of pay, seniority, or other rights or benefits to which the employee would have been entitled had the employee not been detailed;

(8) provide that discretion with respect to the assignment of an employee under the rotational cyber workforce program shall remain with the employing agency of the employee;

(9) require that an employee detailed to a rotational cyber workforce position under the rotational cyber workforce program in an agency that is not the employing agency of the employee shall have all the rights that would be available to the employee if the employee were detailed under a provision of law other than this Act from the employing agency to the agency in which the rotational cyber workforce position is located;

(10) provide that participation by an employee in the rotational cyber workforce program shall not constitute a change in the conditions of the employment of the employee; and

(11) provide that an employee participating in the rotational cyber workforce program shall receive performance evaluations relating to service in the rotational cyber workforce program in a participating agency that are--

(A) prepared by an appropriate officer, supervisor, or management official of the employing agency, acting in coordination with the supervisor at the agency in which the employee is performing service in the rotational cyber workforce position;

(B) based on objectives identified in the operation plan with respect to the employee; and

(C) based in whole or in part on the contribution of the employee to the agency in which the employee performed such service, as communicated from that agency to the employing agency of the employee.

(c) Program Requirements for Rotational Service.--

(1) In general.--An employee serving in a cyber workforce position in an agency may, with the approval of the head of the agency, submit an application for detail to a rotational cyber workforce position that appears on the list developed under section 3(b).

(2) OPM approval for certain positions.--An employee serving in a position in the excepted service may only be selected for a rotational cyber workforce position that is in the competitive service with the prior approval of the Office of Personnel Management, in accordance with section 300.301 of title 5, Code of Federal Regulations, or any successor thereto.

(3) Selection and term.--

(A) Selection.--The head of an agency shall select an employee for a rotational cyber workforce position under the rotational cyber workforce program in a manner that is consistent with the merit system principles under section 2301(b) of title 5, United States Code.

(B) Term.--Except as provided in subparagraph (C), and notwithstanding section 3341(b) of title 5, United States Code, a detail to a rotational cyber workforce position shall be for a period of not less than 180 days and not more than 1 year.

(C) Extension.--The Chief Human Capital Officer of the agency to which an employee is detailed under the rotational cyber workforce program may extend the period of a detail described in subparagraph (B) for a period of 60 days unless the Chief Human Capital Officer of the employing agency of the employee objects to that extension.

(4) Written service agreements.--

(A) In general.--The detail of an employee to a rotational cyber workforce position shall be contingent upon the employee entering into a written service agreement with the employing agency under which the employee is required to complete a period of employment with the employing agency following the conclusion of the detail that is equal in length to the period of the detail.

(B) Other agreements and obligations.--A written service agreement under subparagraph (A) shall not supersede or modify the terms or conditions of any other service agreement entered into by the employee under any other authority or relieve the obligations between the employee and the employing agency under such a service agreement. Nothing in this subparagraph prevents an employing agency from terminating a service agreement entered into under any other authority under the terms of such agreement or as required by law or regulation. SEC. 5. REPORTING BY GAO.

Not later than the end of the third fiscal year after the fiscal year in which the operation plan under section 4(a) is issued, the Comptroller General of the United States shall submit to Congress a report assessing the operation and effectiveness of the rotational cyber workforce program, which shall address, at a minimum--

(1) the extent to which agencies have participated in the rotational cyber workforce program, including whether the head of each such participating agency has--

(A) identified positions within the agency that are rotational cyber workforce positions;

(B) had employees from other participating agencies serve in positions described in subparagraph (A); and

(C) had employees of the agency request to serve in rotational cyber workforce positions under the rotational cyber workforce program in participating agencies, including a description of how many such requests were approved; and

(2) the experiences of employees serving in rotational cyber workforce positions under the rotational cyber workforce program, including an assessment of--

(A) the period of service;

(B) the positions (including grade level and occupational series or work level) held by employees before completing service in a rotational cyber workforce position under the rotational cyber workforce program;

(C) the extent to which each employee who completed service in a rotational cyber workforce position under the rotational cyber workforce program achieved a higher skill level, or attained a skill level in a different area, with respect to information technology, cybersecurity, or other cyber-related functions; and

(D) the extent to which service in rotational cyber workforce positions has affected intra-agency and interagency integration and coordination of cyber practices, functions, and personnel management. SEC. 6. SUNSET.

Effective 5 years after the date of enactment of this Act, this Act is repealed.

Mr. Speaker, I rise in support of S. 1097, the Federal Rotational Cyber Workforce Program Act. The bill was introduced by Senator Peters with bipartisan support here in the House with the companion legislation introduced by Representatives Ro Khanna and Nancy Mace.

The Federal Rotational Cyber Workforce Program Act enables cybersecurity professionals in the Federal Government to rotate through assignments outside of their regular position or agency on a voluntary basis.

The Office of Personnel Management would establish guidelines for the implementation of the program. The program would be authorized for 5 years, and after 3 years, the Government Accountability Office would assess its operation and effectiveness.

Achieving cybersecurity in response to the threats the Nation faces was identified in GAO's latest ``High Risk List'' as an area where the government is actually regressing. GAO reported that Federal agencies are struggling to ensure that staff have the skills required to address the critical cybersecurity risks that continue to intensify.

The program this bill creates allows the government to have its security employees to further develop their skills and agencies across the government to benefit from the employees' expertise.

Recent cyberattacks in both the private and public sectors have demonstrated the dire consequences of failing to improve the Federal Government's cybersecurity operations.

We know that adversaries in Russia, China, and other malign actors, state and nonstate, are consistently working to breach the U.S. Government's communications and data. Unfortunately, at times, they have been all too successful. In the 2020 SolarWinds breach, for example, Russian hackers infiltrated the networks of nine Federal agencies and went undetected for months.

This bill goes a long way toward improving Federal agencies' capacity to strengthen cybersecurity operations, help them retain top talent in that field, and facilitate the exchange of expertise in this critical area.

The security of Federal information technology systems and data is a national security priority, and it ought to be. It is essential to preserving public trust in government institutions and ensuring that agencies are better equipped to meet their missions in serving the American people.

I strongly support the bill, and I urge my colleagues to do the same.

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I inform the House I have no further speakers, and

BREAK IN TRANSCRIPT

Mr. CONNOLLY. Mr. Speaker, I congratulate my colleague from South Carolina for her leadership on a very important matter, and I urge passage of this important piece of legislation.

I yield back the balance of my time.

BREAK IN TRANSCRIPT


Source
arrow_upward