DHS Cyber Workforce Legislation Advances

An amendment requires DHS to implement NIST cyber workforce framework.

The Homeland Security Department would receive additional hiring and compensation authorities for cybersecurity professionals under new legislation introduced Tuesday and approved Wednesday by the Senate Homeland Security and Governmental Affairs Committee.

The bill (S. 2354), sponsored by Sen. Tom Carper, D-Del., would enable the DHS Secretary to make direct appointments, set rates of basic pay and provide additional compensation, benefits, incentives and allowances in order to recruit and retain critically needed cybersecurity personnel.

“Unfortunately, the demand for cybersecurity experts in the government greatly outpaces the supply, and many agencies have had difficulty attracting the best and brightest and retaining those already in service,” Carper said in a statement.

The new flexibilities would bring DHS in line with recruitment and retention tools currently offered at the Defense Department and National Security Agency. While DHS has a broad cybersecurity mission, it does not currently have in law any tools to hire faster, pay higher salaries or offer retention bonuses.

The flexibilities offered in the legislation would help the department improve its ability to compete with the private sector and other agencies to hire and retain the most skilled cyber workforce, Carper said.

An amendment offered by Sen. Rob Portman, R-Ohio, would require DHS to implement the National Cybersecurity Workforce Framework, a blueprint developed by the National Initiative for Cybersecurity Education that provides a common understanding of and lexicon for cybersecurity work as well as a uniform classification system for job functions.

The bill also would require the DHS Secretary to report annually on the program’s progress and whether it is meeting the hiring and retention needs of the department.

Rep. Michael McCaul, R-Texas, introduced legislation in December that includes similar provisions to boost DHS’ cyber workforce, including a requirement that the department develop a workforce strategy to enhance training, recruitment and readiness of cyber personnel.