Biden signs bill creating federal cybersecurity rotational program

Getty Images

Certain cyber and IT federal employees will be able to rotate to other agencies under a new law signed Tuesday.

President Joe Biden signed a bill into law on Tuesday that will establish a rotational cyber program inside the federal government. 

The intent, lawmakers say, is to attract and retain cybersecurity workers by offering them new professional experiences at different federal agencies.

The Federal Rotational Cyber Workforce Program Act becomes law amid a serious shortage of cybersecurity workers. There are over 714,000 open cybersecurity jobs with nearly 39,000 for the public sector, according to a cyber workforce tracker backed by the National Institute of Standards and Technology. 

Certain feds in information technology or cybersecurity positions will be able to accept assignments outside their agencies for a single year, with the opportunity for a 60-day extension. The law makes rotational assignments open to cybersecurity professionals in the competitive and excepted services. 

The director of the Office of Personnel Management is going to have to develop and issue a program operation plan for the program that will identify what agencies will participate in the program and other policies and procedures. Agencies themselves will be able to decide which of their positions are eligible for the program. 

The law also tags the Government Accountability Office to report on the program within three years.

The measure was sponsored by Sen. Gary Peters (D-Mich.) along with Sens. John Hoeven (R-N.D.), Jacky Rosen (D-Nev.) and Maggie Hassan (D-N.H.). It was introduced in the House by Rep. Ro Khanna (D-Calif.) and cosponsored by Reps. Nancy Mace (R-S.C.) and Van Taylor (R-Texas). 

“We can’t rely on private investment alone to protect our cyber-infrastructure from bad actors,” said Khanna in a statement at the time of the bill’s introduction in the House in May 2021. “The federal government, America’s largest employer, must lead. This dynamic rotational program will give our cyber professionals the wide-ranging experience they need to defend us from growing threats abroad.”

The law is set to sunset after five years.