DHS Cybersecurity Recruit Bill ProgressesLegislation Aimed at Filling Vacant InfoSec Jobs at DHS
A bill designed to help strengthen the cybersecurity workforce at the Department of Homeland Security is headed to the Senate floor, though supporters of the measure say obstacles to passage still must be overcome.
The Senate Homeland Security and Governmental Affairs Committee approved by a voice vote S 2354, the DHS Cybersecurity Workforce Recruitment and Retention Act of 2014, which would grant the DHS secretary the same authority as the defense secretary to designate specific cybersecurity jobs, set higher-than-usual salaries and furnish other benefits for those positions (see Bill Aims to Strengthen DHS InfoSec Staff).
Sen. Mary Landrieu, D-La., voted "present" on the bill, saying it's primarily aimed to fill positions in the Washington area, rather than taking advantage of cheaper cybersecurity expertise can be found elsewhere, including her home state of Louisiana.
"I'm not sure that throwing money inside the [Washington] Beltway is going to solve our problem," Landrieu said, pegging the cost of the legislation at $30 million. "I know that we've got great potential in Louisiana to develop a cyber corridor along I-20."
The ranking member of the committee, Tom Coburn, R-Okla., agreed with Landrieu's sentiments, but said the expertise is needed in Washington, in part, to staff the National Cybersecurity and Communications Integration Center, which serves as a centralized location where operational elements involved in cybersecurity and communications reliance are coordinated and integrated.
Committee Chairman Tom Carper, D-Del., assured Landrieu that his committee would address her concerns about distributing DHS cybersecurity jobs around the country.
Carper also assured Coburn that an offset for the spending in the bill would be identified before it came up for a vote in the full Senate. Without the offset, the bill likely would face a Republican filibuster.
The bill was amended in committee to require DHS to implement the National Cybersecurity Workforce Framework to provide a common lexicon for cybersecurity work, a uniform classification system for job functions and specific employment codes. Supporters of the framework contend that without defining specific cybersecurity tasks and knowing which positions are filled, it would be difficult to properly recruit, hire and retain a cybersecurity staff (see Identifying Infosec Jobs, Skills, Tasks).
A GAO audit on DHS recruiting and hiring, issued last September, reported that more than one in five mission-critical cybersecurity-related jobs at a key Department of Homeland Security unit are vacant (see DHS's Huge Cybersecurity Skills Shortage).