Congressional Record, Volume 168 Issue 78 (Tuesday, May 10, 2022)

[Congressional Record Volume 168, Number 78 (Tuesday, May 10, 2022)]
[House]
[Pages H4759-H4761]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

FEDERAL ROTATIONAL CYBER WORKFORCE PROGRAM ACT OF 2021

Mr. CONNOLLY. Mr. Speaker, I move to suspend the rules and pass the
bill (S. 1097) to establish a Federal rotational cyber workforce
program for the Federal cyber workforce.
The Clerk read the title of the bill.
The text of the bill is as follows:

S. 1097

Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Federal Rotational Cyber
Workforce Program Act of 2021''.

SEC. 2. DEFINITIONS.

In this Act:
(1) Agency.--The term ``agency'' has the meaning given the
term ``Executive agency'' in section 105 of title 5, United
States Code, except that the term does not include the
Government Accountability Office.
(2) Competitive service.--The term ``competitive service''
has the meaning given that term in section 2102 of title 5,
United States Code.
(3) Councils.--The term ``Councils'' means--
(A) the Chief Human Capital Officers Council established
under section 1303 of the Chief Human Capital Officers Act of
2002 (5 U.S.C. 1401 note); and
(B) the Chief Information Officers Council established
under section 3603 of title 44, United States Code.
(4) Cyber workforce position.--The term ``cyber workforce
position'' means a position identified as having information
technology, cybersecurity, or other cyber-related functions
under section 303 of the Federal Cybersecurity Workforce
Assessment Act of 2015 (5 U.S.C. 301 note).
(5) Director.--The term ``Director'' means the Director of
the Office of Personnel Management.
(6) Employee.--The term ``employee'' has the meaning given
the term in section 2105 of title 5, United States Code.
(7) Employing agency.--The term ``employing agency'' means
the agency from which an employee is detailed to a rotational
cyber workforce position.
(8) Excepted service.--The term ``excepted service'' has
the meaning given that term in section 2103 of title 5,
United States Code.
(9) Rotational cyber workforce position.--The term
``rotational cyber workforce position'' means a cyber
workforce position with respect to which a determination has
been made under section 3(a)(1).
(10) Rotational cyber workforce program.--The term
``rotational cyber workforce program'' means the program for
the detail of employees among rotational cyber workforce
positions at agencies.
(11) Secretary.--The term ``Secretary'' means the Secretary
of Homeland Security.

SEC. 3. ROTATIONAL CYBER WORKFORCE POSITIONS.

(a) Determination With Respect to Rotational Service.--
(1) In general.--The head of each agency may determine that
a cyber workforce position in that agency is eligible for the
rotational cyber workforce program, which shall not be
construed to modify the requirement under section 4(b)(3)
that participation in the rotational cyber workforce program
by an employee shall be voluntary.
(2) Notice provided.--The head of an agency shall submit to
the Director--
(A) notice regarding any determination made by the head of
the agency under paragraph (1); and
(B) for each position with respect to which the head of the
agency makes a determination under paragraph (1), the
information required under subsection (b)(1).
(b) Preparation of List.--The Director, with assistance
from the Councils and the Secretary, shall develop a list of
rotational cyber workforce positions that--
(1) with respect to each such position, to the extent that
the information does not disclose sensitive national security
information, includes--
(A) the title of the position;
(B) the occupational series with respect to the position;
(C) the grade level or work level with respect to the
position;
(D) the agency in which the position is located;
(E) the duty location with respect to the position; and

[[Page H4760]]

(F) the major duties and functions of the position; and
(2) shall be used to support the rotational cyber workforce
program.
(c) Distribution of List.--Not less frequently than
annually, the Director shall distribute an updated list
developed under subsection (b) to the head of each agency and
other appropriate entities.

SEC. 4. ROTATIONAL CYBER WORKFORCE PROGRAM.

(a) Operation Plan.--
(1) In general.--Not later than 270 days after the date of
enactment of this Act, and in consultation with the Councils,
the Secretary, representatives of other agencies, and any
other entity as the Director determines appropriate, the
Director shall develop and issue a Federal Rotational Cyber
Workforce Program operation plan providing policies,
processes, and procedures for a program for the detailing of
employees among rotational cyber workforce positions at
agencies, which may be incorporated into and implemented
through mechanisms in existence on the date of enactment of
this Act.
(2) Updating.--The Director may, in consultation with the
Councils, the Secretary, and other entities as the Director
determines appropriate, periodically update the operation
plan developed and issued under paragraph (1).
(b) Requirements.--The operation plan developed and issued
under subsection (a) shall, at a minimum--
(1) identify agencies for participation in the rotational
cyber workforce program;
(2) establish procedures for the rotational cyber workforce
program, including--
(A) any training, education, or career development
requirements associated with participation in the rotational
cyber workforce program;
(B) any prerequisites or requirements for participation in
the rotational cyber workforce program; and
(C) appropriate rotational cyber workforce program
performance measures, reporting requirements, employee exit
surveys, and other accountability devices for the evaluation
of the program;
(3) provide that participation in the rotational cyber
workforce program by an employee shall be voluntary;
(4) provide that an employee shall be eligible to
participate in the rotational cyber workforce program if the
head of the employing agency of the employee, or a designee
of the head of the employing agency of the employee, approves
of the participation of the employee;
(5) provide that the detail of an employee to a rotational
cyber workforce position under the rotational cyber workforce
program shall be on a nonreimbursable basis;
(6) provide that agencies may agree to partner to ensure
that the employing agency of an employee that participates in
the rotational cyber workforce program is able to fill the
position vacated by the employee;
(7) require that an employee detailed to a rotational cyber
workforce position under the rotational cyber workforce
program, upon the end of the period of service with respect
to the detail, shall be entitled to return to the position
held by the employee, or an equivalent position, in the
employing agency of the employee without loss of pay,
seniority, or other rights or benefits to which the employee
would have been entitled had the employee not been detailed;
(8) provide that discretion with respect to the assignment
of an employee under the rotational cyber workforce program
shall remain with the employing agency of the employee;
(9) require that an employee detailed to a rotational cyber
workforce position under the rotational cyber workforce
program in an agency that is not the employing agency of the
employee shall have all the rights that would be available to
the employee if the employee were detailed under a provision
of law other than this Act from the employing agency to the
agency in which the rotational cyber workforce position is
located;
(10) provide that participation by an employee in the
rotational cyber workforce program shall not constitute a
change in the conditions of the employment of the employee;
and
(11) provide that an employee participating in the
rotational cyber workforce program shall receive performance
evaluations relating to service in the rotational cyber
workforce program in a participating agency that are--
(A) prepared by an appropriate officer, supervisor, or
management official of the employing agency, acting in
coordination with the supervisor at the agency in which the
employee is performing service in the rotational cyber
workforce position;
(B) based on objectives identified in the operation plan
with respect to the employee; and
(C) based in whole or in part on the contribution of the
employee to the agency in which the employee performed such
service, as communicated from that agency to the employing
agency of the employee.
(c) Program Requirements for Rotational Service.--
(1) In general.--An employee serving in a cyber workforce
position in an agency may, with the approval of the head of
the agency, submit an application for detail to a rotational
cyber workforce position that appears on the list developed
under section 3(b).
(2) OPM approval for certain positions.--An employee
serving in a position in the excepted service may only be
selected for a rotational cyber workforce position that is in
the competitive service with the prior approval of the Office
of Personnel Management, in accordance with section 300.301
of title 5, Code of Federal Regulations, or any successor
thereto.
(3) Selection and term.--
(A) Selection.--The head of an agency shall select an
employee for a rotational cyber workforce position under the
rotational cyber workforce program in a manner that is
consistent with the merit system principles under section
2301(b) of title 5, United States Code.
(B) Term.--Except as provided in subparagraph (C), and
notwithstanding section 3341(b) of title 5, United States
Code, a detail to a rotational cyber workforce position shall
be for a period of not less than 180 days and not more than 1
year.
(C) Extension.--The Chief Human Capital Officer of the
agency to which an employee is detailed under the rotational
cyber workforce program may extend the period of a detail
described in subparagraph (B) for a period of 60 days unless
the Chief Human Capital Officer of the employing agency of
the employee objects to that extension.
(4) Written service agreements.--
(A) In general.--The detail of an employee to a rotational
cyber workforce position shall be contingent upon the
employee entering into a written service agreement with the
employing agency under which the employee is required to
complete a period of employment with the employing agency
following the conclusion of the detail that is equal in
length to the period of the detail.
(B) Other agreements and obligations.--A written service
agreement under subparagraph (A) shall not supersede or
modify the terms or conditions of any other service agreement
entered into by the employee under any other authority or
relieve the obligations between the employee and the
employing agency under such a service agreement. Nothing in
this subparagraph prevents an employing agency from
terminating a service agreement entered into under any other
authority under the terms of such agreement or as required by
law or regulation.

SEC. 5. REPORTING BY GAO.

Not later than the end of the third fiscal year after the
fiscal year in which the operation plan under section 4(a) is
issued, the Comptroller General of the United States shall
submit to Congress a report assessing the operation and
effectiveness of the rotational cyber workforce program,
which shall address, at a minimum--
(1) the extent to which agencies have participated in the
rotational cyber workforce program, including whether the
head of each such participating agency has--
(A) identified positions within the agency that are
rotational cyber workforce positions;
(B) had employees from other participating agencies serve
in positions described in subparagraph (A); and
(C) had employees of the agency request to serve in
rotational cyber workforce positions under the rotational
cyber workforce program in participating agencies, including
a description of how many such requests were approved; and
(2) the experiences of employees serving in rotational
cyber workforce positions under the rotational cyber
workforce program, including an assessment of--
(A) the period of service;
(B) the positions (including grade level and occupational
series or work level) held by employees before completing
service in a rotational cyber workforce position under the
rotational cyber workforce program;
(C) the extent to which each employee who completed service
in a rotational cyber workforce position under the rotational
cyber workforce program achieved a higher skill level, or
attained a skill level in a different area, with respect to
information technology, cybersecurity, or other cyber-related
functions; and
(D) the extent to which service in rotational cyber
workforce positions has affected intra-agency and interagency
integration and coordination of cyber practices, functions,
and personnel management.

SEC. 6. SUNSET.

Effective 5 years after the date of enactment of this Act,
this Act is repealed.

The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Virginia (Mr. Connolly) and the gentlewoman from South Carolina (Ms.
Mace) each will control 20 minutes.
The Chair recognizes the gentleman from Virginia.

General Leave

Mr. CONNOLLY. Mr. Speaker, I ask unanimous consent that all Members
have 5 legislative days in which to revise and extend their remarks and
include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Virginia?
There was no objection.
Mr. CONNOLLY. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I rise in support of S. 1097, the Federal Rotational
Cyber Workforce Program Act. The bill was introduced by Senator Peters
with bipartisan support here in the House

[[Page H4761]]

with the companion legislation introduced by Representatives Ro Khanna
and Nancy Mace.
The Federal Rotational Cyber Workforce Program Act enables
cybersecurity professionals in the Federal Government to rotate through
assignments outside of their regular position or agency on a voluntary
basis.
The Office of Personnel Management would establish guidelines for the
implementation of the program. The program would be authorized for 5
years, and after 3 years, the Government Accountability Office would
assess its operation and effectiveness.
Achieving cybersecurity in response to the threats the Nation faces
was identified in GAO's latest ``High Risk List'' as an area where the
government is actually regressing. GAO reported that Federal agencies
are struggling to ensure that staff have the skills required to address
the critical cybersecurity risks that continue to intensify.
The program this bill creates allows the government to have its
security employees to further develop their skills and agencies across
the government to benefit from the employees' expertise.
Recent cyberattacks in both the private and public sectors have
demonstrated the dire consequences of failing to improve the Federal
Government's cybersecurity operations.
We know that adversaries in Russia, China, and other malign actors,
state and nonstate, are consistently working to breach the U.S.
Government's communications and data. Unfortunately, at times, they
have been all too successful. In the 2020 SolarWinds breach, for
example, Russian hackers infiltrated the networks of nine Federal
agencies and went undetected for months.
This bill goes a long way toward improving Federal agencies' capacity
to strengthen cybersecurity operations, help them retain top talent in
that field, and facilitate the exchange of expertise in this critical
area.
The security of Federal information technology systems and data is a
national security priority, and it ought to be. It is essential to
preserving public trust in government institutions and ensuring that
agencies are better equipped to meet their missions in serving the
American people.
I strongly support the bill, and I urge my colleagues to do the same.
I reserve the balance of my time.
Ms. MACE. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, the U.S. Government is under constant attack. We watch
news story after news story of private companies being attacked by
hackers across the country and, quite frankly, across the world. But
our Federal agencies are also vulnerable.
Malicious hackers try to steal sensitive public information and
disrupt the missions of our Federal agencies. In fact, in 2020, there
were 11 Federal agencies that were hacked by actors aligned with
countries like China and--you guessed it--Russia. And all too often,
these malicious actors are successful.
My colleague, Representative Ro Khanna, and I recognized this reality
and crafted the House companion bill legislation to the Senate bill we
are considering today. That companion bill is H.R. 3599.
The Federal Rotational Cyber Workforce Program Act continues the
Trump administration's efforts as laid out in the ``America's
Cybersecurity Workforce'' executive order. This executive order
promoted cyber rotational details at the Department of Homeland
Security. Such programs help Federal cyber experts gain more diverse
professional experiences and continue to sharpen their skills.
Our Nation's cyber readiness depends on maintaining a skilled Federal
workforce to defend against constant attacks. Specifically, this bill
establishes an additional governmentwide rotational opportunity for
cyber-focused professionals.
The bill has necessary congressional oversight mechanisms, such as a
requirement for a detailed operational plan and a future Government
Accountability Office review. This will help Congress understand if the
program is running as intended. Additionally, a 5-year sunset will
provide Congress an opportunity to evaluate the program and decide
whether to renew it for future years.
I thank my House and Senate colleagues for their work on this
bipartisan bill, which builds upon the cyber workforce efforts of the
prior administration, and I encourage my colleagues to support S. 1097
and send this necessary bill to the President's desk.
To any teenager who loves to code out there today, I encourage all of
you to look at cybersecurity jobs and opportunities in your near future
because we will need you in our workforce.
Mr. Speaker, I reserve the balance of my time.
Mr. CONNOLLY. Mr. Speaker, I inform the House I have no further
speakers, and I reserve the balance of my time.
Ms. MACE. Mr. Speaker, now more than ever, the cyber workforce of our
Federal agencies needs to be well equipped to address the constant
threats we face.
By expanding cyber rotation programs under this bill, we will help
Federal agencies gain valuable experience and share best practices
across the government.
I encourage my colleagues on both sides of the aisle to support this
bill, and I yield back the balance of my time.
Mr. CONNOLLY. Mr. Speaker, I congratulate my colleague from South
Carolina for her leadership on a very important matter, and I urge
passage of this important piece of legislation.
I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Virginia (Mr. Connolly) that the House suspend the rules
and pass the bill, S. 1097.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the bill was passed.
A motion to reconsider was laid on the table.

____________________