The publication is reproduced in full below:
FEDERAL ROTATIONAL CYBER WORKFORCE PROGRAM ACT OF 2021
Ms. NORTON. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 3599) to establish a Federal rotational cyber workforce program for the Federal cyber workforce, and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 3599
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Federal Rotational Cyber Workforce Program Act of 2021''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Agency.--The term ``agency'' has the meaning given the term ``Executive agency'' in section 105 of title 5, United States Code, except that the term does not include the Government Accountability Office.
(2) Competitive service.--The term ``competitive service'' has the meaning given that term in section 2102 of title 5, United States Code.
(3) Councils.--The term ``Councils'' means--
(A) the Chief Human Capital Officers Council established under section 1303 of the Chief Human Capital Officers Act of 2002 (5 U.S.C. 1401 note); and
(B) the Chief Information Officers Council established under section 3603 of title 44, United States Code.
(4) Cyber workforce position.--The term ``cyber workforce position'' means a position identified as having information technology, cybersecurity, or other cyber-related functions under section 303 of the Federal Cybersecurity Workforce Assessment Act of 2015 (5 U.S.C. 301 note).
(5) Director.--The term ``Director'' means the Director of the Office of Personnel Management.
(6) Employee.--The term ``employee'' has the meaning given the term in section 2105 of title 5, United States Code.
(7) Employing agency.--The term ``employing agency'' means the agency from which an employee is detailed to a rotational cyber workforce position.
(8) Excepted service.--The term ``excepted service'' has the meaning given that term in section 2103 of title 5, United States Code.
(9) Rotational cyber workforce position.--The term
``rotational cyber workforce position'' means a cyber workforce position with respect to which a determination has been made under section 3(a)(1).
(10) Rotational cyber workforce program.--The term
``rotational cyber workforce program'' means the program for the detail of employees among rotational cyber workforce positions at agencies.
(11) Secretary.--The term ``Secretary'' means the Secretary of Homeland Security.
SEC. 3. ROTATIONAL CYBER WORKFORCE POSITIONS.
(a) Determination With Respect to Rotational Service.--
(1) In general.--The head of each agency may determine that a cyber workforce position in that agency is eligible for the rotational cyber workforce program, which shall not be construed to modify the requirement under section 4(b)(3) that participation in the rotational cyber workforce program by an employee shall be voluntary.
(2) Notice provided.--The head of an agency shall submit to the Director--
(A) notice regarding any determination made by the head of the agency under paragraph (1); and
(B) for each position with respect to which the head of the agency makes a determination under paragraph (1), the information required under subsection (b)(1).
(b) Preparation of List.--The Director, with assistance from the Councils and the Secretary, shall develop a list of rotational cyber workforce positions that--
(1) with respect to each such position, to the extent that the information does not disclose sensitive national security information, includes--
(A) the title of the position;
(B) the occupational series with respect to the position;
(C) the grade level or work level with respect to the position;
(D) the agency in which the position is located;
(E) the duty location with respect to the position; and
(F) the major duties and functions of the position; and
(2) shall be used to support the rotational cyber workforce program.
(c) Distribution of List.--Not less frequently than annually, the Director shall distribute an updated list developed under subsection (b) to the head of each agency and other appropriate entities.
SEC. 4. ROTATIONAL CYBER WORKFORCE PROGRAM.
(a) Operation Plan.--
(1) In general.--Not later than 270 days after the date of enactment of this Act, and in consultation with the Councils, the Secretary, representatives of other agencies, and any other entity as the Director determines appropriate, the Director shall develop and issue a Federal Rotational Cyber Workforce Program operation plan providing policies, processes, and procedures for a program for the detailing of employees among rotational cyber workforce positions at agencies, which may be incorporated into and implemented through mechanisms in existence on the date of enactment of this Act.
(2) Updating.--The Director may, in consultation with the Councils, the Secretary, and other entities as the Director determines appropriate, periodically update the operation plan developed and issued under paragraph (1).
(b) Requirements.--The operation plan developed and issued under subsection (a) shall, at a minimum--
(1) identify agencies for participation in the rotational cyber workforce program;
(2) establish procedures for the rotational cyber workforce program, including--
(A) any training, education, or career development requirements associated with participation in the rotational cyber workforce program;
(B) any prerequisites or requirements for participation in the rotational cyber workforce program; and
(C) appropriate rotational cyber workforce program performance measures, reporting requirements, employee exit surveys, and other accountability devices for the evaluation of the program;
(3) provide that participation in the rotational cyber workforce program by an employee shall be voluntary;
(4) provide that an employee shall be eligible to participate in the rotational cyber workforce program if the head of the employing agency of the employee, or a designee of the head of the employing agency of the employee, approves of the participation of the employee;
(5) provide that the detail of an employee to a rotational cyber workforce position under the rotational cyber workforce program shall be on a nonreimbursable basis;
(6) provide that agencies may agree to partner to ensure that the employing agency of an employee that participates in the rotational cyber workforce program is able to fill the position vacated by the employee;
(7) require that an employee detailed to a rotational cyber workforce position under the rotational cyber workforce program, upon the end of the period of service with respect to the detail, shall be entitled to return to the position held by the employee, or an equivalent position, in the employing agency of the employee without loss of pay, seniority, or other rights or benefits to which the employee would have been entitled had the employee not been detailed;
(8) provide that discretion with respect to the assignment of an employee under the rotational cyber workforce program shall remain with the employing agency of the employee;
(9) require that an employee detailed to a rotational cyber workforce position under the rotational cyber workforce program in an agency that is not the employing agency of the employee shall have all the rights that would be available to the employee if the employee were detailed under a provision of law other than this Act from the employing agency to the agency in which the rotational cyber workforce position is located;
(10) provide that participation by an employee in the rotational cyber workforce program shall not constitute a change in the conditions of the employment of the employee; and
(11) provide that an employee participating in the rotational cyber workforce program shall receive performance evaluations relating to service in the rotational cyber workforce program in a participating agency that are--
(A) prepared by an appropriate officer, supervisor, or management official of the employing agency, acting in coordination with the supervisor at the agency in which the employee is performing service in the rotational cyber workforce position;
(B) based on objectives identified in the operation plan with respect to the employee; and
(C) based in whole or in part on the contribution of the employee to the agency in which the employee performed such service, as communicated from that agency to the employing agency of the employee.
(c) Program Requirements for Rotational Service.--
(1) In general.--An employee serving in a cyber workforce position in an agency may, with the approval of the head of the agency, submit an application for detail to a rotational cyber workforce position that appears on the list developed under section 3(b).
(2) Opm approval for certain positions.--An employee serving in a position in the excepted service may only be selected for a rotational cyber workforce position that is in the competitive service with the prior approval of the Office of Personnel Management, in accordance with section 300.301 of title 5, Code of Federal Regulations, or any successor thereto.
(3) Selection and term.--
(A) Selection.--The head of an agency shall select an employee for a rotational cyber workforce position under the rotational cyber workforce program in a manner that is consistent with the merit system principles under section 2301(b) of title 5, United States Code.
(B) Term.--Except as provided in subparagraph (C), and notwithstanding section 3341(b) of title 5, United States Code, a detail to a rotational cyber workforce position shall be for a period of not less than 180 days and not more than 1 year.
(C) Extension.--The Chief Human Capital Officer of the agency to which an employee is detailed under the rotational cyber workforce program may extend the period of a detail described in subparagraph (B) for a period of 60 days unless the Chief Human Capital Officer of the employing agency of the employee objects to that extension.
(4) Written service agreements.--
(A) In general.--The detail of an employee to a rotational cyber workforce position shall be contingent upon the employee entering into a written service agreement with the employing agency under which the employee is required to complete a period of employment with the employing agency following the conclusion of the detail that is equal in length to the period of the detail.
(B) Other agreements and obligations.--A written service agreement under subparagraph (A) shall not supersede or modify the terms or conditions of any other service agreement entered into by the employee under any other authority or relieve the obligations between the employee and the employing agency under such a service agreement. Nothing in this subparagraph prevents an employing agency from terminating a service agreement entered into under any other authority under the terms of such agreement or as required by law or regulation.
SEC. 5. REPORTING BY GAO.
Not later than the end of the third fiscal year after the fiscal year in which the operation plan under section 4(a) is issued, the Comptroller General of the United States shall submit to Congress a report assessing the operation and effectiveness of the rotational cyber workforce program, which shall address, at a minimum--
(1) the extent to which agencies have participated in the rotational cyber workforce program, including whether the head of each such participating agency has--
(A) identified positions within the agency that are rotational cyber workforce positions;
(B) had employees from other participating agencies serve in positions described in subparagraph (A); and
(C) had employees of the agency request to serve in rotational cyber workforce positions under the rotational cyber workforce program in participating agencies, including a description of how many such requests were approved; and
(2) the experiences of employees serving in rotational cyber workforce positions under the rotational cyber workforce program, including an assessment of--
(A) the period of service;
(B) the positions (including grade level and occupational series or work level) held by employees before completing service in a rotational cyber workforce position under the rotational cyber workforce program;
(C) the extent to which each employee who completed service in a rotational cyber workforce position under the rotational cyber workforce program achieved a higher skill level, or attained a skill level in a different area, with respect to information technology, cybersecurity, or other cyber-related functions; and
(D) the extent to which service in rotational cyber workforce positions has affected intra-agency and interagency integration and coordination of cyber practices, functions, and personnel management.
SEC. 6. SUNSET.
Effective 5 years after the date of enactment of this Act, this Act is repealed.
SEC. 7. DETERMINATION OF BUDGETARY EFFECTS.
The budgetary effects of this Act, for the purpose of complying with the Statutory Pay-As-You-Go Act of 2010, shall be determined by reference to the latest statement titled
``Budgetary Effects of PAYGO Legislation'' for this Act, submitted for printing in the Congressional Record by the Chairman of the House Budget Committee, provided that such statement has been submitted prior to the vote on passage.
The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from the District of Columbia (Ms. Norton) and the gentleman from Pennsylvania (Mr. Keller) each will control 20 minutes.
The Chair recognizes the gentlewoman from the District of Columbia.
General Leave
Ms. NORTON. Mr. Speaker, I ask unanimous consent that all Members have 5 legislative days within which to revise and extend their remarks and insert extraneous material on H.R. 3599.
The SPEAKER pro tempore. Is there objection to the request of the gentlewoman from the District of Columbia?
There was no objection.
Ms. NORTON. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, I rise to support H.R. 3599, the Federal Rotational Cyber Workforce Program Act. This bill is the product of bipartisan cooperation of our Oversight and Reform Committee members, Representatives Ro Khanna and Nancy Mace, and I want to thank them for their work on this bill.
Earlier this year, our committee held a hearing on the Government Accountability Office's 2021 High-Risk Report, which details the areas of government operations at greatest risk of failing to meet the considerable challenges they face.
Cybersecurity was near the top of the list, along with the cyber skills gap that persists across the Federal workforce. As the Government Accountability Office report described, Federal agencies are struggling to ensure that staff have the skills required to address the critical cybersecurity risks and challenges that our government faces.
Recent cyberattacks have demonstrated the dire consequences of failing to improve the Federal Government's cybersecurity operations. These include the SolarWinds breach, in which Russian hackers infiltrated the networks of nine Federal agencies and went undetected for months.
Around the same time, cyberattacks linked to the Chinese government targeted Microsoft's enterprise email software and threatened the internal data of Federal agencies. In addition, Russian hackers successfully breached the servers of the U.S. Department of State and stole thousands of emails.
The Federal Rotational Cyber Workforce Program Act, as it is called, would enable cybersecurity professionals in the Federal Government to rotate through assignments outside of their regular position. This would allow more agencies to benefit from their enterprise and give program participants the opportunities for professional development. The program would be authorized for 5 years and, after 3 years, the Government Accountability Office would assess the operation and effectiveness of the program.
This legislation would go a long way toward improving Federal agencies' capacity to strengthen cybersecurity operations, help retain top talent, and facilitate the exchange of expertise in this critical field.
The security of Federal information technology systems and data is essential to national security, to preserving public trust in government institutions, and to ensuring that agencies meet their missions in serving the American people.
I strongly support this bill, and I urge my colleagues to do the same.
Mr. Speaker, I reserve the balance of my time.
Mr. KELLER. Mr. Speaker, I yield myself such time as I may consume.
Mr. Speaker, the Federal Government has significant work to do on the cybersecurity front. My colleagues, Representatives Khanna and Mace, recognized this harsh reality when crafting their bill to improve our Federal workforce's cybersecurity and IT expertise.
We face many challenges, including adequately securing IT infrastructure from cyber intrusions, supply chain hacks, and ransomware, each the subject of recent front-page news.
Our cyber readiness depends, in part, upon our ability to maintain a prepared and capable Federal workforce to defend our Nation's government from a relentless onslaught of cyberattacks.
Toward that end, the Federal Rotational Cyber Workforce Program Act continues efforts created and implemented during the Trump administration to promote cyber rotational details throughout Federal agencies so that our valuable Federal cyber experts continue to sharpen their skills.
This bill seeks to codify an additional rotational opportunity for cyber-focused professionals throughout the Federal Government.
Former President Trump's executive order, ``America's Cybersecurity Workforce,'' established a mechanism for Federal employees to be detailed to other agencies through a cybersecurity rotational assignment program. The Federal Rotational Cyber Workforce Program Act places management of a similar type of program under the Office of Personnel Management.
Importantly, for oversight purposes, the bill establishes requirements for a detailed operational plan and a report from the Government Accountability Office to enable congressional oversight. This will help Congress evaluate whether the rotational program is running as intended and meaningfully addressing both personnel and agency needs.
If this new rotational program is not providing the intended value to the Federal Government, then Congress will have the opportunity to decline reauthorizing the program after it sunsets in 5 years. This is a valuable safety valve to the expansion of the Federal Government, which I am glad to see included in this bill.
I thank my colleagues for their work on this bipartisan bill, which builds upon the cyber workforce efforts of the prior administration.
Mr. Speaker, I reserve the balance of my time.
Ms. NORTON. Mr. Speaker, I yield 2 minutes to the gentleman from California (Mr. Khanna).
Mr. KHANNA. Mr. Speaker, I thank Delegate Norton for her leadership, and I thank Ranking Member Comer for his leadership on the bill and, of course, Representative Mace, who has been a colleague and helped craft this.
Everyone recognizes that our country faces cyberattacks. In the private sector, we don't silo cybersecurity officials. You don't say,
``You just work in one department.'' They rotate through a company. We shouldn't have separate silos in the Federal Government.
This bill is just common sense. It says that we need to have a rotational system in the Federal Government so that you can have expertise from all the different agencies, and we can have a comprehensive response. It helps us get talent. And it is bipartisan.
We should give credit to the previous administration for having, as was pointed out, the executive order. I worked with Matt Lira at the previous White House. There is nothing that is partisan about making sure that America isn't attacked with cybercrimes and cyberattacks. That is a bipartisan initiative, and this does build on the work they did. It makes it stronger, and we put, ultimately, resources toward it.
But I am proud of the work. I am proud of working with Representative Mace on it. Frankly, I think we ought to be doing more things in this body in a bipartisan way that strengthen American security.
Mr. KELLER. Mr. Speaker, I yield such time as she may consume to the gentlewoman from South Carolina (Ms. Mace).
Ms. MACE. Mr. Speaker, today, I rise in support of H.R. 3599, the Federal Rotational Cyber Workforce Program Act. It is a long title, but it is a very good bill. I thank my colleague, Ro Khanna, for his leadership.
Cybersecurity is national security, and this is one area where it is not Democrat or Republican. When 11 Federal agencies were hacked last year by an organization affiliated with Russia, they didn't care if you had an R or a D by your name.
Imagine if, in the Federal Government, or at least a portion of the Federal Government, we could work and operate more like a business than a bureaucracy. Well, we can do that right here today with H.R. 3599.
I thank, again, Ro Khanna for his leadership and for allowing me the opportunity to work together with him on this. This is the third bill I have worked on that I hope will pass on the floor of the House tonight.
We have an opportunity to show tremendous leadership here today. I have heard a number of my colleagues here this afternoon, Republicans and Democrats, working together for the American people, putting the American people first, and that is what we are doing.
Every day, criminal elements are attempting to steal our secrets, disrupt our infrastructure, and damage our economy by extorting money from businesses and organizations across the United States.
Most recently, in the State of South Carolina, we saw the high-
profile Colonial Pipeline hacking and attack. It is a reminder that America's adversaries are creative and cunning and that our government must be the same to combat this growing threat.
It is imperative that our government be able to obtain, train, and retain the cyber and technology talent needed to counter these sophisticated hackers across the globe. The Federal Rotational Cyber Workforce Program Act will allow Federal employees to collaborate and broaden their work experiences, their knowledge, and their skill sets across Federal agencies, much in the same way their counterparts do in the private sector.
I thank my colleagues today, Republicans and Democrats, and I urge each and every one of them to vote in favor of this legislation this evening.
Mr. KELLER. Mr. Speaker, I have no further speakers, and I am prepared to close.
Mr. Speaker, it is important to improve the readiness of our Nation's cyber workforce through the expansion of cyber rotations between our Federal agencies. I encourage my colleagues to support this important legislation.
Mr. Speaker, I yield back the balance of my time.
Ms. NORTON. Mr. Speaker, I urge passage of H.R. 3599, and I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the gentlewoman from the District of Columbia (Ms. Norton) that the House suspend the rules and pass the bill, H.R. 3599, as amended.
The question was taken.
The SPEAKER pro tempore. In the opinion of the Chair, two-thirds being in the affirmative, the ayes have it.
Mrs. GREENE of Georgia. Mr. Speaker, on that I demand the yeas and nays.
The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 8, the yeas and nays are ordered.
Pursuant to clause 8 of rule XX, further proceedings on this motion are postponed.
____________________
SOURCE: Congressional Record Vol. 167, No. 130
The Congressional Record is a unique source of public documentation. It started in 1873, documenting nearly all the major and minor policies being discussed and debated.
House Representatives' salaries are historically higher than the median US income.
Alerts Sign-up