Chairman Green Introduces “Cyber PIVOTT Act” to Tackle Government Cyber Workforce Shortage, Create Pathways for 10,000 New Professionals
September 24, 2024
WASHINGTON, D.C. — Today, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) released the following statement on the introduction of the Providing Individuals Various Opportunities for Technical Training (PIVOTT) to Build a Skills-Based Cyber Workforce Act of 2024, or the “Cyber PIVOTT Act.” This legislation increases the accessibility of cyber training and education by establishing a new full-scholarship program for two-year degrees at community colleges and technical schools, which are granted in exchange for required government service:
“Today, I am proud to introduce legislation to ensure all levels of government have the best and brightest cyber professionals on the frontlines of America’s cyber border. As threats to our critical infrastructure and civilian networks from Beijing, Tehran, and Moscow grow and AI lowers the barrier to entry for attacks, our worsening cyber workforce gap has created a dangerous homeland security threat.
“ROTC programs offer a valuable pathway for students who don’t have the opportunity to attend a military academy to begin a lifetime of dedicated military service. Likewise, the ‘Cyber PIVOTT Act’ opens doors for professionals seeking to ‘pivot’ to the specialty of cybersecurity without a traditional four-year degree––rewarding and supporting those who use their valuable skills to protect government networks and ensuring they’re ready to work on day one.
“Every minute our cyber professionals are unprepared to meet the moment gives foreign adversaries and opportunistic criminals the upper hand. Recognizing this threat, the ‘Cyber PIVOTT Act’ focuses on the most valuable resource for effective, whole-of-government cybersecurity––the right people in the right jobs, with the right skills, when our country needs them most.”
Read more from Tim Starks via CyberScoop.
- Establishes a new, ROTC-like full-scholarship program for two-year degrees at community colleges and technical schools to be operated by the Cybersecurity and Infrastructure Security Agency (CISA) in exchange for required government service at the federal, state, local, tribal, or territorial levels.
- Targets entry-level cyber talent, including those who would like to “pivot” their careers. The program maximizes CISA’s existing resources, relationships with the public and private sectors, and expertise to address the current skills gap between education and work.
- Expedites the pathway into government service at any level, including positions that require a security clearance, while providing ample opportunities for upskilling and reskilling after completion of the program.
- Makes important service exemptions for military members who would like to build cyber skills but have already served their country.
- Provides a pathway to begin training 10,000 cyber professionals per year while seeking to provide additional Department of Homeland Security support to the CyberCorps Scholarship for Service Program.
CYBER WORKFORCE BY THE NUMBERS:
The White House notes there are over 500,000 open cybersecurity positions across the United States. Recent incidents such as the discovery of Volt Typhoon compromising U.S. critical infrastructure, heightened cyberattacks by Iranian-backed actors, and the Change Healthcare ransomware attack have underscored the vulnerability of critical systems across sectors. Federal agencies alone experience thousands of cyber incidents yearly, each with mounting sophistication and frequency. These incidents reflect the gamut of threat actors and tactics, including nation-state actors, malicious insiders, ransomware attacks, supply-chain exploitation, commercial spyware, and AI.
- The United States has seen a 17% increase in its cyber workforce gap but only an 11% increase in its cyber workforce. Among workers surveyed, 57% say staffing shortages caused by this discrepancy puts them at a “moderate or extreme risk of cybersecurity attacks” which “decrease their ability to perform critical, careful risk assessment and remain agile amid a challenging threat landscape.”
- In a national survey, 75% of cyber workers said the “current threat landscape is the most challenging it has been in the past five years.” Yet only 52% felt that their organization had the resources required to respond to cyber incidents over the next few years. The cyber workforce gap is compounded by a skills gap, most common in areas such as cloud computing, AI/machine learning (ML), and Zero Trust implementation.
- More workers are also entering the cyber field later in their careers, with cybersecurity becoming an increasingly attractive field to non-cyber professionals. Whereas 46% of new cyber workers entered the field with a relevant bachelor’s degree, 63% of tenured cyber workers held IT positions before entering cybersecurity.
- Federal cyber workers also tend to have a longer tenure, with an average length of service of 14 years. This means that cyber roles are filled by individuals who may have been qualified when hired but may not have the requisite training or skills necessary to defend against today’s threats. Hence, even those occupying the 90,000 filled cyber roles may not be appropriately qualified to face today’s threat landscape, particularly if they are not offered opportunities to upskill.
###