Bill would help bolster America’s cybersecurity workforce amid increased threats to our networks

WASHINGTON, D.C. — Today, House Committee on Homeland Security Chairman Mark E. Green, MD (R-TN) reintroduced the “Cyber PIVOTT Act” to address America’s cybersecurity workforce shortage amid increased threats to our government networks and critical infrastructure. Senator Mike Rounds (R-SD) will introduce companion legislation in the Senate. The “Cyber PIVOTT Act,” which was first introduced by Chairman Green in the 118th Congress, would establish a new full-scholarship program for two-year degrees primarily at community colleges and technical schools, which are granted in exchange for required government service. 
 
Cosponsors from the House Committee on Homeland Security include Reps. Michael Guest (R-MS), Andrew Garbarino (R-NY), Carlos Gimenez (R-FL), Clay Higgins (R-LA), Dale Strong (R-AL), Sheri Biggs (R-SC), and Gabe Evans (R-CO). Select Committee on the Chinese Communist Party Chairman John Moolenaar (R-MI), Rep. Hal Rogers (R-KY), and Rep. Mike Ezell (R-MS) are also cosponsors.
 
The “Cyber PIVOTT Act” is supported by Palo Alto Networks, Business Software Alliance (BSA), the Internet Security Alliance, Foundation for Defense of Democracies, R Street Institute, the International Information System Security Certification Consortium (ISC2), the National Rural Electric Coop Association (NRECA), Forescout Technologies, Peraton, the Cyber Innovation Center and CYBER.ORG, the U.S. Chamber of Commerce, Ivanti, the McCrary Institute, Information Technology Industry Council (ITI), the American Association of Community Colleges (AACC), Advocacy Blueprints, Microsoft, Darktrace, the Special Competitive Studies Project, and the Partnership for Public Service.
 
“After numerous alarming intrusions into government networks and critical infrastructure, today’s reintroduction of the ‘Cyber PIVOTT Act’ alongside Senator Rounds could not come at a more consequential time. With half a million vacant cybersecurity positions in the country, the threats facing our nation in cyberspace are far too urgent and sophisticated for our current cybersecurity workforce to combat,” Chairman Green said.
 
“Far too often, cybersecurity can be a daunting industry for students and mid-career professionals to break into, creating a dangerous challenge for businesses, institutions, or agencies that work to protect the digital infrastructure Americans rely on every day.

“My legislation would open doors for professionals who are hoping to ‘pivot’ to the cybersecurity field but might not have access to, or want to pursue, a traditional four-year degree. By equipping up to 10,000 cyber professionals per year with industry-relevant skills and a foot in the door for valuable government experience, these scholarships will have a return on investment for both the public and private sectors. 
 
“America’s cyber adversaries are watching. With bipartisan agreement on the need to secure our networks and essential support from partners in academia and industry, we must build on the momentum of last Congress and get this to the president’s desk.”

“Our need for cybersecurity experts has risen as cyber risks to our nation continue to increase,” Senator Mike Rounds, Chairman of the Senate Armed Services Committee’s Subcommittee on Cybersecurity said. “In order to respond quickly and effectively to cyber threats, we must grow our critical cyber workforce in the United States. Our legislation would create a new scholarship-for-service program allowing both first time students interested in the field or professionals pivoting into cyber to be educated in our cyber systems. They would then continue on with a career in cybersecurity at the state, federal, local or tribal level.”

Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino said,“I’ve long said that our insufficient cyber workforce is the preeminent threat to our national cyber preparedness. As Chairman of the Cybersecurity and Infrastructure Protection Subcommittee, I have heard repeatedly from both the public and private sectors that more must be done to fill these gaps. The PIVOTT Act directly addresses this challenge by creating opportunities for entry-level talent to receive the necessary training, strengthening our pipeline of cyber professionals, and enhancing our nation’s cyber defenses.”

THE “PROVIDING INDIVIDUALS VARIOUS OPPORTUNITIES FOR TECHNICAL TRAINING (PIVOTT) TO BUILD A SKILLS-BASED CYBER WORKFORCE ACT OF 2025”:

• Establishes a new, ROTC-like full-scholarship program for two-year degrees, primarily at community colleges and technical schools, to be operated by the Cybersecurity and Infrastructure Security Agency (CISA) in exchange for required government service at the federal, state, local, tribal, or territorial levels.  
• Targets entry-level cyber talent, including those who would like to “pivot” their careers. The program maximizes CISA’s existing resources, relationships with the public and private sectors, and expertise to address the current skills gap between education and work.
• Expedites the pathway into government service at any level, including positions that require a security clearance, while providing ample opportunities for upskilling and reskilling after completion of the program.  
• Makes important service exemptions for military members who would like to build cyber skills but have already served their country.
• Provides a pathway to begin training 10,000 cyber professionals per year while seeking to provide additional Department of Homeland Security support to the CyberCorps Scholarship for Service Program.  

As cyber intrusions by malign nation-states and opportunistic cyber criminals grow in sophistication and frequency, our nation’s dwindling cybersecurity workforce presents a homeland security threat. Read the Committee’s “Cyber Threat Snapshot” here.

STARTLING CYBER STATS:

• Roughly 500,000 cybersecurity jobs in the United States are vacant. 
• The average cost of a data breach in the United States amounts to $9.36 million––almost double that of the global average.
• Cyberattacks on critical infrastructure globally increased 30 percent in 2023.
• Cyberattacks on state and local governments increased from 2022 to 2023.
• Among workers surveyed, 57 percent say staffing shortages puts them at a “moderate or extreme risk of cybersecurity attacks.”
• In a national survey, 75 percent of cyber workers said the “current threat landscape is the most challenging it has been in the past five years.” 
• Federal cyber workers tend to have a longer tenure, with an average length of service of 14 years.

###