U.S. Cybersecurity: Legislation Pitches Job Rotation
A new bipartisan bill would strengthen the federal government’s capabilities to defend the nation against cyberattacks by enabling security professionals to work at multiple federal agencies to extend their capabilities and broaden their horizons.
Reps. Ro Khanna (D-CA) and Nancy Mace (R-SC) reintroduced the legislation, which previously passed the Senate in 2019 but failed to come up for a vote in the House. Sens. Gary Peters (D-MI) who chairs the Senate Homeland Security and Governmental Affairs Committee, John Hoeven (R-ND) and Jacky Rosen (D-NV.) reintroduced the measure in the Senate in April 2021.
The bill creates a Federal Rotational Cyber Workforce Program (FRCWP) within the Office of Personnel Management (OPM). Its key selling point is that it offers civilian employees opportunities to advance their careers, add to their professional experience and extend their networks.
The potential upside for MSSPs: The job rotation legislation could allow MSSPs to more rapidly build relationships with multiple government agencies each time a contact shifts from one organization to the next.
Federal Government Job Rotation
While government agencies often cannot compete with the salaries and other benefits offered in the private sector, they provide valuable opportunities to defend the nation’s cyber front lines, the lawmakers said. At the same time as federal agencies must deal with spikes in cyber attacks, they struggle to hire and retain skilled cyber pros. The measure’s proponents contend that it would enable employees to gain experience beyond their primary assignment and expand their professional networks. It would also require OPM to distribute annual lists of open federal cybersecurity positions within the program to government employees, and allow the Government Accountability Office (GAO), to assess the program.
Specifically, the Federal Rotational Cyber Workforce Program Act:
- Entrusts leadership of the (FRCWP with the OPM and requires consultation with the Chief Human Capital Officers Council, the Chief Information Officers Council, and the Department of Homeland Security.
- Provides ample flexibility to OPM and participating agencies to ensure the FRCWP can be executed in a manner consistent with existing rotational programs to reduce administrative burden.
- Encourages the heads of each agency to identify rotational cyber positions with a focus on positions that relate to multi-agency, integrated cyber missions.
- Promotes federal workforce awareness of career development opportunities by requiring OPM to distribute an annual list of available FRCWP positions.
- Selects FRCWP applicants in a manner consistent with the merit system principles and allows participants to return to their original position (or similar) upon completion of rotational service.
- Directs GAO to assess the program’s effectiveness ahead of the pilot program’s termination.
The U.S. cannot rely only on private investment to protect the country’s infrastructure, Khanna said. “Silicon Valley has and will continue to lead the world in creativity & scientific discovery, but we can’t rely on private investment alone to protect our cyber-infrastructure from bad actors. The federal government, America’s largest employer, must lead. This dynamic rotational program will give our cyber professionals the wide-ranging experience they need to defend us from growing threats abroad,” he said.
“The [FRCWP] will equip not only our current generation of cybersecurity professionals but our next, ensuring America’s grid is prepared for attack,” said Mace. “To strengthen our cybersecurity workforce is to strengthen our national defense,” she said.
When the bill initially passed the Senate, Peters said the government needs an integrated cyber workforce. “I am proud to reintroduce this commonsense legislation that will strengthen the federal government’s cybersecurity workforce by providing cyber employees unique professional development opportunities while they continue to serve our country,” he said.