[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9770 Introduced in House (IH)]
<DOC>
118th CONGRESS
2d Session
H. R. 9770
To amend the Homeland Security Act of 2002 to provide for education and
training programs and resources of the Cybersecurity and Infrastructure
Security Agency of the Department of Homeland Security, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
September 24, 2024
Mr. Green of Tennessee (for himself, Mr. Guest, Mr. Gimenez, Mr.
Strong, Mr. Ezell, and Mr. Higgins of Louisiana) introduced the
following bill; which was referred to the Committee on Homeland
Security, and in addition to the Committee on Education and the
Workforce, for a period to be subsequently determined by the Speaker,
in each case for consideration of such provisions as fall within the
jurisdiction of the committee concerned
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to provide for education and
training programs and resources of the Cybersecurity and Infrastructure
Security Agency of the Department of Homeland Security, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Providing Individuals Various
Opportunities for Technical Training to Build a Skills-Based Cyber
Workforce Act of 2024'' or the ``Cyber PIVOTT Act''.
SEC. 2. CISA EDUCATION AND TRAINING PROGRAMS AND RESOURCES.
(a) In General.--Subtitle D of title XIII of the Homeland Security
Act of 2002 is amended by adding at the end the following new section:
``SEC. 1334. CISA EDUCATION AND TRAINING PROGRAMS AND RESOURCES.
``(a) Expanding Education and Training Programs and Resources to
Community Colleges and Technical Schools.--
``(1) Student qualifications.--
``(A) In general.--The Director of the
Cybersecurity and Infrastructure Security Agency (CISA)
of the Department shall seek to enter into partnerships
or other arrangements with community colleges (as such
term is defined in section 5002 of the William M. (Mac)
Thornberry National Defense Authorization Act for
Fiscal Year 2021 (15 U.S.C. 9401) and technical schools
(as such term is defined in section 411.167 of title
20, Code of Federal Regulations) (in this section
referred to as `participating institutions') to
establish education and training programs and
facilitate internship and post-graduation Federal job
opportunities at participating institutions. Such
programs shall be known as the `Providing Individuals
Various Opportunities for Technical Training to Build a
Skills-Based Cyber Workforce Program' or the `PIVOTT
Program' (in this section referred to as the
`Program').
``(B) Eligibility.--The following categories of
students are eligible to participate in the Program:
``(i) Students enrolled in but who have not
yet started a two-year cyber or cyber-relevant
associate's degree program or comparable
technical certification, as determined by the
Director of CISA, at a participating
institution.
``(ii) Students currently enrolled in their
first semester of a two-year cyber or cyber-
relevant associate's degree program or
comparable technical certification, as
determined by the Director of CISA, at a
participating institution.
``(iii) Students identified by the Director
of CISA who are eligible and qualified to
enroll in a two-year degree cyber or cyber-
relevant associate's program or comparable
technical certification at a participating
institution, such as individuals who are
pursuing a career change, have a high school
diploma or equivalent, or would be considered
entry-level.
``(iv) Students enrolled in technical
certifications at participating institutions
that are less than two years to complete but
align with Tasks, Knowledge, and Skills (TKS),
as defined by the National Initiative for
Cybersecurity Education (NICE) Cybersecurity
Workforce Framework (NIST Special Publication
800-181, revision 1), and prepare students to
serve in Federal, State, local, Tribal, or
territorial government cyber or cyber-relevant
roles.
``(C) Scholarships.--The Secretary, acting through
the Director of CISA, shall provide students
participating in the Program with full tuition
scholarships, including academic fees, lab fees,
travel, lodging, per diem, stipends, internship costs,
costs associated with virtual participation,
certification testing fees, and any other expenses the
Director determines necessary to complete any
requirement under the Program, including for
participation in one in-person exercise in accordance
with paragraph (3)(B), including travel, lodging,
meals, in-person or in-laboratory post-course
assessments fees, and other necessary expenses as
determined by the Director.
``(D) Service obligation.--
``(i) In general.--Students who participate
in and complete the Program shall fulfill a
two-year service obligation in a cyber role, as
defined by the National Initiative for
Cybersecurity Education (NICE) Cybersecurity
Workforce Framework (NIST Special Publication
800-181, revision 1) or the Department of
Defense Cyber Workforce Framework, to advance
the cyber mission of an executive agency (as
such term is defined in section 105 of title 5,
United States Code) or a State, local, Tribal,
or territorial government.
``(ii) Exception.--The service obligation
specified in clause (i) shall not apply to
students who--
``(I) have completed a term of
service in the Armed Forces that is
equal to the service obligation
specified in clause (i);
``(II) are currently serving in the
Armed Forces; or
``(III) pursue service in the Armed
Forces in a cyber or cyber-relevant
role during or immediately after
completion of the Program.
``(iii) Delayed service.--Students who,
immediately after completion of the Program,
enroll in a four-year degree program may
complete the service obligation specified in
clause (i) after receiving such four-year
degree.
``(E) Program completion timeline.--
``(i) In general.--Students shall complete
participation in the Program within four years
of starting the Program, or pursuant to
participating institution rules if such rules
are in effect at the time such a student begins
such participation.
``(ii) Process for updated completion
timeline.--A student who experiences extreme
hardship during participation in the Program
may submit to the Director of CISA an
application to waive the application of the
timeline specified in clause (i). The Director,
in consultation with the appropriate
participating institution, shall determine on a
case-by-case basis whether such student may be
granted additional time to complete the
Program.
``(2) Institutional requirements.--A community college or
technical school is eligible to participate in the Program if
such college or school is--
``(A) a participant in the National Centers of
Academic Excellence in Cybersecurity (NCAE-C) program;
or
``(B) determined eligible by the Director of CISA,
taking into consideration whether the virtual or in-
person course offerings at such a college or school
aligns with pathways as defined by the National
Initiative for Cybersecurity Education (NICE)
Cybersecurity Workforce Framework (NIST Special
Publication 800-181, revision 1), and the presence of a
cybersecurity clinic on campus.
``(3) Program components.--
``(A) In general.--In accordance with subparagraph
(C), students participating in the Program shall
complete a minimum of four eligible skills-based
exercises described in subparagraph (B).
``(B) Eligible skills-based exercises.--Eligible
skills-based exercises described in this subparagraph
may include the following:
``(i) Laboratory work.
``(ii) Competitions such as hackathons,
challenges, and capture the flag.
``(iii) Virtual programming.
``(iv) Table-top exercises.
``(v) Industry training workshops.
``(vi) Exercises in a box.
``(C) Provision.--
``(i) In general.--The Director of CISA
shall coordinate with participating
institutions to provide at least one skills-
based exercise under subparagraph (A) each
semester.
``(ii) Student requirements.--Students
participating in the Program shall complete at
least one of the four skills-based exercises
under subparagraph (A) in-person.
``(iii) Administration of exercises.--The
Director of CISA, in coordination with
participating institutions, shall offer at
least one in-person skills-based exercise to
Program participants every two years.
``(iv) Coordination.--The Director of CISA
shall coordinate and may jointly offer the
skills-based exercises under subparagraph (A)
with the following:
``(I) Other Federal agencies, such
as the Department of Defense, the
Federal Bureau of Investigation, the
National Security Agency, and the
Office of the National Cyber Director,
as appropriate.
``(II) Non-Federal entities with
cyber or cyber-relevant expertise,
including cybersecurity clinics.
``(v) Exception.--A student participating
in the Program who is unable to complete a
skills-based exercise under subparagraph (A)
may submit to the participating institution a
proposal for a comparable skills-based
exercise, as determined by the Director of
CISA.
``(D) Internships.--
``(i) In general.--The Director of CISA and
participating institutions shall, as a core
requirement of the Program, coordinate with
appropriate entities to place students
participating in the Program in an approved
cyber or cyber-relevant internship, as
determined by the Director, with any of the
following:
``(I) A State, local, Tribal, or
territorial government entity.
``(II) A critical infrastructure
owner or operator that is located in a
rural community or is considered to be
a high-risk sector, as determined by
the Director of CISA.
``(III) A Federal department or
agency, including with the CISA
Regional Security Advisors program.
``(ii) Prioritization.--A student who has
communicated in writing to the Director of CISA
or the participating institution during the
internship placement process that such student
intends to serve in a Federal Government
position beyond the obligations of the student
under paragraph (1)(D) shall be prioritized for
Federal cyber internship opportunities that
require a security clearance.
``(iii) Current federal employees.--The
Director of CISA shall coordinate with the
heads of appropriate Federal agencies to
establish an approved cyber or cyber-relevant
internship program for students participating
in the Program who are Federal employees.
``(iv) Security clearances.--The Director
of CISA shall take such actions as may be
necessary to begin, not later than one year
before an appropriate student under this
subparagraph completes participation in the
Program, the process to provide such student
with an appropriate security clearance.
``(4) Outreach initiatives.--
``(A) CISA.--The Director of CISA shall--
``(i) conduct regional outreach
initiatives, including at institutions
designated as National Centers of Academic
Excellence in Cybersecurity (NCAE-C), and
provide informational materials about the
Program--
``(I) at each CISA regional office;
and
``(II) to industry partners to
promote the Program; and
``(ii) seek to engage with industry
stakeholders to produce an annual report on
industry-relevant skills intended to inform the
skills-based exercises offered in the Program,
which report may include input from an advisory
committee, established by the Director of CISA
and comprised of university-level educators.
``(B) Recruitment fair.--The Director of CISA, in
coordination with the National Cyber Director, shall
host a voluntary Federal Government recruitment fair
that includes Federal Government agency representatives
who seek to recruit for open cybersecurity positions
each fiscal year. Information regarding such fair shall
be posted on a dedicated job board hosted by CISA. Each
such fair may be hosted online or in-person at a
minimum of five Program participating institutions.
``(5) Program completion benefits.--
``(A) Database.--The Director of CISA, leveraging
existing educational content repositories, shall
maintain an online database of cyber training and
education resources, mapped to job roles set forth in
the National Initiative for Cybersecurity Education
(NICE) Cybersecurity Workforce Framework (NIST Special
Publication 800-181, revision 1), and Federal job
opportunities in cyber or cyber-relevant fields. Such
database shall be available for access, as appropriate,
by students who have successfully completed the
Program.
``(B) Certification program.--The Director of CISA
shall establish and update annually a list of existing
cyber certification programs developed or offered by
entities in the private sector, academia, nonprofits,
or other institutions, as determined by the Director.
The Secretary, acting through the Director, may fund,
through vouchers requested by a student participating
in the Program, up to three certifications and
associated certification examinations per student from
such list for such students who complete the Program
within ten years of such completion.
``(C) Additional scholarship opportunities for