Text: S.754 — 115th Congress (2017-2018)All Information (Except Text)

Text available as:

Shown Here:
Reported to Senate (06/05/2018)

Calendar No. 440

115th CONGRESS
2d Session
S. 754

[Report No. 115–263]


To support meeting our Nation’s growing cybersecurity workforce needs by expanding the cybersecurity education pipeline.


IN THE SENATE OF THE UNITED STATES

March 28, 2017

Mr. Kaine (for himself, Mr. Wicker, Mrs. Murray, Mr. Perdue, Mr. Nelson, and Mr. Thune) introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and Transportation

June 5, 2018

Reported by Mr. Thune, with an amendment

[Strike out all after the enacting clause and insert the part printed in italic]


A BILL

To support meeting our Nation’s growing cybersecurity workforce needs by expanding the cybersecurity education pipeline.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Cyber Scholarship Opportunities Act of 2017”.

SEC. 2. Findings.

Congress finds the following:

(1) A well-trained workforce is essential to meeting the Nation’s growing cybersecurity needs.

(2) A 2015 report by the National Academy of Public Administration found that the United States faces a severe shortage of properly trained and equipped cybersecurity professionals.

(3) A 2015 study of the information security workforce found that the information security workforce shortfall is widening.

(4) The National Science Foundation’s Cy­ber­Corps: Scholarship-for-Service program is a successful effort to support capacity building in institutions of higher education and scholarships for students to pursue cybersecurity careers.

SEC. 3. Sense of Congress.

It is the sense of Congress that—

(1) given the current need for cybersecurity professionals in the public and private sectors, Congress and the Federal Government should support existing programs to boost their success;

(2) the Federal Government should also build upon and develop existing programs to meet emerging challenges, such as the need to protect critical infrastructure and the greater need for cybersecurity professionals of various skill levels;

(3) there is a need for greater engagement with students at the kindergarten through grade 12 level to recruit young people to pursue career paths in cybersecurity;

(4) many community colleges offer degrees or industry-recognized credentials in cybersecurity and related fields that prepare students to fill high-demand cybersecurity jobs, and the Federal Government should support programs at 2-year institutions of higher education that help students develop skills necessary to support the Nation’s cybersecurity missions; and

(5) the Federal Government should expand existing programs to support re-training mid-career individuals, such as veterans of the Armed Forces, to fill cybersecurity positions.

SEC. 4. Federal Cyber Scholarship-for-Service program.

Section 302 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442) is amended—

(1) in subsection (a), by adding at the end the following: “Not less than 5 percent of scholarships provided under this section shall be provided to eligible students who are pursuing an associate's degree in a cybersecurity field without the intent of transferring to a bachelor’s degree program and either have a bachelor's degree already or are veterans of the Armed Forces.”;

(2) in subsection (d), by adding at the end the following: “In the case of a scholarship recipient who is pursuing a doctoral or master's degree, such agreement may include (if determined appropriate on a case-by-case basis by the Director of the National Science Foundation) an agreement for the recipient to work at an institution of higher education or for a local educational agency teaching cybersecurity skills for a period equal to the length of the scholarship following receipt of such degree.”;

(3) in subsection (f)—

(A) by striking paragraph (3) and inserting the following:

“(3) have demonstrated a high level of competency in relevant knowledge, skills, and abilities, as described in the national cybersecurity awareness and education program under section 401;”; and

(B) by striking paragraph (4) and inserting the following:

“(4) be a student in an eligible degree program at a qualified institution of higher education, as determined by the Director of the National Science Foundation, who is—

“(A) a full-time student; or

“(B) a student who is enrolled for study leading to a degree on a less than full-time basis but not less than half-time basis; and”;

(4) by striking subsection (m) and inserting the following:

“(m) Evaluation and report.—

“(1) IN GENERAL.—The Director of the National Science Foundation shall evaluate and make public, in a manner that protects the personally identifiable information of scholarship recipients, information on the success of recruiting individuals for scholarships under this section and on hiring and retaining those individuals in the public sector workforce, including on—

“(A) placement rates;

“(B) where students are placed;

“(C) student salary ranges for students not released from obligations under this section;

“(D) how long after graduation they are placed;

“(E) how long they stay in the positions they enter upon graduation;

“(F) how many students are released from obligations; and

“(G) what (if any) remedial training needs are required.

“(2) REGULAR REPORTS.—The Director of the National Science Foundation shall submit reports to Congress under paragraph (1) not less often than once every 5 years.”; and

(5) by adding at the end the following:

“(n) Resources.—The Director of the National Science Foundation shall work with the Director of the Office of Personnel Management to provide adequate resources to the CyberCorps community in the form of an online resource center, where all other relevant websites will be consolidated or eliminated, if possible. To the extent applicable, such websites shall—

“(1) present up-to-date, accurate information about existing scholarship programs and job opportunities;

“(2) present a modernized view of cybersecurity careers;

“(3) improve user friendliness; and

“(4) allow prospective job applicants to search positions by State, salary, and title.

“(o) Advertisements.—The Director of the National Science Foundation shall work with the Director of the Office of Personnel Management and State, local, and tribal agencies to advertise cybersecurity positions to scholarship recipients under this section, such as by hosting, in coordination with such office and agencies, a virtual job fair for scholarship recipients.

“(p) Cybersecurity at kindergarten through grade 12 level.—The Director of the National Science Foundation, in coordination with other Federal agencies as necessary, shall carry out a program to grow and improve cybersecurity education at the kindergarten through grade 12 level that—

“(1) increases interest in cybersecurity careers;

“(2) helps students practice correct and safe online behavior and understand the foundational principles of cybersecurity; and

“(3) improves teaching methods for delivering cybersecurity content for kindergarten through grade 12 computer science curricula.

“(q) Critical infrastructure protection.—Due to the need for skilled cybersecurity professionals to protect the Nation’s critical infrastructure, the Director of the National Science Foundation may—

“(1) grant exceptions to students for fulfilling post-award employment obligations under this section (on a case-by-case basis and in coordination with other Federal agencies) who agree to work in a critical infrastructure mission at a Federal Government corporation or a State, local, or tribal government-affiliated asset, system, or network that is considered to be part of a critical infrastructure sector as described in Presidential Policy Directive–21, issued February 12, 2013 (related to critical infrastructure security and resilience), or any successor; and

“(2) develop a pilot program to enhance critical infrastructure protection training for students pursuing careers in cybersecurity.

“(r) Study.—The Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall assess the potential benefits and feasibility of granting scholarship awards under this section to students who do not possess a bachelor’s degree to pursue an associate's degree or an industry-recognized credential in a cybersecurity field.”.

SECTION 1. Short title.

This Act may be cited as the “Cyber Scholarship Opportunities Act of 2017”.

SEC. 2. Findings.

Congress finds the following:

(1) A well-trained workforce is essential to meeting the Nation’s cybersecurity needs.

(2) An October 2015 report by the National Academy of Public Administration entitled “Increasing the Effectiveness of the Federal Role in Cybersecurity Education” noted that the United States faces a severe shortage of properly trained and equipped cybersecurity professionals in both the government and private sector workforce.

(3) The 2015 (ISC)² Global Information Security Workshop Study stated that “the information security workforce shortfall is widening.”

(4) The National Science Foundation’s Federal Cyber Scholarship-for-Service program is a successful effort to support capacity building in institutions of higher education and scholarships for students to pursue cybersecurity careers.

SEC. 3. Community college cyber pilot program and assessment.

(a) Pilot program.—Not later than 1 year after the date of enactment of this Act, as part of the Federal Cyber Scholarship-for-Service program established under section 302 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442), the Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall develop and implement a pilot program at not more than 10, but at least 5, community colleges to provide scholarships to eligible students who—

(1) are pursuing associate degrees or specialized program certifications in the field of cybersecurity; and

(2) (A) have bachelor's degrees; or

(B) are veterans of the armed forces.

(b) Assessment.—Not later than 1 year after the date of enactment of this Act, as part of the Federal Cyber Scholarship-for-Service program established under section 302 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442), the Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall assess the potential benefits and feasibility of providing scholarships through community colleges to eligible students who are pursuing associate degrees, but do not have bachelor's degrees.

SEC. 4. Federal Cyber Scholarship-for Service program updates.

(a) In general.—Section 302 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442) is amended—

(1) by striking subsection (b)(3) and inserting the following:

“(3) prioritize the employment placement of at least 80 percent of scholarship recipients in an executive agency (as defined in section 105 of title 5, United States Code); and

“(4) provide awards to improve cybersecurity education at the kindergarten through grade 12 level—

“(A) to increase interest in cybersecurity careers;

“(B) to help students practice correct and safe online behavior and understand the foundational principles of cybersecurity;

“(C) to improve teaching methods for delivering cybersecurity content for kindergarten through grade 12 computer science curricula; and

“(D) to promote teacher recruitment in the field of cybersecurity.”;

(2) by amending subsection (d) to read as follows:

“(d) Post-award employment obligations.—Each scholarship recipient, as a condition of receiving a scholarship under the program, shall enter into an agreement under which the recipient agrees to work for a period equal to the length of the scholarship, following receipt of the student's degree, in the cybersecurity mission of—

“(1) an executive agency (as defined in section 105 of title 5, United States Code);

“(2) Congress, including any agency, entity, office, or commission established in the legislative branch;

“(3) an interstate agency;

“(4) a State, local, or tribal government; or

“(5) a State, local, or tribal government-affiliated non-profit that is considered to be critical infrastructure (as defined in section 1016(e) of the USA Patriot Act (42 U.S.C. 5195c(e))).”;

(3) in subsection (f)—

(A) by amending paragraph (3) to read as follows:

“(3) have demonstrated a high level of competency in relevant knowledge, skills, and abilities, as defined by the national cybersecurity awareness and education program under section 401;”; and

(B) by amending paragraph (4) to read as follows:

“(4) be a full-time student in an eligible degree program at a qualified institution of higher education, as determined by the Director of the National Science Foundation, except that in the case of a student who is enrolled in a community college, be a student pursuing a degree on a less than full-time basis, but not less than half-time basis; and”; and

(4) by amending subsection (m) to read as follows:

“(m) Public information.—

“(1) EVALUATION.—The Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall periodically evaluate and make public, in a manner that protects the personally identifiable information of scholarship recipients, information on the success of recruiting individuals for scholarships under this section and on hiring and retaining those individuals in the public sector cyber workforce, including on—

“(A) placement rates;

“(B) where students are placed, including job titles and descriptions;

“(C) student salary ranges for students not released from obligations under this section;

“(D) how long after graduation they are placed;

“(E) how long they stay in the positions they enter upon graduation;

“(F) how many students are released from obligations; and

“(G) what, if any, remedial training is required.

“(2) REPORTS.—The Director of the National Science Foundation, in coordination with the Office of Personnel Management, shall submit, at least once every 3 years, to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Science, Space, and Technology of the House of Representatives a report, including the results of the evaluation under paragraph (1) and any recent statistics regarding the size, composition, and educational requirements of the Federal cyber workforce.

“(3) RESOURCES.—The Director of the National Science Foundation, in coordination with the Director of the Office of Personnel Management, shall provide consolidated and user-friendly online resources for prospective scholarship recipients, including, to the extent practicable—

“(A) searchable, up-to-date, and accurate information about participating institutions of higher education and job opportunities related to the field of cybersecurity; and

“(B) a modernized description of cybersecurity careers.”.

(b) Savings provision.—Nothing in this section, or an amendment made by this section, shall affect any agreement, scholarship, loan, or repayment, under section 302 of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7442), in effect on the day before the date of enactment of this Act.

SEC. 5. Cybersecurity teaching.

Section 10A(i) of the National Science Foundation Authorization Act of 2002 (42 U.S.C. 1862n-1(i)) is amended—

(1) by amending paragraph (5) to read as follows:

“(5) the term ‘mathematics and science teacher’ means a science, technology, engineering, mathematics, or computer science, including cybersecurity, teacher at the elementary school or secondary school level;”; and

(2) by amending paragraph (7) to read as follows:

“(7) the term ‘science, technology, engineering, or mathematics professional’ means an individual who holds a baccalaureate, master's, or doctoral degree in science, technology, engineering, mathematics, or computer science, including cybersecurity, and is working in or had a career in such field or a related area; and”.


Calendar No. 440

115th CONGRESS
     2d Session
S. 754
[Report No. 115–263]

A BILL
To support meeting our Nation’s growing cybersecurity workforce needs by expanding the cybersecurity education pipeline.

June 5, 2018
Reported with an amendment