At a glance.

  • US president signs two cybersecurity bills.
  • US National Defense Authorization Act prioritizes cybersecurity. 
  • CISA’s Cybersecurity Advisory Committee recommends new cybersecurity recruitment position. 

US president signs two cybersecurity bills.

The White House yesterday announced that President Biden signed two cybersecurity-focused bills into law. The State and Local Government Cybersecurity Act of 2021 directs the Department of Homeland Security on improving cybersecurity collaboration with state, local, tribal, and territorial governments. As the Record by Recorded Media explains, the legislation will allow the Cybersecurity and Infrastructure Security Agency (CISA) to offer state and local governments the opportunity to upgrade their digital security tools and procedures in order to increase cyber coordination while strengthening the cyber workforce at the federal level. The second bill, the Federal Rotational Cyber Workforce Program Act, will establish a rotational, inter-agency workforce development program that will allow cybersecurity professionals to sample jobs at various agencies. The idea is to give these employees the opportunity to learn new skill sets and be exposed to the full scope of government work in an effort to make these positions more competitive with private sector employment. 

US National Defense Authorization Act prioritizes cybersecurity. 

Last week the US Senate Armed Services Committee finalized the 2023 National Defense Authorization Act (NDAA). The military spending authorization bill calls for a 5.5% increase over last year’s bill, including $817 million in Department of Defense (DoD) spending, and a 4.6% pay increase for the military and the DoD civilian workforce. MeriTalk lists the dozens of cybersecurity-related provisions, including the creation of a new Assistant Secretary of Defense position for cyber policy, unclassified reporting through 2032 of US Cyber Command efforts to related to election security, an increase of $180 million for Cyber Mission Force operational support, and $44 million of new funding for Cyber Command’s Hunt Forward Operation. Representative Jim Langevin (Democrat, Rhode Island 2nd District), considered one of the more important cyber lawmakers in the US, took the NDAA as an opportunity to introduce cybersecurity measures that would enhance collaboration and information gathering. Among them: codification of the definitions of the most essential critical infrastructure, the establishment of centers studying vital cybersecurity issues, and the creation of a Bureau of Cyber Statistics. “For the remainder of my time in Congress, I’m committed to advancing the key Cyberspace Solarium Commission recommendations, and this year’s NDAA is an excellent opportunity to do so,” Langevin told the Washington Post. 

At AFCEA International’s recent TechNet Cyber event, Defense Information Systems Agency (DISA) director Lt. Gen. Robert Skinner presented a list of advancements that would help the agency enhance its operational capabilities, and MeriTalk notes that prioritizing cybersecurity in bills like the NDAA will help DISA optimize network performance to ensure that missions can be carried out in the most efficient way possible. The NDAA will now be sent to the full Senate for consideration, and will then go to the House for debate and voting. 

CISA’s Cybersecurity Advisory Committee recommends new cybersecurity recruitment position. 

The US Cybersecurity and Infrastructure Security Agency (CISA) will establish a new role, a Chief People Officer to oversee recruitment efforts and ensure that hiring priorities focus on collaboration with the private sector and other agencies to alleviate the public sector’s shortage of cyber talent. In draft recommendations sent to CISA Director Jen Easterly today, Nextgov reports, CISA’s Cybersecurity Advisory Committee urged the agency to focus on finding a Chief People Officer who will collaborate with the director and other leadership to create a unified talent acquisition approach. The advisors wrote, “CISA requires a comprehensive review of its current workforce and talent needs to ensure that it is properly aligned with the agency’s strategic goals and future growth. The review should include assessment of CISA’s policies and processes to support hiring for those needs while better competing with the private sector.” They also advise that CISA streamline the apparently tedious hiring process to more efficiently onboard new hires. They recommend the agency analyze data on candidates to monitor their progress in the hiring process, setting a goal of “90 days from offer to onboarding for cybersecurity candidates,” instead of the nearly two hundred days on average CISA currently takes.