What They Are Saying: Cybersecurity “Takes Center Stage” in Committee on Homeland Security Legislation

WASHINGTON, D.C. -- Last week, the House Committee on Homeland Security, led by Chairman Mark E. Green, MD (R-TN), advanced seven pieces of cybersecurity legislation, on a bipartisan basis, to defend America's critical infrastructure and bolster our nation's cyber talent pipeline. This legislative effort came just days before the start of Cybersecurity Awareness Month, an important opportunity to highlight the need to take proactive measures to combat cyber threats to our networks and critical infrastructure. In addition, the Committee held a hearing last week to examine the defective software update pushed out by CrowdStrike that caused a major information technology (IT) outage on July 19, 2024. While not a cyberattack, America's cyber adversaries could view the cross-sector impact as inspiration for future attacks.

Cybersecurity legislation advanced by the Committee last month:

• H.R. 9770, the "Cyber PIVOTT Act," introduced by Chairman Green
  • To amend the Homeland Security Act of 2002 to provide for education and training programs and resources of the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security.
• H.R. 9769, the "Strengthening Cyber Resilience Against State-Sponsored Threats Act," introduced by Rep. Laurel Lee (R-FL)
  • To ensure the security and integrity of United States critical infrastructure by establishing an interagency task force and requiring a comprehensive report on the targeting of United States critical infrastructure by People's Republic of China state-sponsored cyber actors.
• H.R. 3169, the "Identifying Adversarial Threats at our Ports Act," offered by Subcommittee on Transportation and Maritime Security Chairman Carlos Gimenez (R-FL)
  • To require the inspection of certain foreign cranes before use at a United States port.
• H.R. 9469, the "Pipeline Security Act," introduced by Rep. Robert Garcia (D-CA)
  • To amend the Homeland Security Act of 2002 to codify the Transportation Security Administration's responsibility relating to securing pipeline transportation and pipeline facilities against cybersecurity threats, acts of terrorism, and other nefarious acts that jeopardize the physical security or cybersecurity of pipelines.
• H.R. 9689, the "DHS Cybersecurity Internship Program Act," introduced by Rep. Yvette Clarke (D-NY)
  • To amend the Homeland Security Act of 2002 to establish a DHS Cybersecurity Internship Program.
• H.R. 9768, the "Joint Cyber Defense Collaborative Act," introduced by Rep. Eric Swalwell (D-CA)
  • To amend the Homeland Security Act of 2002 to establish within CISA a Joint Cyber Defense Collaborative.
• H.R. 9762, the "DHS International Cyber Partner Act of 2024," introduced by Rep. Robert Menendez (D-NJ)

Catch highlights of media coverage concerning the Committee's legislative efforts below.

Fox Business: We cannot stop China's cyber-attacks, only deter them: Rep. Carlos Gimenez

"We need to deter [China] as much as possible and detect [cyberattacks] as much as possible. And we also have to have some offensive capabilities so that when they do attack us, we have a way to get back at them. We passed legislation that [will create] an interagency taskforce of U.S. agencies headed by CISA, in order to combat and develop strategies to make us more resilient and resistant to these types of cyberattacks."

CyberScoop: Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill

"House Homeland Security Chairman Mark Green, R-Tenn., is introducing and seeking to advance a bill this week to address his top legislative priority: strengthening the cybersecurity workforce. The bill - full details of which CyberScoop is first reporting - would create an Reserve Officer Training Corps (ROTC)-like program housed within the Cybersecurity and Infrastructure Security Agency, where students at community colleges and technical schools would get scholarships in exchange for two years of service in federal, state, local, tribal or territorial government cyber gigs, according to a committee aide. It would seek to get 250 students involved in its first year but eventually expand up to 10,000. It's aimed at students who, for whatever reason, don't fit well into four-year college programs or people who are looking to change careers. It looks to address one of the most persistent problems in the cyber world: the stubborn gap between available openings in the United States and the number of people willing to fill them, a gap that currently sits at an estimated nearly 500,000 jobs."

Federal News Network: House cyber workforce bill pushes two-year degrees for gov service

"The program is modeled after Reserve Officer Training Corps (ROTC) programs for the military. Green had been teasing the bill as one of his top priorities this year. 'ROTC programs offer a valuable pathway for students who don't have the opportunity to attend a military academy to begin a lifetime of dedicated military service,' Green said in a statement. 'Likewise, the 'Cyber PIVOTT Act' opens doors for professionals seeking to 'pivot' to the specialty of cybersecurity without a traditional four-year degree - rewarding and supporting those who use their valuable skills to protect government networks and ensuring they're ready to work on day one.' The bill is intended to help bridge the national cyber workforce gap. CyberSeek estimates there are nearly 470,000 cyber job openings nationwide. Green's legislation would require CISA to enroll at least 250 students within the program's first year. The legislation would also require a plan from CISA to scale the program to 10,000 students within a decade. […] The homeland security committee today also approved the 'DHS Cybersecurity Internship Program Act,' introduced by Rep. Yvette Clarke (D-N.Y.). The bill would codify DHS's summer-long, paid cybersecurity internship program."

NextGov: House bill pitches interagency task force to counter Chinese hacking threats

"Legislation being introduced Tuesday would create an interagency task force focused on countering Chinese cyber threats, according to bill text first shared with Nextgov/FCW. The Strengthening Cyber Resilience Against State-Sponsored Threats Act led by Rep. Laurel Lee, R-Fl. orders the creation of a joint-agency task force between the FBI and the Cybersecurity and Infrastructure Security Agency within 120 days of becoming law. The task force would coordinate efforts among federal agencies responsible for critical infrastructure protection to address cybersecurity threats from Beijing-backed hacking collectives like Volt Typhoon, a mainstay cyber threat that officials assess is burrowing into U.S. infrastructure in preparation to shutter or sabotage the systems if tensions rise over a possible Chinese invasion of Taiwan. The CISA director would chair the task force while the FBI director would serve as its deputy. The body would be required to submit an initial report on its findings and recommendations within 540 days of establishment and provide annual follow-up reports for the next five years. […] 'It is critical that the federal government implements a focused, coordinated, and whole-of-government response to all of Beijing's cyber threats, so no other actors succeed,' Lee said in a statement."

Politico Pro: Cyber bills swim through Homeland Security

"In a marathon markup session Wednesday, the House Homeland Security Committee advanced a slate of bipartisan bills aimed at armoring the nation's cyber workforce and strengthening critical infrastructure defenses. Here are a few that stick out to us. Workforce takes center stage: Chair Mark Green (R-Tenn.) got unanimous support for his 'PIVOTT Act,' establishing a new ROTC-like scholarship program for two-year cyber degrees. If passed, the program looks to be run by CISA and targets under-represented students and emphasizes skills-based training. The legislation aims to address the staggering cyber workforce shortage of over 500,000 professionals, a gap Green warns is 'getting bigger every day.' 'We want to reduce the gap between education and real-world experience so that students have the skills needed to get to work on day one,' Green said. […] Cranes in the crosshair: The committee also advanced Rep. Carlos Giménez's (R-Fla.) bill targeting Chinese-made cranes at U.S. ports - which also happen to make up the lionshare of cranes globally. Gimenez's bill follows a year-long investigation into potential security vulnerabilities, and requires the inspection of certain foreign-made cranes."

Cyber Wire: PIVOTT Act drafts the next wave of digital defenders.

"The program will offer scholarships to students at community colleges and technical schools in exchange for two years of public service in federal, state, or local government cyber roles. The bill targets individuals who may not fit traditional four-year college paths or those seeking career changes, aiming to involve 250 students in its first year and eventually expanding to 10,000. Participants would engage in skills-based tasks like hackathons and benefit from early initiation of the security clearance process. This initiative seeks to close the cybersecurity job gap, currently estimated at nearly 500,000 unfilled positions. Green stresses the need for fresh approaches to attract and train talent, particularly amid rising cyber threats from countries like China, Iran, and Russia. The bill is seen as complementary to existing programs like Cyber Corps and other legislative efforts aimed at bolstering the federal cybersecurity workforce. If passed, it will leverage CISA's industry partnerships to expand cybersecurity training outside of traditional degree programs. While there's no funding attached yet, Green's team emphasizes the importance of investing in cybersecurity talent as a critical line of defense. Co-sponsors of the bill include Reps. Carlos Gimenez and Mike Ezell, with a committee markup scheduled for Wednesday."

Industrial Cyber: Homeland Security committee introduces Cyber PIVOTT Act to address cyber workforce shortage

"Mark E. Green, House Committee on Homeland Security Chairman and a Tennessee Republican said that he is proud to introduce legislation to ensure all levels of government have the best and brightest cyber professionals on the frontlines of America's cyber border. 'As threats to our critical infrastructure and civilian networks from Beijing, Tehran, and Moscow grow and AI lowers the barrier to entry for attacks, our worsening cyber workforce gap has created a dangerous homeland security threat.' 'ROTC programs offer a valuable pathway for students who don't have the opportunity to attend a military academy to begin a lifetime of dedicated military service," Green said in a media statement. […] The U.S. has seen a 17 percent increase in its cyber workforce gap but only an 11 percent increase in its cyber workforce. Among workers surveyed, 57 percent say staffing shortages caused by this discrepancy puts them at a 'moderate or extreme risk of cybersecurity attacks' which 'decrease their ability to perform critical, careful risk assessment and remain agile amid a challenging threat landscape.' In a national survey, 75 percent of cyber workers said the 'current threat landscape is the most challenging it has been in the past five years.'"

Industrial Cyber: Republican Homeland Security Committee bill set to combat CCP cyber threats, boost cyber resilience

"The 'Strengthening Cyber Resilience Against State-Sponsored Threats Act,' bill requires that the task force provide a classified report and briefing to Congress annually for five years on their findings, conclusions, and recommendations relating to malicious CCP cyber activity. The bill has been introduced by House Representative Laurel Lee, a Florida Republican, and cosponsored by Mark E. Green, a Republican from Tennessee and chairman of the House Committee on Homeland Security, and John Moolenaar, a Republican from Michigan and Select Committee on the Chinese Communist Party chairman. It calls upon the director of CISA (or the director of CISA's designee) to serve as the chairperson of the task force, while the director of the FBI (or such director's designee) shall serve as the vice chairperson of the task force. […] The legislation detailed that to materially assist in the activities of the task force, representatives should be subject matter experts who have familiarity and technical expertise regarding cybersecurity, digital forensics, or threat intelligence analysis, or in-depth knowledge of the tactics, techniques, and procedures (TTPs) commonly used by state-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China."

InfoSecurity: US House Bill Addresses Growing Threat of Chinese Cyber Actors

"Under the bill, the task force will be required to submit a classified report and briefing to Congress annually over the next five years. The report will include findings, conclusions and recommendations concerning CCP-affiliated cyber threats. Representative Lee emphasized the importance of a unified response: 'A siloed approach to cybersecurity will only give our adversaries the upper hand.' She also highlighted the dangers posed by Volt Typhoon, a group that has reportedly infiltrated key sectors such as energy, water and transportation. Committee Chairman Mark E. Green (R-TN) and Select Committee on the CCP Chairman John Moolenaar (R-MI) cosponsored the bill, underscoring the urgency of addressing Chinese cyber intrusions. Green noted that groups like Volt Typhoon had gone undetected within US networks for too long, posing both espionage risks and the potential for disruptive attacks."

Homeland Preparedness News: Legislation would combat Chinese cyber threats

"Legislation recently introduced in the U.S. House of Representatives would combat growing cyber threats from the Chinese Communist Party (CCP) against critical infrastructure. The Strengthening Cyber Resilience Against State-Sponsored Threats Act would create an interagency task force tasked with addressing the cybersecurity threats posed by People's Republic of China-sponsored cyber actors including Volt Typhoon. The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation would lead the task force. 'The CCP, acting through Volt Typhoon and other threat actors, has made a concerted effort to pre-position itself within our networks in order to target and compromise the critical infrastructure Americans rely on every day--from the transportation and water sectors to the energy sector,' U.S. Rep. Laurel Lee (R-FL), who introduced the bill, said. "While individual agencies have worked to examine and address the threats posed by malign cyber actors like Volt Typhoon, a siloed approach to cybersecurity will only give our adversaries the upper hand.'"

###

Public link

Please use the above public link if you want to share this noodl on another website.