President Biden signed two pieces of cybersecurity legislation into law on Tuesday.
The Federal Rotational Cyber Workforce Program Act of 2021 establishes a rotational cyber workforce program under which certain federal employees may be detailed among rotational cyber workforce positions at other agencies.
This bill authorizes an agency to determine whether a workforce position involving information technology, cybersecurity, or other cyber-related functions in that agency is eligible for the program.
Additionally, the bill requires the Office of Personnel Management to issue a Federal Rotational Cyber Workforce Program operation plan providing policies, processes, and procedures for detailing employees among rotational cyber workforce positions at agencies.
The Government Accountability Office must assess the operation and effectiveness of the rotational cyber workforce program by addressing the extent to which agencies have participated in the program and the experiences of employees serving in the program.
The State and Local Government Cybersecurity Act of 2021 requires the Department of Homeland Security to increase collaboration with state, local, tribal, and territorial governments on cybersecurity issues.
The bill establishes a $500 million DHS grant program with a graduating cost-share that incentivizes states to increase funding for cybersecurity in their budgets.
It requires the Cybersecurity and Infrastructure Security Agency (CISA) to develop a strategy to improve the cybersecurity of state, local, tribal, and territorial governments to, among other things, identify federal resources that could be made available to state and local governments for cybersecurity purposes and set baseline objectives for state and local cybersecurity efforts. State, tribal, and territorial governments must develop comprehensive cybersecurity plans to guide the guide use of grant dollars.
The bill establishes a State and Local Cybersecurity Resiliency Committee composed of representatives from state, local, tribal, and territorial governments to advise and provide situational awareness to CISA regarding their cybersecurity needs.
It also requires CISA to assess the feasibility of implementing a short-term rotational program for the detail of approved state, local, tribal, and territorial government employees in cyber workforce positions at CISA.