Senate Panels Advance Bills to Improve Cybersecurity Skills

Two Senate committees on Wednesday advanced bipartisan bills designed to incentivize students and encourage small businesses to boost their cyber skills, part of an effort to combat the growing threat from cyberattacks.

The Small Business Committee unanimously approved S. 1428, a measure sponsored by Sen. Jim Risch (R-Idaho) that would direct the Small Business Administration to develop new cybersecurity counseling and training programs and require that a certain number of employees at small business development centers be certified in cyber training.

The other measure — S. 754, introduced by Sen. Tim Kaine (D-Va.) — advanced in the Senate Commerce Committee by way of a substitute amendment offered by co-sponsor Sen. Roger Wicker (R-Miss.). The panel approved the measure, which is designed to expand cyber-related scholarships for college students, by voice vote.

The legislation would increase the number of National Science Foundation scholarships for students seeking an associate’s degree in a cybersecurity field, and expand cybersecurity education programs for elementary and secondary school students.

“There’s a lot of good work being done out there, and we want to provide incentives to create a reason for young people today who are interested in this space to be able to get the skill sets that are necessary to work in it, whether that’s on the government side or in the private sector,” Sen. John Thune (R-S.D.), committee chairman, told reporters after the markup.

Both Senate measures have companion bills in the House, which has taken no action on the measures.

While passing comprehensive cybersecurity legislation on Capitol Hill can be challenging due to the speed at which technology advances, a successful legislative approach has been to provide opportunities and resources for students and the at-large workforce to gain the skills they need to better combat cyber threats, according to Michael Bahar, a former Democratic staff director and general counsel for the House Intelligence Committee.

“You don’t want to pass a law that would be immediately outdated by the time it goes through the process because technology changes so quickly,” Bahar, who’s now head of the U.S. cybersecurity and privacy team at Eversheds Sutherland LLP, said in a Tuesday interview. “So you want to find ways to incentivize, and one way to incentivize is to provide federal grant money.”

Bahar said during his time working for the House Intelligence Committee, from September 2012 through May 2017, one priority for the panel was to increase grants for schools that teach cybersecurity courses as a way to spur greater awareness of emerging threats like malware and ransomware.

“Of the leading computer science departments within universities, very few of them even actually offer one course on cybersecurity,” Bahar said. “And so we tried to use federal grants that would encourage not only teaching software development, but cybersecurity at the same time to help transform it from a craft to a discipline.”

Morning Consult