Privacy & Information Security Law Blog

On June 21, 2022, President Biden signed into law, the State and Local Government Cybersecurity Act of 2021 (S. 2520) (the “Cybersecurity Act”) and the Federal Rotational Cyber Workforce Program Act (S. 1097) (the “Cyber Workforce Program Act”), two bipartisan bills aimed at enhancing the cybersecurity postures of the federal, state and local governments.

The Cybersecurity Act amends certain provisions of the Homeland Security Act of 2002. In particular, the Cybersecurity Act provides for better collaboration on cybersecurity matters between the U.S. Department of Homeland Security (“DHS”) and state, local, tribal and territorial governments, as well as corporations, associations and the general public. The Cybersecurity Act also expands DHS’ responsibilities, including imposing a number of obligations upon the National Cybersecurity and Communications Integration Center (“NCCIC”). For example, under the Cybersecurity Act, the NCCIC, in coordination with federal and non-federal entities shall (1) conduct exercises with state, local, tribal and territorial governments; (2) provide operational and technical training to state, local, tribal and territorial governments; (3) share in real time certain information (e.g., cyber threat indicators, defensive measures and information about incidents) with state, local, tribal and territorial governments; and (4) provide notifications containing specific incident and malware information to state, local, tribal and territorial governments that may affect them or their residents.

The Cyber Workforce Program Act establishes a program to allow cybersecurity professionals to rotate through multiple federal agencies. Under the Cyber Workforce Program Act, the Office of Personal Management (“OPM”) must create a rotational work force development program across federal agencies, including the development of relevant procedures, prerequisites for participation, performance measures and requirements with respect to training, education and career development. OPM also must distribute lists of open positions in the program to government employees annually. The Government Accountability Office (“GAO”) must periodically submit to Congress a report assessing the operation and effectiveness of the rotational work force development program, which at a minimum, must address the extent to which agencies have participated in the program and the experiences of employees serving in positions under the program. The Cyber Workforce Program Act is intended to enable cybersecurity professionals working at federal agencies to more easily enhance their expertise and allow the federal government to more easily compete with the private sector in terms of attracting and recruiting top talent.