Security Staff Acquisition & Development, Application security, Training

House set to debate bills on cyber education, President’s Cup and TikTok

(Photo by Michael M. Santiago/Getty Images)

The House Homeland Security Committee will look to pass four cyber-related bills in a markup scheduled for Wednesday that deal with bolstering the nation’s cybersecurity workforce, authorizing the procurement of airport security screening technology, codifying a federal cybersecurity contest and restricting the use of a popular social media app on DHS phones and devices.

The Cybersecurity Grants for Schools Act, sponsored by Rep. Andrew Garbarino, R-N.Y., is a one-page bill that would amend the 2002 Homeland Security Act to allow the director of the Cybersecurity and Infrastructure Security Agency (CISA) to award grants or cooperative agreements to states, local governments, higher education institutions, nonprofits or other entities for cybersecurity and infrastructure security education and training programs.

“By incorporating cybersecurity into education, alongside core subjects like math and science, we’ll be able to bring up the next generation with a greater foundation to not only protect themselves individually from cybercrimes, but also inspire greater participation in the cybersecurity workforce going forward,” said Kristen Cianci, Garbarino’s communications director, in an email to SC Media.

The committee and Garbarino, who serves as ranking member on the Cybersecurity, Infrastructure and Protection and Innovation subcommittee, have been focused on building a smoother pathway for young cybersecurity talent and addressing a shortage of cybersecurity workers that is impacting government and industry alike. In a hearing last year, Garbarino attributed the federal government’s cyber talent gap in part to a “lack of exposure, uneven education and issues with federal agency onboarding.”

“Right now…getting a job at CISA, a new hire can wait for a year, and a college student coming out of college can’t wait a year if they’ve got debt,” Garbarino said.

One of the witnesses at that hearing, Partnership for Public Service President and CEO Max Stier, specifically highlighted the potential for government-sponsored cybersecurity programs directed at higher education to create more direct pathways that allow officials to identify and hire young talent.

“The federal government needs to approach talent management as the best private-sector organizations do. Our student internship program is our primary mechanism for identifying talent for entry [level] jobs and that’s not happening in the federal government right now,” Stier said.

Another bill set for debate Wednesday, the President’s Cup Cybersecurity Competition Act, sponsored by Rep. Elaine Luria, D-Va., would codify a three-year-old annual nationwide competition created by CISA that pits individuals and teams of cybersecurity professionals across the federal government against each other. The challenges are designed to test the cybersecurity skillsets of positions identified by the National Initiative for Cybersecurity Education Cybersecurity Workforce Framework, like incident responders, forensic analysts, threat analysts and software developers.

The bill gives CISA the authority to request funding from other federal agencies, states and the private sector to fund the design, administration and cash prizes for the competition, with funding for the latter capped out at $10,000, while the secretary of Homeland Security would be permitted to make a select number of awards up to $25,000. The legislation would also allow such funds to be used to cover ancillary costs associated with the event, like meals, advertising and marketing and creating merchandizing and apparel.

The Securing the Checkpoint Property Screening System Act introduced by ranking committee member John Katko, R-N.Y., would authorize $1.6 billion over the next five years for the Transportation and Security Administration to procure computed tomography scanners for airport checkpoints. Such scanners have been called a “game changer” by former TSA leaders in the fight to detect explosives and liquids in carry-on baggage and in the past officials at the agency have said publicly that demand for the systems at airports can often outstrip TSA’s supply.

It also requires the TSA administrator to brief Congress on how each procurement made with these funds aligns with existing agency requirements on cybersecurity, safety, detection and interoperability, with special briefings required to justify any award that does not meet those rules.

Finally, the No TikTok on Department of Homeland Security Devices Act introduced by Rep. Michael Guest, R-Miss., would ban the use of the popular social media app on federal devices within two months of passage, as well as any successor app the company may develop. The bill does include carve outs for law enforcement activities, national security interests and security research, and it would charge the CISA director with developing formal standards and guidelines for removing the app from all federal computers and phones.

U.S. national security officials have focused on removing TikTok — which is owned by the Beijing, China-based company ByteDance — from federal agencies through a mix of regulation and strong encouragement, calling it a potential data security threat for the federal government. The Department of Defense has banned employees and service members from using the app. DHS has already said it does not allow employees to download or install it on federal devices, but the bill would codify that policy into U.S. law.

While third-party evaluations have found that TikTok’s data policies are comparable to that of U.S.-based apps like Facebook and Instagram, U.S. national security officials claim that laws in China may compel the company to share its user data with the Chinese government. A study earlier this year found that YouTube and TikTok tend to track users’ personal data more than other social apps, but TikTok executives have said that American user data is stored on servers located within the U.S. and would not be subject to data requests under Chinese law.  

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.