POTUS Signs Trio of Bills into Law Concerning Cybersecurity

President Joe Biden signed three bipartisan bills concerning cybersecurity into law last week to (1) address the critical shortage of technical talent; (2) enhance government data security measures at the local, state, and federal levels; (3) advance electronic records modernization.

The passage of the Federal Rotational Cyber Workforce Program Act (S. 1097), the State and Local Government Cybersecurity Act (S. 2520), and the Veterans Affairs Electronic Health Record Transparency Act (H.R.4591) follows an upsurge in cyber incidents targeting government entities in recent years, and growing frustration among lawmakers over modernization efforts at the Department of Veterans Affairs (VA).

Addressing the Talent Shortage

There are over 714,000 open cybersecurity jobs with nearly 39,000 for the public sector, according to Cyber Seek—a cyber workforce tracker.

Senators Gary Peters (D-MI) and John Hoeven (R-ND) reintroduced the Federal Rotational Cyber Workforce Program Act (S. 1097) in April 2021 as an incentive program to attract and retain cybersecurity workers through professional development opportunities at a variety of federal agencies.

The bill requires the Office of Personnel Management (OPM) to annually distribute a list of open positions in the program to government employees. In addition, the law mandates that the Government Accountability Office (GAO) report on the program within three years.

While the Senate passed the original bill in 2019, it didn’t receive a vote in the House until this year. In December, the 2021 measure passed the Senate unanimously; in the House, it passed by voice vote last month.

Federal, State and Local Collaboration

State and local governments are increasingly susceptible to cyberattacks due to a lack of knowledge and resources needed to combat sophisticated and persistent attackers.

According to lawmakers, The State and Local Government Cybersecurity Act (S. 2520), improves collaboration between the Department of Homeland Security (DHS) and municipal authorities by addressing several key issues. As the federal government’s round-the-clock cyber awareness hub, the new legislation has contracted the National Cybersecurity and Communications Integration Center (NCCIC) to offer state and local agencies technical and operational cybersecurity training pertaining to threat indicators, defensive measures, and incident response and management.

VA Modernization Programming

In accordance with the VA Electronic Health Record (EHR) Transparency Act (H.R.4591), the VA must report quarterly to congressional committees the costs of its electronic health records modernization program, and it must begin reporting within 90 days. In addition, to comply with the new legislation, the department must include a breakdown of its program funding sources.

The legislation comes after the Office of Inspector General (OIG) published three reports identifying major concerns about care coordination, ticketing, and medication management associated with the EHR program.

“The VA, and consequently our nation, has invested a great deal of time and money into the VA Electronic Health Record Modernization program,” said Senator Jerry Moran (R-KS), the bill’s a co-sponsor in the Senate, “The potential benefits of this program are important, and it is vital to get it right. Now that this legislation has been signed into law, we can make certain the VA is providing the proper transparency throughout the EHRM implementation.”