A strong and competent cyber workforce is the best way to protect Tennessee

Every day, Americans rely on safe drinking water, food on their tables, and access to emergency services to keep their families and communities healthy and safe.

But these goods and services are not a given. These features of our society are considered critical infrastructure, which means that our access to them depends on secure cyber information and operational technology.

However, the most important resource for securing our critical infrastructure, and by extension, defending our way of life, has become dangerously scarce: our people.

As America faces growing threats from sophisticated and dedicated cybercriminals, the country needs more people to detect and respond quickly to intrusions. Improved hardware and software will certainly help our ability to respond, but these tools are only as good as the people who know how to build and use them.

Cyber ​​attacks have affected businesses, infrastructure and campaigns

Despite the importance of our people, the United States currently has over 500,000 cybersecurity job vacancies. Even more worrying is that 85% of organizations don’t think cyber skills and education will improve anytime soon.

In a national survey, less than half of cyber professionals they felt their organization had the resources to respond to cyber attacks in the near future. This is extremely concerning as data breaches caused by cyber intrusions have increased more than 70% from 2021 to 2023.

The list of threats to our networks and infrastructure is long and staggering.

The Chinese threat actor “Volt Typhoon” compromised US critical infrastructure for at least five years before the discovery. Similarly, another Chinese actor, “Storm-0558,” compromised the Microsoft Exchange accounts of US officials in 2023, putting government networks at risk.

Iranian-backed actors have launched intense attacks on our water sector and the Trump campaign, undermining key services and US sovereignty.

Ransomware attacks are rampant. For example, a hack on Ascension Health Hospital System this year has affected patient privacy and even care across the country, including in Nashville, Tennessee. And don’t forget, a ransomware attack on a meatpacking plant in 2021 shut down operations at every JBS-owned plant in America.

Opinion: His “Don’t Tread on Me” hat told me one thing. His true story told me otherwise.

Even the recent global IT outage caused by a botched CrowdStrike update highlighted vulnerabilities in the critical infrastructure we rely on every day.

The Cyber ​​PIVOTT Act would strengthen the cybersecurity workforce

To mitigate these growing risks and increase threat visibility across industries and agencies alike, we need strong public-private collaboration to strengthen and develop a new cyber workforce. This is not an easy challenge, but it is one I am committed to tackling.

Time and again, public and private sector partners have highlighted the need for fresh thinking about how we attract, train and retain people. In fact, witnesses from various industries testified about House Homeland Security Committee that they need more creative ways to educate students and retrain workers in the field, and the requirements for cyber positions may not match the required skill sets.

One important solution is increasing the availability of competency-based cyber training outside of a traditional four-year degree.

Embracing the necessary shift toward competency-based cyber education, I introduced legislation earlier this fall to ensure all levels of government have the best and brightest cyber professionals on the front lines of America’s cyber frontier.

The The Cyber ​​PIVOTT Act would increase the accessibility of cyber training and education by establishing a comprehensive new scholarship program for two-year degrees at community colleges and technical schools, which are awarded in exchange for required government service.

The Army has used Reserve Officer Training Corps (ROTC) programs for decades to provide a valuable pathway for individuals who do not have the opportunity to attend a military academy to begin a life of dedicated military service.

The Cyber ​​PIVOTT Act would also open doors for professionals who want to “pivot” into cybersecurity without a traditional bachelor’s degree—rewarding and supporting those who use their valuable skills to protect government networks.

Cybercriminals prey on unprepared Americans

We know there is a growing desire for these opportunities. According to a 2023 labor force study, only 31% of new cyber workers they said they entered the field with a four-year degree in cybersecurity.

While no bill or program will solve this problem alone, my legislation would create a pipeline for at least 10,000 new professionals to enter the field. To ensure that they continue to succeed; legislation also provides opportunities for retraining and upskilling as government service progresses.

During their government service, these professionals will be a key resource to the private sector as advisors.

Following government service – whenever they make that transition – they will add invaluable experience and expertise to the private sector. These will be vital to securing all our critical infrastructure sectors, from telecommunications and financial services to the energy and agricultural sectors.

Every minute our cyber workforce is not ready to meet the moment gives the advantage to malicious cybercriminals.

With the Cyber ​​​​PIVOTT Act, we can focus on the most valuable asset to protect our networks and our critical infrastructure: the right people in the right jobs, with the right skills, where our country needs them most.

Rep. Mark Green, R-Clarksville, represents Tennessee’s 7^th Congressional district in Congress and serves as chairman of the House Homeland Security Committee and the House Foreign Affairs Committee.

This article originally appeared on the Nashville Tennessean: Opinion: Congress should pass legislation on workforce cybersecurity