Cyber PIVOTT Act of 2025
- Bill Number
- S. 438
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Government Operations and Politics
- Status
- Introduced
- Latest Action
- 2025-02-05: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- Last Updated
- 2025-04-11T18:47:33Z
AI-Generated Summary
Purpose of the Legislation
The Cyber PIVOTT Act of 2025 aims to strengthen the U.S. cybersecurity workforce by expanding access to education and training programs through the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). It focuses on building practical skills in cybersecurity and related areas to improve national cyber defenses, particularly by partnering with community colleges and technical schools to offer affordable, hands-on training for entry-level and career-changing individuals.
Key Provisions
- Establishment of the PIVOTT Program: CISA must create the "Providing Individuals Various Opportunities for Technical Training to Build a Skills-Based Cyber Workforce Program" (PIVOTT Program) within one year of enactment. This involves partnerships with community colleges, technical schools, and other two-year higher education institutions to deliver cyber-related associate degrees, certifications, or training aligned with the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework—a federal guide outlining key cybersecurity skills and roles.
- Student Eligibility and Scholarships: Eligible participants include students starting or in early stages of two-year cyber programs, career changers with a high school diploma, and those pursuing short technical certifications. Scholarships cover full tuition, fees, travel, lodging, stipends, internships, and certification exams. Students must complete the program within four years (with possible extensions for hardship).
- Service Obligation: Participants commit to two years of service in cybersecurity roles for federal, state, local, Tribal, or territorial governments after completion, unless exempted (e.g., prior or current military service, or pursuing a four-year degree first). Failure to fulfill this may require repaying scholarships as a loan with interest.
- Program Components:
- Skills-Based Exercises: Students must complete at least four hands-on activities per program (e.g., lab work, hackathons, virtual simulations, or workshops), with at least one in-person. CISA coordinates these with other federal agencies and non-profits.
- Internships: Mandatory placements in government entities, rural critical infrastructure, or high-risk sectors, with priority for federal roles requiring security clearances. CISA starts clearance processes early.
- Outreach and Recruitment: CISA conducts regional outreach, engages industry for skill updates, hosts annual federal job fairs at partner schools, and maintains an online database of training resources and job opportunities.
- Post-Completion Benefits: Access to funded certifications (up to three per student within 10 years), an online resource database, and potential scholarships for advanced degrees after seven years of federal service.
- Institutional Requirements: Partner schools must align programs with NICE Framework career paths and preferably participate in the National Centers of Academic Excellence in Cybersecurity or have on-campus cybersecurity support.
- Implementation Timeline and Growth: Aim to enroll 250 students in the first year, doubling annually to 1,000, with a long-term plan for 10,000 students per year within 10 years. Annual reports to Congress on progress, plus a 90-day review of existing CISA training programs for costs, reach, and gaps.
- Repayment and Compliance: Scholarships become repayable loans if students drop out, fail academically, or skip service obligations. Institutions monitor compliance and may retain a small percentage of repayments for admin costs. Waivers available for extreme hardship or military enlistment.
- Additional Measures: A report on enhancing DHS support for the existing CyberCorps Scholarship for Service program, exempting a related advisory committee from formal federal advisory rules.
Significant Changes to Existing Law
This bill amends the Homeland Security Act of 2002 by adding a new Section 1334 under Subtitle D of Title XIII, creating the PIVOTT Program as a dedicated CISA initiative focused on two-year institutions and skills-based training. It introduces mandatory scholarships, service obligations, and growth quotas not previously specified for CISA's education efforts. It also requires a formal review of CISA's current training programs and a report promoting the CyberCorps program, expanding DHS's role in workforce development beyond existing voluntary partnerships.
Potential Impacts
- On Government Agencies: Enhances recruitment for cybersecurity roles across federal (e.g., DHS, DoD, FBI), state, local, Tribal, and territorial governments by providing a pipeline of trained, pre-cleared talent. Could reduce hiring gaps in critical areas like infrastructure protection and AI/quantum security, but requires new funding and administrative resources for CISA.
- On Citizens: Offers accessible, debt-free training for underrepresented groups (e.g., career changers, rural residents), potentially increasing job opportunities in high-demand cyber fields. However, the service obligation ties education to public sector work, limiting immediate private-sector options.
- On International Relations: Minimal direct impact, though it indirectly bolsters U.S. cyber resiliency against global threats by improving domestic workforce capabilities in areas like critical infrastructure and operational technology.
Main Stakeholders Affected
- CISA and DHS: Lead implementation, partnerships, and funding; must scale programs rapidly.
- Educational Institutions: Community colleges, technical schools, and two-year programs gain funding and student recruitment but must meet alignment standards.
- Students and Potential Workers: Primary beneficiaries through scholarships and job pathways; includes veterans, entry-level hires, and diverse applicants.
- Government Entities: Federal, state, local, Tribal, and territorial agencies benefit from obligated service and internships; critical infrastructure operators (especially rural/high-risk) access talent.
- Industry and Non-Profits: Involved in outreach, exercises, and certifications; provide input on skills via annual reports.
- Congress: Receives briefings, reports, and oversight on enrollment and gaps.
Notable Legal, Constitutional, or Political Implications
- Legal: Establishes enforceable service obligations and repayment mechanisms similar to existing federal scholarship programs (e.g., treated as unsubsidized loans under the Higher Education Act), with case-by-case waivers to ensure fairness. Exempts an advisory committee from the Federal Advisory Committee Act, streamlining industry input without broad public meetings.
- Constitutional: No apparent conflicts; aligns with Congress's authority to fund education and national security under the Commerce and Necessary and Proper Clauses. Promotes equal access to training without discriminating by background.
- Political: Bipartisan introduction (by Sens. Rounds and Peters) signals broad support for cybersecurity workforce building amid rising threats. Emphasizes skills-based hiring over degrees, potentially influencing federal personnel policies. Requires appropriations, so funding debates could arise; long-term growth to 10,000 students highlights commitment to scaling but risks implementation delays if budgets lag.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (1)
Recent Actions
- 2025-02-05: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- 2025-02-05: Introduced in Senate
Bill Versions
- Providing Individuals Various Opportunities for Technical Training to Build a Skills-Based Cyber Workforce Act of 2025 — issued 2025-02-05 — PDF (26 pages)