Policy Visualization

Bill Overview

Title: Industrial Control Systems Cybersecurity Training Act

Description: This bill establishes within the Cybersecurity and Infrastructure Security Agency an initiative to provide the cybersecurity workforce with no-cost training related to securing industrial control systems. These are information systems used to control industrial processes, such as manufacturing, product handling, production, and distribution.

Sponsors: Rep. Swalwell, Eric [D-CA-15]

Target Audience

Population: People working in industrial control systems that require cybersecurity training

Estimated Size: 3000000

Industrial control systems (ICS) are prevalent across various sectors including manufacturing, product handling, production, and distribution.
This bill targets workers involved in the cybersecurity of ICS, a field that is critical for protecting essential infrastructure.
Industry reports and studies indicate there is a growing need for cybersecurity professionals with skills related to ICS due to increasing cyber threats.
Globally, industries utilizing ICS employ millions, suggesting a large population could benefit indirectly from improved cybersecurity measures.

Reasoning

Given the budget constraints and the large target population (3 million in the U.S.), not all individuals will be directly impacted by the training in the initial years. It's likely only a small fraction, particularly those already in cybersecurity or closely related roles, will receive direct benefits from the training in Year 1.
Over the subsequent years, as more workers are trained, the impact on wellbeing will expand, indirectly benefitting more individuals through improved job security and professional development opportunities in cybersecurity.
The simulated interviews reflect diverse perspectives, including those directly in cybersecurity roles, those adjacent to it, and those in broader industrial roles.
Considering the growing demand for cybersecurity professionals, the policy could lead to increased job security, career progression, and satisfaction for those trained.
Others not directly participating may experience benefits indirectly, such as increased overall cybersecurity in their workplaces, leading to a sense of increased security and stability.

Simulated Interviews

Cybersecurity Analyst (Austin, TX)

Age: 29 | Gender: male

Wellbeing Before Policy: 6

Duration of Impact: 20.0 years

Commonness: 3/20

Statement of Opinion:

This training initiative is critical. Currently, our team is stretched thin dealing with sophisticated threats.
Access to this specific ICS-focused training would enhance my skills and career prospects.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	6
Year 2	7	6
Year 3	8	6
Year 5	8	6
Year 10	9	7
Year 20	9	7

Maintenance Supervisor (Detroit, MI)

Age: 35 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 10.0 years

Commonness: 4/20

Statement of Opinion:

While I won't directly take this training, it's reassuring to know our cybersecurity is being strengthened.
Having team members take this course could mean fewer disruptions and a smoother operation overall.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	8	7
Year 5	8	7
Year 10	9	8
Year 20	9	8

Factory Worker (Pittsburgh, PA)

Age: 42 | Gender: male

Wellbeing Before Policy: 5

Duration of Impact: 5.0 years

Commonness: 10/20

Statement of Opinion:

Honestly, I won't feel the impact directly unless there's a breach or major disruption.
I'm glad others are getting trained, but it feels far from my day-to-day activities.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	5	5
Year 2	5	5
Year 3	5	5
Year 5	6	5
Year 10	6	5
Year 20	6	5

Software Developer (Silicon Valley, CA)

Age: 25 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 20.0 years

Commonness: 2/20

Statement of Opinion:

This is a golden opportunity for someone like me just starting out in the field.
Getting this training can significantly accelerate my understanding and effectiveness in my current role.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	7
Year 2	8	7
Year 3	9	7
Year 5	9	7
Year 10	10	8
Year 20	10	8

Operations Manager (Columbus, OH)

Age: 50 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 5/20

Statement of Opinion:

While this isn't my direct responsibility, better cybersecurity can only be good for business stability.
Hopefully, this means fewer headaches from lost data or operations downtimes.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	6
Year 3	7	6
Year 5	7	6
Year 10	8	7
Year 20	8	7

Network Engineer (Dallas, TX)

Age: 39 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 20.0 years

Commonness: 3/20

Statement of Opinion:

Continuous learning is necessary in my field, and this training is what I need to specialize further.
Not opting in would limit my knowledge and potentially, my career advancement.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	7
Year 2	8	7
Year 3	9	7
Year 5	9	7
Year 10	9	8
Year 20	10	8

Industrial Engineer (Atlanta, GA)

Age: 31 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 10.0 years

Commonness: 6/20

Statement of Opinion:

Even though it's not directly related to my day-to-day job, having adequate cybersecurity is indirect support for my job.
I hope some of the team will utilize this training.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	6
Year 3	7	6
Year 5	7	6
Year 10	8	7
Year 20	8	7

Warehouse Manager (Chicago, IL)

Age: 46 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 5.0 years

Commonness: 8/20

Statement of Opinion:

Our facility has advanced systems but lacks in cybersecurity expertise.
It may not affect me directly, but having trained people will let me sleep better at night.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	7
Year 2	7	7
Year 3	7	7
Year 5	7	7
Year 10	8	7
Year 20	8	7

Manufacturing Technician (Orlando, FL)

Age: 45 | Gender: female

Wellbeing Before Policy: 5

Duration of Impact: 0.0 years

Commonness: 12/20

Statement of Opinion:

I don't expect any changes to my daily tasks due to this program.
It's good for the company to have skilled people but isn't relevant to my immediate job role.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	5	5
Year 2	5	5
Year 3	5	5
Year 5	5	5
Year 10	6	5
Year 20	6	5

Cybersecurity Consultant (Seattle, WA)

Age: 28 | Gender: other

Wellbeing Before Policy: 8

Duration of Impact: 20.0 years

Commonness: 2/20

Statement of Opinion:

Having advanced ICS-specific training available for free is a significant boon for my career.
This policy's implementation would directly enrich my consultancy services and build my credibility.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	9	8
Year 2	9	8
Year 3	9	8
Year 5	10	8
Year 10	10	9
Year 20	10	9

Cost Estimates

Year 1: $50000000 (Low: $40000000, High: $60000000)

Year 2: $48000000 (Low: $38000000, High: $58000000)

Year 3: $45000000 (Low: $35000000, High: $55000000)

Year 5: $42000000 (Low: $32000000, High: $52000000)

Year 10: $35000000 (Low: $25000000, High: $45000000)

Year 100: $10000000 (Low: $5000000, High: $15000000)

Key Considerations

Financial allocations should consider both initial setup and long-term operation and maintenance costs.
The need for continued technical updates to the training program to cover evolving cybersecurity threats.
The potential challenge of recruiting qualified trainers and instructors for the program.
The necessity to scale the program according to the size and growth of the ICS workforce in the U.S.