Bill Overview
Title: Civilian Cybersecurity Reserve Act
Description: This bill authorizes the Cybersecurity and Infrastructure Security Agency (CISA) to create a temporary Civilian Cybersecurity Reserve to address U.S. cybersecurity needs with respect to national security. Reserve members must (1) be former employees or contractors of the executive branch, former military personnel, or former state or local government employees; (2) have cybersecurity expertise; and (3) obtain any necessary security clearances. Membership in the reserves is contingent on a mutual agreement between the agency and the individual. CISA must submit an implementation plan for congressional review before taking any further action with respect to the reserve. In addition, CISA and the Government Accountability Office must evaluate and report on the reserve, including whether it should be made permanent.
Sponsors: Sen. Rosen, Jacky [D-NV]
Target Audience
Population: Individuals with cybersecurity expertise and former governmental or military roles
Estimated Size: 200000
- The bill specifically targets U.S. citizens who are former employees or contractors of the executive branch, former military personnel, or former state or local government employees.
- Only individuals with cybersecurity expertise are eligible to join the civilian cybersecurity reserve.
- The bill pertains to those who can obtain necessary security clearances.
- The impact is limited to a pool of individuals who have prior experience and expertise in cybersecurity within the United States government or military systems.
Reasoning
- The policy affects a specific, limited group of individuals with prior cybersecurity and government experience, creating a distinct target population.
- Former government or military personnel with cybersecurity expertise make up a small fraction of the larger U.S. workforce.
- Due to the eligibility criteria, a precise estimate of affected people and their self-reported wellbeing change could vary widely depending on individual career opportunities, personal situations, and government relations.
- The policy's monetary limits potentially restrict the number of individuals who can participate, focusing efforts primarily on critical cybersecurity issues facing national security.
- Many individuals outside the eligible pool will likely remain unaffected by the policy, either positively or negatively, due to its focused nature.
Simulated Interviews
Cybersecurity Specialist (Washington, D.C.)
Age: 34 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 7/20
Statement of Opinion:
- I see this policy as a solid pathway to utilize my experience in serving national security without a long-term commitment.
- It aligns with my career goals of remaining engaged in critical cybersecurity needs.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 7 | 6 |
| Year 3 | 8 | 6 |
| Year 5 | 8 | 6 |
| Year 10 | 9 | 5 |
| Year 20 | 7 | 5 |
IT Contractor (San Francisco, CA)
Age: 45 | Gender: female
Wellbeing Before Policy: 5
Duration of Impact: 3.0 years
Commonness: 10/20
Statement of Opinion:
- This policy could open new opportunities, although obtaining security clearance again could be cumbersome.
- The part-time nature fits my current freelance lifestyle.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 7 | 5 |
| Year 10 | 7 | 4 |
| Year 20 | 6 | 4 |
Information Security Analyst (Austin, TX)
Age: 50 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 1.0 years
Commonness: 14/20
Statement of Opinion:
- I left government work for better private sector opportunities; this reserve isn't appealing for the bureaucracy.
- It's an interesting proposal but probably won't change my career path.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 6 | 7 |
| Year 10 | 6 | 6 |
| Year 20 | 5 | 6 |
Network Security Engineer (Boston, MA)
Age: 38 | Gender: female
Wellbeing Before Policy: 8
Duration of Impact: 0.0 years
Commonness: 10/20
Statement of Opinion:
- While the policy is advantageous for those reintegrating into federal work, my career is stable and remunerative outside government.
- I prefer the stability and pay of the private sector.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 8 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 5 | 5 |
Security Researcher (New York, NY)
Age: 29 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 5.0 years
Commonness: 9/20
Statement of Opinion:
- The reserve could bring my talents back to federal focus without impacting my academic work long-term.
- It’s a chance to contribute to national security directly with minimal disruption.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 5 |
| Year 2 | 6 | 5 |
| Year 3 | 7 | 5 |
| Year 5 | 8 | 5 |
| Year 10 | 8 | 5 |
| Year 20 | 7 | 5 |
Cybersecurity Consultant (Chicago, IL)
Age: 40 | Gender: male
Wellbeing Before Policy: 6
Duration of Impact: 2.0 years
Commonness: 11/20
Statement of Opinion:
- The policy reflects a long-overdue government move to harness existing talent during temporary crises.
- Personally, the lack of longer-term security makes it less appealing despite patriotic motivations.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 6 | 6 |
| Year 2 | 6 | 6 |
| Year 3 | 6 | 6 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 5 |
| Year 20 | 5 | 5 |
Retired Cybersecurity Officer (Los Angeles, CA)
Age: 60 | Gender: female
Wellbeing Before Policy: 7
Duration of Impact: 3.0 years
Commonness: 8/20
Statement of Opinion:
- It's an opportunity to exert influence and offer expertise on strategic cybersecurity issues.
- I worry about staying updated in a fast-evolving sector.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 8 | 7 |
| Year 2 | 8 | 7 |
| Year 3 | 8 | 7 |
| Year 5 | 8 | 6 |
| Year 10 | 7 | 6 |
| Year 20 | 6 | 6 |
Cybersecurity Manager (Denver, CO)
Age: 52 | Gender: male
Wellbeing Before Policy: 7
Duration of Impact: 0.0 years
Commonness: 12/20
Statement of Opinion:
- I understand the importance but am more aligned with my current sector roles and stability they offer.
- It's important for others but holds little personal incentive to switch sectors at this stage.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 7 |
| Year 2 | 7 | 7 |
| Year 3 | 7 | 7 |
| Year 5 | 6 | 6 |
| Year 10 | 6 | 6 |
| Year 20 | 5 | 5 |
Security Systems Developer (Seattle, WA)
Age: 33 | Gender: female
Wellbeing Before Policy: 6
Duration of Impact: 5.0 years
Commonness: 9/20
Statement of Opinion:
- I’m interested in participating if it fits around my freelance commitments.
- National security roles could be fulfilling when flexibly structured.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 7 | 6 |
| Year 2 | 8 | 5 |
| Year 3 | 8 | 5 |
| Year 5 | 8 | 5 |
| Year 10 | 8 | 4 |
| Year 20 | 7 | 4 |
Cyber Risk Analyst (New Orleans, LA)
Age: 37 | Gender: other
Wellbeing Before Policy: 5
Duration of Impact: 0.0 years
Commonness: 14/20
Statement of Opinion:
- The reserve is crucial for bolstering security but isn’t applicable to me unless significant changes occur in my focus.
- This could become a practical measure for others.
Wellbeing Over Time (With vs Without Policy)
| Year | With Policy | Without Policy |
|---|---|---|
| Year 1 | 5 | 5 |
| Year 2 | 5 | 5 |
| Year 3 | 5 | 5 |
| Year 5 | 5 | 5 |
| Year 10 | 5 | 5 |
| Year 20 | 5 | 5 |
Cost Estimates
Year 1: $500000000 (Low: $450000000, High: $600000000)
Year 2: $525000000 (Low: $475000000, High: $625000000)
Year 3: $550000000 (Low: $500000000, High: $650000000)
Year 5: $600000000 (Low: $550000000, High: $700000000)
Year 10: $700000000 (Low: $650000000, High: $800000000)
Year 100: $2000000000 (Low: $1800000000, High: $2200000000)
Key Considerations
- The reserve will need to be effectively integrated with existing cybersecurity efforts to avoid redundancy and enhance collaborative efficacy.
- Recruitment and retention will depend on competitive compensation and the ability to offer work-life balance and meaningful engagement.
- Short-term implementations might focus on immediate cybersecurity threats while long-term plans should address evolving technological landscapes.