Policy Visualization

Bill Overview

Title: Federal Cybersecurity Oversight Act of 2022

Description: 2 This bill limits exemptions, and the duration of exemptions, from federal cybersecurity requirements and adds reporting requirements with respect to such exemptions. Specifically, exemptions may only be granted by the Office of Management and Budget and expire after one year.

Sponsors: Sen. Wyden, Ron [D-OR]

Target Audience

Population: Individuals in the United States

Estimated Size: 332645000

The bill targets federal cybersecurity requirements, which means it applies to federal agencies and their IT workforce.
The primary group directly impacted are the cybersecurity professionals and IT departments within federal agencies due to the change in exemption rules.
Indirectly, it affects all federal employees who rely on federal IT infrastructure, as IT policies directly impact their work environment.
The American public may also be impacted because the federal agencies serve them and an upgrade or change in cybersecurity policy may influence the type of service delivery.
The policy does not have a direct international impact as it is focused on the internal operations of US federal agencies.

Reasoning

The primary group directly impacted by this policy is the cybersecurity professionals and IT departments within federal agencies, as they will have to adapt to the changing exemption rules. This group is relatively small, with approximately 2 million federal employees potentially affected by these infrastructure adjustments.
The IT-related workload may increase for this group due to added compliance requirements, potentially impacting their work-life balance initially before adjustments are made over time.
Indirectly, all federal employees who rely on secure federal IT infrastructure are affected, as cybersecurity is crucial for their daily operations. These changes may affect their efficiency and job satisfaction.
The general public is impacted on a minimal level as these changes aim to strengthen national cybersecurity, which indirectly affects them by potentially improving the security of services they interact with.
The budget constraints will limit the extent of immediate changes and implementation speed, focusing initial efforts on critical areas before broadening scope.

Simulated Interviews

Cybersecurity Analyst (Washington D.C.)

Age: 35 | Gender: male

Wellbeing Before Policy: 7

Duration of Impact: 5.0 years

Commonness: 5/20

Statement of Opinion:

I understand the need for robust cybersecurity measures, but the tightened exemption rules might increase our workload without a corresponding increase in resources or staffing.
I'm worried about maintaining work-life balance if the workload spikes.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	7
Year 2	6	7
Year 3	7	7
Year 5	7	7
Year 10	8	7
Year 20	8	7

IT Manager (Denver, CO)

Age: 42 | Gender: female

Wellbeing Before Policy: 6

Duration of Impact: 3.0 years

Commonness: 4/20

Statement of Opinion:

Changes in exemption rules mean more stringent oversight, which means we might have to redo or upgrade certain infrastructure sooner than anticipated.
This could mean short-term stress with long-term benefits for our team.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	5	6
Year 2	6	6
Year 3	7	6
Year 5	7	7
Year 10	8	7
Year 20	8	7

Software Developer in a Tech Company (San Francisco, CA)

Age: 30 | Gender: female

Wellbeing Before Policy: 8

Duration of Impact: 2.0 years

Commonness: 3/20

Statement of Opinion:

This policy might open up more job opportunities in terms of federal contracts.
I'm optimistic because more stringent cybersecurity standards usually mean more need for our services.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	8
Year 2	8	8
Year 3	8	8
Year 5	9	8
Year 10	9	8
Year 20	9	8

Federal Government Employee - Administrative Staff (Phoenix, AZ)

Age: 50 | Gender: male

Wellbeing Before Policy: 6

Duration of Impact: 1.0 years

Commonness: 15/20

Statement of Opinion:

I was barely aware of the cybersecurity policies, but I realize their importance now.
As long as it doesn't impede my daily work activities, I support enhanced cybersecurity measures.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	6
Year 2	6	6
Year 3	6	6
Year 5	6	6
Year 10	6	6
Year 20	6	6

Network Engineer (Atlanta, GA)

Age: 29 | Gender: other

Wellbeing Before Policy: 7

Duration of Impact: 4.0 years

Commonness: 8/20

Statement of Opinion:

More consistent updates enforced by the policy could streamline my workload eventually, though there might be an initial churn.
Maintaining exemption control isn't my main job function, but it affects my workload.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	7
Year 2	7	7
Year 3	7	7
Year 5	8	7
Year 10	8	7
Year 20	8	7

HR Manager in a Federal Agency (Dallas, TX)

Age: 39 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 3.0 years

Commonness: 6/20

Statement of Opinion:

The policy introduces some uncertainty regarding staffing needs because IT will need more support.
We might need additional training budgets to accommodate the new requirements.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	7
Year 2	7	7
Year 3	7	7
Year 5	7	7
Year 10	8	7
Year 20	8	7

Federal IT Intern (New York, NY)

Age: 24 | Gender: male

Wellbeing Before Policy: 8

Duration of Impact: 2.0 years

Commonness: 2/20

Statement of Opinion:

These policies are quite informative about how secure systems need to be structured.
I view this as a learning opportunity, possibly opening up more career paths.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	8	8
Year 2	8	8
Year 3	8	8
Year 5	9	8
Year 10	9	8
Year 20	9	8

Retired Army Veteran (Chicago, IL)

Age: 60 | Gender: male

Wellbeing Before Policy: 9

Duration of Impact: 0.0 years

Commonness: 10/20

Statement of Opinion:

I think this policy is a step forward for national security, albeit it could cause strain without careful implementation.
I'm mostly observing these shifts as part of my consultancy work.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	9	9
Year 2	9	9
Year 3	9	9
Year 5	9	9
Year 10	9	9
Year 20	9	9

Federal Policy Analyst (Seattle, WA)

Age: 37 | Gender: female

Wellbeing Before Policy: 7

Duration of Impact: 4.0 years

Commonness: 6/20

Statement of Opinion:

More robust cybersecurity exemption rules make sense for transparency.
Ensuring compliance should improve over time as the rules settle.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	6	7
Year 2	7	7
Year 3	7	7
Year 5	8	7
Year 10	8	7
Year 20	9	7

Federal Compliance Officer (Boston, MA)

Age: 33 | Gender: other

Wellbeing Before Policy: 8

Duration of Impact: 5.0 years

Commonness: 7/20

Statement of Opinion:

This new policy adds complexity to our jobs in the short term, but it promises clearer guidelines that can benefit future compliance projects.
Overall, I support the shift towards stringent cybersecurity practices.

Wellbeing Over Time (With vs Without Policy)

Year	With Policy	Without Policy
Year 1	7	8
Year 2	8	8
Year 3	8	8
Year 5	8	8
Year 10	9	8
Year 20	9	8

Cost Estimates

Year 1: $50000000 (Low: $30000000, High: $70000000)

Year 2: $52000000 (Low: $31000000, High: $72000000)

Year 3: $54000000 (Low: $32000000, High: $74000000)

Year 5: $0 (Low: $0, High: $0)

Year 10: $0 (Low: $0, High: $0)

Year 100: $0 (Low: $0, High: $0)

Key Considerations

The effectiveness and scalability of new reporting and exemption processes need thorough evaluation.
Initial costs may outweigh immediate savings, although long-term benefits in cybersecurity could be substantial.
Attention to the balance between compliance costs and cybersecurity benefits is crucial for fiscal sustainability.