Security Experts:

Connect with us

Hi, what are you looking for?


Management & Strategy

New Bill Proposes Cybersecurity Training for U.S. House Members

A bill introduced last week requires all members, officers and employees of the U.S. House of Representatives to undergo annual cybersecurity training.

A bill introduced last week requires all members, officers and employees of the U.S. House of Representatives to undergo annual cybersecurity training.

The Congressional Cybersecurity Training Resolution of 2019 is sponsored by Rep. Kathleen Rice and Rep. John Katko. It requires the U.S. House’s Chief Administrative Officer to carry out annual cybersecurity trainings to ensure that members and staff are aware of the threat of cyberattacks and they have the knowledge and skills needed to protect government systems.

Congressional Cybersecurity Training Resolution of 2019This type of training is already required for House employees and officers, but the bill wants to make it mandatory for all members. The annual training would need to be completed every year by January 31.

The bill orders new members to undergo cybersecurity training within 30 days after beginning service.

“If we want to effectively counter those threats, then we need to make sure Members of Congress are equipped with the tools and knowledge to play an active role in this fight. Our employees and House officers are already required to take mandatory information security training, and it’s past time that Members are held to the same standard and bear the same responsibility,” Rep. Rice said.

Some cybersecurity professionals have applauded the initiative.

“We know people empowered with the right training and education are the ultimate defense against cybercrime. Arming our members of Congress with this information gives them an opportunity to lead by example and also helps create a culture of protection awareness for our data-dependent society,” said Jack Koziol, CEO and founder of Infosec, a provider of IT security education and workforce security awareness training solutions.

However, others are not convinced it would be as efficient as its initiators hope.

“While it is encouraging to see that lawmakers are looking to improve cybersecurity training to house members, it is unfortunate to realize that they are a few years behind when it comes to best practices. In the past couple of years, the majority of companies that fell prey to cyber-attacks had an annual training in place which proved to be worthless when a real attack was launched,” Shlomi Gian, CEO at CybeReady, a provider of autonomous cyber security awareness solutions, told SecurityWeek.

“The average human brain has no capacity to memorize facts taught during a single, relatively long, annual training. A better training practice includes on-the-spot training that is triggered when we have the employee’s full attention – at the moment that he or she fails to detect a simulated attack. We call that the golden moment and careless employees do not forget it quickly,” Gian added.

Related: D.C. Attorney General Introduces New Data Security Bill

Related: U.S. Senators Introduce Bi-Partisan Bill to Counter China Hacking Threat

Related: Senators Reintroduce IoT Cybersecurity Improvement Bill

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

CISO Conversations

SecurityWeek speaks with two leading CISOs in the aviation industry – Mitch Cyrus of Honda Aircraft, and Mark Ferguson of Bombardier.