H. R. 2952
IN THE HOUSE OF REPRESENTATIVES
August 1, 2013
Mr. Meehan introduced the following bill; which was referred to the Committee on Homeland Security
To amend the Homeland Security Act of 2002 to make certain improvements in the laws relating to the advancement of security technologies for critical infrastructure protection, and for other purposes.
This Act may be cited as the
Critical Infrastructure Research and
Development Advancement Act of 2013
CIRDA Act of
Section 2 of the Homeland Security Act of 2002 ( 6 U.S.C. 101 ) is amended by redesignating paragraphs (15) through (18) as paragraphs (16) through (19), respectively, and by inserting after paragraph (14) the following:
Council means a private sector coordinating council that is—
recognized by the Secretary as such a Council for purposes of this Act; and
comprised of representatives of owners and operators of critical infrastructure within a particular sector of critical infrastructure.
Critical infrastructure protection research and development
Title III of the Homeland Security Act of 2002 (6 U.S.C. 181 et seq.) is amended by adding at the end the following:
Research and development strategy for critical infrastructure protection
Not later than 180 days after the date of enactment of the Critical Infrastructure Research and Development Advancement Act of 2013, the Secretary, acting through the Under Secretary for Science and Technology, shall transmit to Congress a strategic plan to guide the overall direction of Federal physical security and cybersecurity technology research and development efforts for protecting critical infrastructure. Once every 2 years after the initial strategic plan is transmitted to Congress under this section, the Secretary shall transmit to Congress an update of the plan.
Contents of Plan
The strategic plan shall include the following:
An identification of critical infrastructure security risks and the associated security technology gaps, that are developed following—
consultation with stakeholders, including the Sector Coordinating Councils; and
performance by the Department of a risk/gap analysis that considers information received in such consultations.
A set of critical infrastructure security technology needs that—
is prioritized based on risk and gaps identified under paragraph (1);
emphasizes research and development of those technologies that need to be accelerated due to rapidly evolving threats or rapidly advancing infrastructure technology; and
includes research, development, and acquisition roadmaps with clearly defined objectives, goals, and measures.
An identification of laboratories, facilities, modeling, and simulation capabilities that will be required to support the research, development, demonstration, testing, evaluation, and acquisition of the security technologies described in paragraph (2).
An identification of current and planned programmatic initiatives for fostering the rapid advancement and deployment of security technologies for critical infrastructure protection. The initiatives shall consider opportunities for public-private partnerships, intragovernment collaboration, university centers of excellence, and national laboratory technology transfer.
In carrying out this section, the Under Secretary for Science and Technology shall coordinate with the Under Secretary for the National Protection and Programs Directorate.
In carrying out this section, the Under Secretary for Science and Technology shall consult with—
the critical infrastructure Sector Coordinating Councils;
to the extent practicable, subject matter experts on critical infrastructure protection from universities, national laboratories, and private industry;
the heads of other relevant Federal departments and agencies that conduct research and development for critical infrastructure protection; and
State, local, and tribal governments as appropriate.
Report on public-private research and development consortiums
Not later than 180 days after the enactment of the Critical Infrastructure Research and Development Advancement Act of 2013 , the Secretary, acting through the Under Secretary for Science and Technology, shall transmit to Congress a study on the use by the Department of public-private research and development consortiums for accelerating technology development for critical infrastructure protection. Once every 2 years after the initial study is transmitted to Congress under this section, the Secretary shall transmit to Congress an update of the study. The study shall focus on those aspects of critical infrastructure protection that are predominately operated by the private sector and that would most benefit from rapid security technology advancement.
Contents of Study
The study shall include—
a summary of the progress and accomplishments of on-going consortiums for critical infrastructure security technologies;
in consultation with the Sector Coordinating Councils, a prioritized list of technology development focus areas that would most benefit from a public-private research and development consortium; and
based on the prioritized list developed under paragraph (2), a proposal for implementing an expanded research and development consortium program, including an assessment of feasibility and an estimate of cost, schedule, and milestones.
The table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to such title the following:
Sec. 318. Research and development strategy for critical infrastructure protection.
Sec. 319. Report on public-private research and development consortiums.
Critical infrastructure protection technology clearinghouse
Section 313 of the Homeland Security Act of 2002 ( 6 U.S.C. 193 ) is amended by redesignating subsection (c) as subsection (d), and by inserting after subsection (b) the following:
Critical infrastructure protection technology clearinghouse
Under the program required by this section, the Secretary, acting through the Under Secretary for Science and Technology, and in coordination with the Under Secretary for the National Protection and Programs Directorate, shall designate a technology clearinghouse for rapidly sharing proven technology solutions for protecting critical infrastructure.
Sharing of technology solutions
Technology solutions shared through the clearinghouse shall draw from Government-furnished, commercially furnished, and publically available trusted sources.
All technologies shared through the clearinghouse shall include a set of metrics to assist end-users in deploying timely and effective solutions relevant for their critical infrastructures.
Review by privacy officer
The Privacy Officer of the Department appointed under section 222 shall annually review the clearinghouse process to evaluate its consistency with fair information practice principles issued by the Privacy Officer.
Evaluation of Technology Clearinghouse by Government Accountability Office
Not later than 2 years after the date of enactment of this Act, the Comptroller General of the United States shall conduct an independent evaluation of, and submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on, the effectiveness of the clearinghouses established and designated, respectively, under section 313 of the Homeland Security Act of 2002, as amended by this section.
No additional authorization of appropriations
No additional funds are authorized to be appropriated to carry out this Act and the amendments made by this Act, and this Act and such amendments shall be carried out using amounts otherwise available for such purpose.