skip to main content

H.R. 2952 (113th): Cybersecurity Workforce Assessment Act

The text of the bill below is as of Jan 9, 2014 (Reported by House Committee).


IB

Union Calendar No. 241

113th CONGRESS

2d Session

H. R. 2952

[Report No. 113–324]

IN THE HOUSE OF REPRESENTATIVES

August 1, 2013

introduced the following bill; which was referred to the Committee on Homeland Security

January 9, 2014

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed

Strike out all after the enacting clause and insert the part printed in italic

For text of introduced bill, see copy of bill as introduced on August 1, 2013


A BILL

To amend the Homeland Security Act of 2002 to make certain improvements in the laws relating to the advancement of security technologies for critical infrastructure protection, and for other purposes.


1.

Short title

This Act may be cited as the Critical Infrastructure Research and Development Advancement Act of 2013 or the CIRDA Act of 2013 .

2.

Definitions

Section 2 of the Homeland Security Act of 2002 ( 6 U.S.C. 101 ) is amended by redesignating paragraphs (15) through (18) as paragraphs (16) through (19), respectively, and by inserting after paragraph (14) the following:

(15)

The term Sector Coordinating Council means a private sector coordinating council that is—

(A)

recognized by the Secretary as such a Council for purposes of this Act; and

(B)

comprised of representatives of owners and operators of critical infrastructure within a particular sector of critical infrastructure.

.

3.

Critical infrastructure protection research and development

(a)

Strategic Plan; Public-Private Consortiums

(1)

In general

Title III of the Homeland Security Act of 2002 ( 6 U.S.C. 181 et seq.) is amended by adding at the end the following:

318.

Research and development strategy for critical infrastructure protection

(a)

In General

Not later than 180 days after the date of enactment of the Critical Infrastructure Research and Development Advancement Act of 2013, the Secretary, acting through the Under Secretary for Science and Technology, shall transmit to Congress a strategic plan to guide the overall direction of Federal physical security and cybersecurity technology research and development efforts for protecting critical infrastructure, including against all threats. Once every 2 years after the initial strategic plan is transmitted to Congress under this section, the Secretary shall transmit to Congress an update of the plan.

(b)

Contents of Plan

The strategic plan shall include the following:

(1)

An identification of critical infrastructure security risks and any associated security technology gaps, that are developed following—

(A)

consultation with stakeholders, including the Sector Coordinating Councils; and

(B)

performance by the Department of a risk/gap analysis that considers information received in such consultations.

(2)

A set of critical infrastructure security technology needs that—

(A)

is prioritized based on risk and gaps identified under paragraph (1);

(B)

emphasizes research and development of those technologies that need to be accelerated due to rapidly evolving threats or rapidly advancing infrastructure technology; and

(C)

includes research, development, and acquisition roadmaps with clearly defined objectives, goals, and measures.

(3)

An identification of laboratories, facilities, modeling, and simulation capabilities that will be required to support the research, development, demonstration, testing, evaluation, and acquisition of the security technologies described in paragraph (2).

(4)

An identification of current and planned programmatic initiatives for fostering the rapid advancement and deployment of security technologies for critical infrastructure protection. The initiatives shall consider opportunities for public-private partnerships, intragovernment collaboration, university centers of excellence, and national laboratory technology transfer.

(5)

A description of progress made with respect to each critical infrastructure security risk, associated security technology gap, and critical infrastructure technology need identified in the preceding strategic plan transmitted under this section.

(c)

Coordination

In carrying out this section, the Under Secretary for Science and Technology shall coordinate with the Under Secretary for the National Protection and Programs Directorate.

(d)

Consultation

In carrying out this section, the Under Secretary for Science and Technology shall consult with—

(1)

the critical infrastructure Sector Coordinating Councils;

(2)

to the extent practicable, subject matter experts on critical infrastructure protection from universities, colleges, including historically black colleges and universities, Hispanic- serving institutions, and tribal colleges and universities, national laboratories, and private industry;

(3)

the heads of other relevant Federal departments and agencies that conduct research and development for critical infrastructure protection; and

(4)

State, local, and tribal governments as appropriate.

319.

Report on public-private research and development consortiums

(a)

In general

Not later than 180 days after the enactment of the Critical Infrastructure Research and Development Advancement Act of 2013 , the Secretary, acting through the Under Secretary for Science and Technology, shall transmit to Congress a report on the Department’s utilization of public-private research and development consortiums for accelerating technology development for critical infrastructure protection. Once every 2 years after the initial report is transmitted to Congress under this section, the Secretary shall transmit to Congress an update of the report. The report shall focus on those aspects of critical infrastructure protection that are predominately operated by the private sector and that would most benefit from rapid security technology advancement.

(b)

Contents of Report

The report shall include—

(1)

a summary of the progress and accomplishments of on-going consortiums for critical infrastructure security technologies;

(2)

in consultation with the Sector Coordinating Councils and, to the extent practicable, in consultation with subject-matter experts on critical infrastructure protection from universities, colleges, including historically black colleges and universities, Hispanic-serving institutions, and tribal colleges and universities, national laboratories, and private industry, a prioritized list of technology development focus areas that would most benefit from a public-private research and development consortium; and

(3)

based on the prioritized list developed under paragraph (2), a proposal for implementing an expanded research and development consortium program, including an assessment of feasibility and an estimate of cost, schedule, and milestones.

.

(2)

Limitation on progress report requirement

Subsection (b)(5) of section 318 of the Homeland Security Act of 2002, as amended by paragraph (1) of this subsection, shall not apply with respect to the first strategic plan transmitted under that section.

(b)

Clerical amendment

The table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to such title the following:

Sec. 318. Research and development strategy for critical infrastructure protection.

Sec. 319. Report on public-private research and development consortiums.

.

(c)

Critical infrastructure protection technology clearinghouse

Section 313 of the Homeland Security Act of 2002 ( 6 U.S.C. 193 ) is amended by redesignating subsection (c) as subsection (d), and by inserting after subsection (b) the following:

(c)

Critical infrastructure protection technology clearinghouse

(1)

Designation

Under the program required by this section, the Secretary, acting through the Under Secretary for Science and Technology, and in coordination with the Under Secretary for the National Protection and Programs Directorate, shall designate a technology clearinghouse for rapidly sharing proven technology solutions for protecting critical infrastructure.

(2)

Sharing of technology solutions

Technology solutions shared through the clearinghouse shall draw from Government-furnished, commercially furnished, and publically available trusted sources.

(3)

Technology metrics

All technologies shared through the clearinghouse shall include a set of performance and readiness metrics to assist end-users in deploying effective and timely solutions relevant for their critical infrastructures.

(4)

Review by privacy officer

The Privacy Officer of the Department appointed under section 222 shall annually review the clearinghouse process to evaluate its consistency with fair information practice principles issued by the Privacy Officer.

.

(d)

Evaluation of Technology Clearinghouse by Government Accountability Office

Not later than 2 years after the date of enactment of this Act, the Comptroller General of the United States shall conduct an independent evaluation of, and submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on, the effectiveness of the clearinghouses established and designated, respectively, under section 313 of the Homeland Security Act of 2002, as amended by this section.

4.

No additional authorization of appropriations

No additional funds are authorized to be appropriated to carry out this Act and the amendments made by this Act, and this Act and such amendments shall be carried out using amounts otherwise available for such purpose.

January 9, 2014

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed