skip to main content

H.R. 5822 (115th): Executive Cyberspace Coordination Act of 2018

The text of the bill below is as of May 15, 2018 (Introduced).


I

115th CONGRESS

2d Session

H. R. 5822

IN THE HOUSE OF REPRESENTATIVES

May 15, 2018

(for himself, Mr. Ted Lieu of California, Mrs. Dingell, Mr. Khanna, Ms. Clarke of New York, Mr. Richmond, Mr. Heck, Ms. Jayapal, Ms. Norton, Ms. Velázquez, Mr. Rush, and Mr. Ruppersberger) introduced the following bill; which was referred to the Committee on Oversight and Government Reform

A BILL

To establish a National Office for Cyberspace, and for other purposes.

1.

Short title

This Act may be cited as the Executive Cyberspace Coordination Act of 2018.

2.

National Office for Cyberspace

(a)

Coordination of Federal information policy

Subchapter II of chapter 35 of title 44, United States Code, is amended—

(1)

in section 3552(b), by adding at the end the following new paragraphs:

(8)

The term Director means the Director of the National Office for Cyberspace.

(9)

The term information infrastructure means the underlying framework that information systems and assets rely on in processing, storing, or transmitting information electronically.

;

(2)

in section 3553(a)—

(A)

in paragraph (5), by striking ; and and inserting a semicolon;

(B)

in paragraph (6), by striking the period at the end and inserting a semicolon; and

(C)

by inserting after paragraph (6) the following new paragraphs:

(7)

reviewing at least annually, and approving or disapproving, agency information security programs required under section 3554(b);

(8)

coordinating the defense of information infrastructure operated by agencies in the case of a large-scale attack on information infrastructure, as determined by the Director;

(9)

coordinating information security training for Federal employees with the Director of the Office of Personnel Management;

(10)

ensuring the adequacy of protections for privacy and civil liberties in carrying out the responsibilities of the Director under this subchapter;

(11)

making recommendations that the Director determines are necessary to ensure risk-based security of the Federal information infrastructure and information infrastructure that is owned, operated, controlled, or licensed for use by, or on behalf of, the Department of Defense, a military department, or another element of the intelligence community to—

(A)

the Director of the Office of Management and Budget;

(B)

the head of an agency; or

(C)

to Congress with regard to the reprogramming of funds;

(12)

ensuring, in consultation with the Administrator of the Office of Information and Regulatory Affairs, that the efforts of agencies relating to the development of regulations, rules, requirements, or other actions applicable to the national information infrastructure are complementary;

(13)

when directed by the President, carrying out the responsibilities for national security and emergency preparedness communications described in section 706 of the Communications Act of 1934 (47 U.S.C. 606) to ensure integration and coordination; and

(14)

as assigned by the President, other duties relating to the security and resiliency of cyberspace.

;

(3)

by adding at the end of section 3554, the following new subsection:

(f)

Budget assessment and reporting

(1)

Agency submission

The head of each agency shall submit to the Director a budget each year for the following fiscal year relating to the protection of information infrastructure for such agency, by a date determined by the Director that is before July 1 of each year. Such budget shall include—

(A)

a review of any threats to information technology for such agency;

(B)

a plan to secure the information infrastructure for such agency based on threats to information technology, using the National Institute of Standards and Technology guidelines and recommendations;

(C)

a review of compliance by such agency with any previous year plan described in subparagraph (B); and

(D)

a report on the development of the credentialing process to enable secure authentication of identity and authorization for access to the information infrastructure of such agency.

(2)

Assessment and certification

The Director shall assess and certify the adequacy of each budget submitted under paragraph (1).

(3)

Agency recommendations

Not later than July 1 of each year, the Director shall submit to the head of each agency budget recommendations, including requests for specific initiatives that are consistent with the priorities of the President relating to the protection of information infrastructure. Such budget recommendations shall—

(A)

apply to the next budget year scheduled for formulation under chapter 11 of title 31, and each of the 4 subsequent fiscal years; and

(B)

address funding priorities developed in the National Office for Cyberspace.

(4)

Recommendations to the President

The Director shall make recommendations to the President that the Director determines are appropriate regarding changes in the organization, management, and budget of each agency relating to the protection of information infrastructure in each such agency, and changes in the allocation of personnel to and within such agency, including monetary penalties or incentives necessary to encourage and maintain accountability of any agency, or senior agency official, for efforts to secure the information infrastructure of such agency.

; and

(4)

by adding at the end the following new section:

3560.

National Office for Cyberspace

(a)

Establishment

There is established within the Executive Office of the President an office to be known as the National Office for Cyberspace.

(b)

Director

(1)

In general

There shall be at the head of the National Office for Cyberspace a Director, who shall be appointed by the President by and with the advice and consent of the Senate. The Director of the National Office for Cyberspace shall administer all functions designated to such Director under sections 3553 and 3555 and collaborate to the extent practicable with the heads of appropriate agencies, the private sector, and international partners. The Office shall serve as the principal office for coordinating issues relating to cyberspace, including achieving an assured, reliable, secure, and survivable information infrastructure and related capabilities for the Federal Government, while promoting national economic interests, security, and civil liberties.

(2)

Basic pay

The Director of the National Office for Cyberspace shall be paid at the rate of basic pay for level III of the Executive Schedule.

(c)

Staff

The Director of the National Office for Cyberspace may appoint and fix the pay of additional personnel as the Director considers appropriate.

(d)

Experts and consultants

The Director of the National Office for Cyberspace may procure temporary and intermittent services under section 3109(b) of title 5.

.

(b)

Technical and conforming amendments

The table of sections for subchapter II of chapter 35 of title 44, United States Code, is amended by adding at the end the following:

3560. National Office for Cyberspace.

.

(c)

National strategy required

Not later than one year after the date of the enactment of this Act, the Director of the National Office for Cyberspace shall establish a national strategy for improving agency information security.

(d)

Effective date

This section, and the amendments made by this section, shall take effect 180 days after the date of the enactment of this Act.