[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2952 Referred in Senate (RFS)]

113th CONGRESS
  2d Session
                                H. R. 2952


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 29, 2014

Received; read twice and referred to the Committee on Homeland Security 
                        and Governmental Affairs

_______________________________________________________________________

                                 AN ACT


 
To amend the Homeland Security Act of 2002 to make certain improvements 
 in the laws relating to the advancement of security technologies for 
      critical infrastructure protection, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Critical Infrastructure Research and 
Development Advancement Act of 2014'' or the ``CIRDA Act of 2014''.

SEC. 2. DEFINITIONS.

    Section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101) is 
amended by redesignating paragraphs (15) through (18) as paragraphs 
(16) through (19), respectively, and by inserting after paragraph (14) 
the following:
            ``(15) The term `Sector Coordinating Council' means a 
        private sector coordinating council that is--
                    ``(A) recognized by the Secretary as such a Council 
                for purposes of this Act; and
                    ``(B) comprised of representatives of owners and 
                operators of critical infrastructure within a 
                particular sector of critical infrastructure.''.

SEC. 3. CRITICAL INFRASTRUCTURE PROTECTION RESEARCH AND DEVELOPMENT.

    (a) Strategic Plan; Public-Private Consortiums.--
            (1) In general.--Title III of the Homeland Security Act of 
        2002 (6 U.S.C. 181 et seq.) is amended by adding at the end the 
        following:

``SEC. 318. RESEARCH AND DEVELOPMENT STRATEGY FOR CRITICAL 
              INFRASTRUCTURE PROTECTION.

    ``(a) In General.--Not later than 180 days after the date of 
enactment of the Critical Infrastructure Research and Development 
Advancement Act of 2013, the Secretary, acting through the Under 
Secretary for Science and Technology, shall transmit to Congress a 
strategic plan to guide the overall direction of Federal physical 
security and cybersecurity technology research and development efforts 
for protecting critical infrastructure, including against all threats. 
Once every 2 years after the initial strategic plan is transmitted to 
Congress under this section, the Secretary shall transmit to Congress 
an update of the plan.
    ``(b) Contents of Plan.--The strategic plan shall include the 
following:
            ``(1) An identification of critical infrastructure security 
        risks and any associated security technology gaps, that are 
        developed following--
                    ``(A) consultation with stakeholders, including the 
                Sector Coordinating Councils; and
                    ``(B) performance by the Department of a risk/gap 
                analysis that considers information received in such 
                consultations.
            ``(2) A set of critical infrastructure security technology 
        needs that--
                    ``(A) is prioritized based on risk and gaps 
                identified under paragraph (1);
                    ``(B) emphasizes research and development of those 
                technologies that need to be accelerated due to rapidly 
                evolving threats or rapidly advancing infrastructure 
                technology; and
                    ``(C) includes research, development, and 
                acquisition roadmaps with clearly defined objectives, 
                goals, and measures.
            ``(3) An identification of laboratories, facilities, 
        modeling, and simulation capabilities that will be required to 
        support the research, development, demonstration, testing, 
        evaluation, and acquisition of the security technologies 
        described in paragraph (2).
            ``(4) An identification of current and planned programmatic 
        initiatives for fostering the rapid advancement and deployment 
        of security technologies for critical infrastructure 
        protection. The initiatives shall consider opportunities for 
        public-private partnerships, intragovernment collaboration, 
        university centers of excellence, and national laboratory 
        technology transfer.
            ``(5) A description of progress made with respect to each 
        critical infrastructure security risk, associated security 
        technology gap, and critical infrastructure technology need 
        identified in the preceding strategic plan transmitted under 
        this section.
    ``(c) Coordination.--In carrying out this section, the Under 
Secretary for Science and Technology shall coordinate with the Under 
Secretary for the National Protection and Programs Directorate.
    ``(d) Consultation.--In carrying out this section, the Under 
Secretary for Science and Technology shall consult with--
            ``(1) the critical infrastructure Sector Coordinating 
        Councils;
            ``(2) to the extent practicable, subject matter experts on 
        critical infrastructure protection from universities, colleges, 
        including historically black colleges and universities, 
        Hispanic- serving institutions, and tribal colleges and 
        universities, national laboratories, and private industry;
            ``(3) the heads of other relevant Federal departments and 
        agencies that conduct research and development for critical 
        infrastructure protection; and
            ``(4) State, local, and tribal governments as appropriate.

``SEC. 319. REPORT ON PUBLIC-PRIVATE RESEARCH AND DEVELOPMENT 
              CONSORTIUMS.

    ``(a) In General.--Not later than 180 days after the enactment of 
the Critical Infrastructure Research and Development Advancement Act of 
2014, the Secretary, acting through the Under Secretary for Science and 
Technology, shall transmit to Congress a report on the Department's 
utilization of public-private research and development consortiums for 
accelerating technology development for critical infrastructure 
protection. Once every 2 years after the initial report is transmitted 
to Congress under this section, the Secretary shall transmit to 
Congress an update of the report. The report shall focus on those 
aspects of critical infrastructure protection that are predominately 
operated by the private sector and that would most benefit from rapid 
security technology advancement.
    ``(b) Contents of Report.--The report shall include--
            ``(1) a summary of the progress and accomplishments of on-
        going consortiums for critical infrastructure security 
        technologies;
            ``(2) in consultation with the Sector Coordinating Councils 
        and, to the extent practicable, in consultation with subject-
        matter experts on critical infrastructure protection from 
        universities, colleges, including historically black colleges 
        and universities, Hispanic-serving institutions, and tribal 
        colleges and universities, national laboratories, and private 
        industry, a prioritized list of technology development focus 
        areas that would most benefit from a public-private research 
        and development consortium; and
            ``(3) based on the prioritized list developed under 
        paragraph (2), a proposal for implementing an expanded research 
        and development consortium program, including an assessment of 
        feasibility and an estimate of cost, schedule, and 
        milestones.''.
            (2) Limitation on progress report requirement.--Subsection 
        (b)(5) of section 318 of the Homeland Security Act of 2002, as 
        amended by paragraph (1) of this subsection, shall not apply 
        with respect to the first strategic plan transmitted under that 
        section.
    (b) Clerical Amendment.--The table of contents in section 1(b) of 
such Act is amended by adding at the end of the items relating to such 
title the following:

``Sec. 318. Research and development strategy for critical 
                            infrastructure protection.
``Sec. 319. Report on public-private research and development 
                            consortiums.''.
    (c) Critical Infrastructure Protection Technology Clearinghouse.--
Section 313 of the Homeland Security Act of 2002 (6 U.S.C. 193) is 
amended by redesignating subsection (c) as subsection (d), and by 
inserting after subsection (b) the following:
    ``(c) Critical Infrastructure Protection Technology 
Clearinghouse.--
            ``(1) Designation.--Under the program required by this 
        section, the Secretary, acting through the Under Secretary for 
        Science and Technology, and in coordination with the Under 
        Secretary for the National Protection and Programs Directorate, 
        shall designate a technology clearinghouse for rapidly sharing 
        proven technology solutions for protecting critical 
        infrastructure.
            ``(2) Sharing of technology solutions.--Technology 
        solutions shared through the clearinghouse shall draw from 
        Government-furnished, commercially furnished, and publically 
        available trusted sources.
            ``(3) Technology metrics.--All technologies shared through 
        the clearinghouse shall include a set of performance and 
        readiness metrics to assist end-users in deploying effective 
        and timely solutions relevant for their critical 
        infrastructures.
            ``(4) Review by privacy officer.--The Privacy Officer of 
        the Department appointed under section 222 shall annually 
        review the clearinghouse process to evaluate its consistency 
        with fair information practice principles issued by the Privacy 
        Officer.''.
    (d) Evaluation of Technology Clearinghouse by Government 
Accountability Office.--Not later than 2 years after the date of 
enactment of this Act, the Comptroller General of the United States 
shall conduct an independent evaluation of, and submit to the Committee 
on Homeland Security of the House of Representatives and the Committee 
on Homeland Security and Governmental Affairs of the Senate a report 
on, the effectiveness of the clearinghouses established and designated, 
respectively, under section 313 of the Homeland Security Act of 2002, 
as amended by this section.

SEC. 4. NO ADDITIONAL AUTHORIZATION OF APPROPRIATIONS.

    No additional funds are authorized to be appropriated to carry out 
this Act and the amendments made by this Act, and this Act and such 
amendments shall be carried out using amounts otherwise available for 
such purpose.

            Passed the House of Representatives July 28, 2014.

            Attest:

                                                 KAREN L. HAAS,

                                                                 Clerk.