[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5822 Introduced in House (IH)]

<DOC>






115th CONGRESS
  2d Session
                                H. R. 5822

 To establish a National Office for Cyberspace, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 15, 2018

 Mr. Langevin (for himself, Mr. Ted Lieu of California, Mrs. Dingell, 
    Mr. Khanna, Ms. Clarke of New York, Mr. Richmond, Mr. Heck, Ms. 
 Jayapal, Ms. Norton, Ms. Velazquez, Mr. Rush, and Mr. Ruppersberger) 
 introduced the following bill; which was referred to the Committee on 
                    Oversight and Government Reform

_______________________________________________________________________

                                 A BILL


 
 To establish a National Office for Cyberspace, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Executive Cyberspace Coordination 
Act of 2018''.

SEC. 2. NATIONAL OFFICE FOR CYBERSPACE.

    (a) Coordination of Federal Information Policy.--Subchapter II of 
chapter 35 of title 44, United States Code, is amended--
            (1) in section 3552(b), by adding at the end the following 
        new paragraphs:
            ``(8) The term `Director' means the Director of the 
        National Office for Cyberspace.
            ``(9) The term `information infrastructure' means the 
        underlying framework that information systems and assets rely 
        on in processing, storing, or transmitting information 
        electronically.'';
            (2) in section 3553(a)--
                    (A) in paragraph (5), by striking ``; and'' and 
                inserting a semicolon;
                    (B) in paragraph (6), by striking the period at the 
                end and inserting a semicolon; and
                    (C) by inserting after paragraph (6) the following 
                new paragraphs:
            ``(7) reviewing at least annually, and approving or 
        disapproving, agency information security programs required 
        under section 3554(b);
            ``(8) coordinating the defense of information 
        infrastructure operated by agencies in the case of a large-
        scale attack on information infrastructure, as determined by 
        the Director;
            ``(9) coordinating information security training for 
        Federal employees with the Director of the Office of Personnel 
        Management;
            ``(10) ensuring the adequacy of protections for privacy and 
        civil liberties in carrying out the responsibilities of the 
        Director under this subchapter;
            ``(11) making recommendations that the Director determines 
        are necessary to ensure risk-based security of the Federal 
        information infrastructure and information infrastructure that 
        is owned, operated, controlled, or licensed for use by, or on 
        behalf of, the Department of Defense, a military department, or 
        another element of the intelligence community to--
                    ``(A) the Director of the Office of Management and 
                Budget;
                    ``(B) the head of an agency; or
                    ``(C) to Congress with regard to the reprogramming 
                of funds;
            ``(12) ensuring, in consultation with the Administrator of 
        the Office of Information and Regulatory Affairs, that the 
        efforts of agencies relating to the development of regulations, 
        rules, requirements, or other actions applicable to the 
        national information infrastructure are complementary;
            ``(13) when directed by the President, carrying out the 
        responsibilities for national security and emergency 
        preparedness communications described in section 706 of the 
        Communications Act of 1934 (47 U.S.C. 606) to ensure 
        integration and coordination; and
            ``(14) as assigned by the President, other duties relating 
        to the security and resiliency of cyberspace.'';
            (3) by adding at the end of section 3554, the following new 
        subsection:
    ``(f) Budget Assessment and Reporting.--
            ``(1) Agency submission.--The head of each agency shall 
        submit to the Director a budget each year for the following 
        fiscal year relating to the protection of information 
        infrastructure for such agency, by a date determined by the 
        Director that is before July 1 of each year. Such budget shall 
        include--
                    ``(A) a review of any threats to information 
                technology for such agency;
                    ``(B) a plan to secure the information 
                infrastructure for such agency based on threats to 
                information technology, using the National Institute of 
                Standards and Technology guidelines and 
                recommendations;
                    ``(C) a review of compliance by such agency with 
                any previous year plan described in subparagraph (B); 
                and
                    ``(D) a report on the development of the 
                credentialing process to enable secure authentication 
                of identity and authorization for access to the 
                information infrastructure of such agency.
            ``(2) Assessment and certification.--The Director shall 
        assess and certify the adequacy of each budget submitted under 
        paragraph (1).
            ``(3) Agency recommendations.--Not later than July 1 of 
        each year, the Director shall submit to the head of each agency 
        budget recommendations, including requests for specific 
        initiatives that are consistent with the priorities of the 
        President relating to the protection of information 
        infrastructure. Such budget recommendations shall--
                    ``(A) apply to the next budget year scheduled for 
                formulation under chapter 11 of title 31, and each of 
                the 4 subsequent fiscal years; and
                    ``(B) address funding priorities developed in the 
                National Office for Cyberspace.
            ``(4) Recommendations to the president.--The Director shall 
        make recommendations to the President that the Director 
        determines are appropriate regarding changes in the 
        organization, management, and budget of each agency relating to 
        the protection of information infrastructure in each such 
        agency, and changes in the allocation of personnel to and 
        within such agency, including monetary penalties or incentives 
        necessary to encourage and maintain accountability of any 
        agency, or senior agency official, for efforts to secure the 
        information infrastructure of such agency.''; and
            (4) by adding at the end the following new section:
``Sec. 3560. National Office for Cyberspace
    ``(a) Establishment.--There is established within the Executive 
Office of the President an office to be known as the National Office 
for Cyberspace.
    ``(b) Director.--
            ``(1) In general.--There shall be at the head of the 
        National Office for Cyberspace a Director, who shall be 
        appointed by the President by and with the advice and consent 
        of the Senate. The Director of the National Office for 
        Cyberspace shall administer all functions designated to such 
        Director under sections 3553 and 3555 and collaborate to the 
        extent practicable with the heads of appropriate agencies, the 
        private sector, and international partners. The Office shall 
        serve as the principal office for coordinating issues relating 
        to cyberspace, including achieving an assured, reliable, 
        secure, and survivable information infrastructure and related 
        capabilities for the Federal Government, while promoting 
        national economic interests, security, and civil liberties.
            ``(2) Basic pay.--The Director of the National Office for 
        Cyberspace shall be paid at the rate of basic pay for level III 
        of the Executive Schedule.
    ``(c) Staff.--The Director of the National Office for Cyberspace 
may appoint and fix the pay of additional personnel as the Director 
considers appropriate.
    ``(d) Experts and Consultants.--The Director of the National Office 
for Cyberspace may procure temporary and intermittent services under 
section 3109(b) of title 5.''.
    (b) Technical and Conforming Amendments.--The table of sections for 
subchapter II of chapter 35 of title 44, United States Code, is amended 
by adding at the end the following:

        ``3560. National Office for Cyberspace.''.
    (c) National Strategy Required.--Not later than one year after the 
date of the enactment of this Act, the Director of the National Office 
for Cyberspace shall establish a national strategy for improving agency 
information security.
    (d) Effective Date.--This section, and the amendments made by this 
section, shall take effect 180 days after the date of the enactment of 
this Act.
                                 <all>