[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 594 Introduced in Senate (IS)]

<DOC>






115th CONGRESS
  1st Session
                                 S. 594

     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 9, 2017

   Mr. Cornyn (for himself, Mr. Cruz, and Mr. Leahy) introduced the 
 following bill; which was read twice and referred to the Committee on 
               Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``National Cybersecurity Preparedness 
Consortium Act of 2017''.

SEC. 2. DEFINITIONS.

    In this Act--
            (1) the term ``consortium'' means a group primarily 
        composed of nonprofit entities, including academic 
        institutions, that develop, update, and deliver cybersecurity 
        training in support of homeland security;
            (2) the terms ``cybersecurity risk'' and ``incident'' have 
        the meanings given those terms in section 227(a) of the 
        Homeland Security Act of 2002 (6 U.S.C. 148(a));
            (3) the term ``Department'' means the Department of 
        Homeland Security; and
            (4) the term ``Secretary'' means the Secretary of Homeland 
        Security.

SEC. 3. NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM.

    (a) In General.--The Secretary may work with a consortium, 
including the National Cybersecurity Preparedness Consortium, to 
support efforts to address cybersecurity risks and incidents, including 
threats of terrorism and acts of terrorism.
    (b) Assistance to the NCCIC.--The Secretary may work with a 
consortium to assist the national cybersecurity and communications 
integration center of the Department (established under section 227 of 
the Homeland Security Act of 2002 (6 U.S.C. 148)) to--
            (1) provide training to State and local first responders 
        and officials specifically for preparing for and responding to 
        cybersecurity risks and incidents, including threats of 
        terrorism and acts of terrorism, in accordance with applicable 
        law;
            (2) develop and update a curriculum utilizing existing 
        programs and models in accordance with such section 227, for 
        State and local first responders and officials, related to 
        cybersecurity risks and incidents, including threats of 
        terrorism and acts of terrorism;
            (3) provide technical assistance services to build and 
        sustain capabilities in support of preparedness for and 
        response to cybersecurity risks and incidents, including 
        threats of terrorism and acts of terrorism, in accordance with 
        such section 227;
            (4) conduct cross-sector cybersecurity training and 
        simulation exercises for entities, including State and local 
        governments, critical infrastructure owners and operators, and 
        private industry, to encourage community-wide coordination in 
        defending against and responding to cybersecurity risks and 
        incidents, including threats of terrorism and acts of 
        terrorism, in accordance with section 228(c) of the Homeland 
        Security Act of 2002 (6 U.S.C. 149(c));
            (5) help States and communities develop cybersecurity 
        information sharing programs, in accordance with section 227 of 
        the Homeland Security Act of 2002 (6 U.S.C. 148), for the 
        dissemination of homeland security information related to 
        cybersecurity risks and incidents, including threats of 
        terrorism and acts of terrorism; and
            (6) help incorporate cybersecurity risk and incident 
        prevention and response (including related to threats of 
        terrorism and acts of terrorism) into existing State and local 
        emergency plans, including continuity of operations plans.
    (c) Prohibition on Duplication.--In carrying out the functions 
under subsection (b), the Secretary shall, to the greatest extent 
practicable, seek to prevent unnecessary duplication of existing 
programs or efforts of the Department.
    (d) Considerations Regarding Selection of a Consortium.--In 
selecting a consortium with which to work under this Act, the Secretary 
shall take into consideration the following:
            (1) Any prior experience conducting cybersecurity training 
        and exercises for State and local entities.
            (2) Geographic diversity of the members of any such 
        consortium so as to cover different regions throughout the 
        United States.
    (e) Metrics.--If the Secretary works with a consortium under 
subsection (a), the Secretary shall measure the effectiveness of the 
activities undertaken by the consortium under this Act.
    (f) Outreach.--The Secretary shall conduct outreach to universities 
and colleges, including historically Black colleges and universities, 
Hispanic-serving institutions, Tribal Colleges and Universities, and 
other minority-serving institutions, regarding opportunities to support 
efforts to address cybersecurity risks and incidents, including threats 
of terrorism and acts of terrorism, by working with the Secretary under 
subsection (a).
    (g) Termination.--The authority to carry out this Act shall 
terminate on the date that is 5 years after the date of enactment of 
this Act.
                                 <all>