[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 594 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 714
115th CONGRESS
  2d Session
                                 S. 594

                          [Report No. 115-410]

     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 9, 2017

  Mr. Cornyn (for himself, Mr. Cruz, Mr. Leahy, Mr. Boozman, and Mr. 
    Cotton) introduced the following bill; which was read twice and 
referred to the Committee on Homeland Security and Governmental Affairs

                            December 4, 2018

               Reported by Mr. Johnson, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``National Cybersecurity 
Preparedness Consortium Act of 2017''.</DELETED>

<DELETED>SEC. 2. DEFINITIONS.</DELETED>

<DELETED>    In this Act--</DELETED>
        <DELETED>    (1) the term ``consortium'' means a group 
        primarily composed of nonprofit entities, including academic 
        institutions, that develop, update, and deliver cybersecurity 
        training in support of homeland security;</DELETED>
        <DELETED>    (2) the terms ``cybersecurity risk'' and 
        ``incident'' have the meanings given those terms in section 
        227(a) of the Homeland Security Act of 2002 (6 U.S.C. 
        148(a));</DELETED>
        <DELETED>    (3) the term ``Department'' means the Department 
        of Homeland Security; and</DELETED>
        <DELETED>    (4) the term ``Secretary'' means the Secretary of 
        Homeland Security.</DELETED>

<DELETED>SEC. 3. NATIONAL CYBERSECURITY PREPAREDNESS 
              CONSORTIUM.</DELETED>

<DELETED>    (a) In General.--The Secretary may work with a consortium, 
including the National Cybersecurity Preparedness Consortium, to 
support efforts to address cybersecurity risks and incidents, including 
threats of terrorism and acts of terrorism.</DELETED>
<DELETED>    (b) Assistance to the NCCIC.--The Secretary may work with 
a consortium to assist the national cybersecurity and communications 
integration center of the Department (established under section 227 of 
the Homeland Security Act of 2002 (6 U.S.C. 148)) to--</DELETED>
        <DELETED>    (1) provide training to State and local first 
        responders and officials specifically for preparing for and 
        responding to cybersecurity risks and incidents, including 
        threats of terrorism and acts of terrorism, in accordance with 
        applicable law;</DELETED>
        <DELETED>    (2) develop and update a curriculum utilizing 
        existing programs and models in accordance with such section 
        227, for State and local first responders and officials, 
        related to cybersecurity risks and incidents, including threats 
        of terrorism and acts of terrorism;</DELETED>
        <DELETED>    (3) provide technical assistance services to build 
        and sustain capabilities in support of preparedness for and 
        response to cybersecurity risks and incidents, including 
        threats of terrorism and acts of terrorism, in accordance with 
        such section 227;</DELETED>
        <DELETED>    (4) conduct cross-sector cybersecurity training 
        and simulation exercises for entities, including State and 
        local governments, critical infrastructure owners and 
        operators, and private industry, to encourage community-wide 
        coordination in defending against and responding to 
        cybersecurity risks and incidents, including threats of 
        terrorism and acts of terrorism, in accordance with section 
        228(c) of the Homeland Security Act of 2002 (6 U.S.C. 
        149(c));</DELETED>
        <DELETED>    (5) help States and communities develop 
        cybersecurity information sharing programs, in accordance with 
        section 227 of the Homeland Security Act of 2002 (6 U.S.C. 
        148), for the dissemination of homeland security information 
        related to cybersecurity risks and incidents, including threats 
        of terrorism and acts of terrorism; and</DELETED>
        <DELETED>    (6) help incorporate cybersecurity risk and 
        incident prevention and response (including related to threats 
        of terrorism and acts of terrorism) into existing State and 
        local emergency plans, including continuity of operations 
        plans.</DELETED>
<DELETED>    (c) Prohibition on Duplication.--In carrying out the 
functions under subsection (b), the Secretary shall, to the greatest 
extent practicable, seek to prevent unnecessary duplication of existing 
programs or efforts of the Department.</DELETED>
<DELETED>    (d) Considerations Regarding Selection of a Consortium.--
In selecting a consortium with which to work under this Act, the 
Secretary shall take into consideration the following:</DELETED>
        <DELETED>    (1) Any prior experience conducting cybersecurity 
        training and exercises for State and local entities.</DELETED>
        <DELETED>    (2) Geographic diversity of the members of any 
        such consortium so as to cover different regions throughout the 
        United States.</DELETED>
<DELETED>    (e) Metrics.--If the Secretary works with a consortium 
under subsection (a), the Secretary shall measure the effectiveness of 
the activities undertaken by the consortium under this Act.</DELETED>
<DELETED>    (f) Outreach.--The Secretary shall conduct outreach to 
universities and colleges, including historically Black colleges and 
universities, Hispanic-serving institutions, Tribal Colleges and 
Universities, and other minority-serving institutions, regarding 
opportunities to support efforts to address cybersecurity risks and 
incidents, including threats of terrorism and acts of terrorism, by 
working with the Secretary under subsection (a).</DELETED>
<DELETED>    (g) Termination.--The authority to carry out this Act 
shall terminate on the date that is 5 years after the date of enactment 
of this Act.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``National Cybersecurity Preparedness 
Consortium Act of 2018''.

SEC. 2. DEFINITIONS.

    In this Act--
            (1) the term ``consortium'' means a group primarily 
        composed of nonprofit entities, including academic 
        institutions, that develop, update, and deliver cybersecurity 
        training in support of homeland security;
            (2) the terms ``cybersecurity risk'' and ``incident'' have 
        the meanings given those terms in section 227(a) of the 
        Homeland Security Act of 2002 (6 U.S.C. 148(a));
            (3) the term ``Department'' means the Department of 
        Homeland Security; and
            (4) the term ``Secretary'' means the Secretary of Homeland 
        Security.

SEC. 3. NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM.

    (a) In General.--The Secretary may work with a consortium to 
support efforts to address cybersecurity risks and incidents.
    (b) Assistance to the NCCIC.--The Secretary may work with a 
consortium to assist the national cybersecurity and communications 
integration center of the Department (established under section 227 of 
the Homeland Security Act of 2002 (6 U.S.C. 148)) to--
            (1) provide training to State and local first responders 
        and officials specifically for preparing for and responding to 
        cybersecurity risks and incidents, in accordance with 
        applicable law;
            (2) develop and update a curriculum utilizing existing 
        programs and models in accordance with such section 227, for 
        State and local first responders and officials, related to 
        cybersecurity risks and incidents;
            (3) provide technical assistance services to build and 
        sustain capabilities in support of preparedness for and 
        response to cybersecurity risks and incidents, including 
        threats of terrorism and acts of terrorism, in accordance with 
        such section 227;
            (4) conduct cross-sector cybersecurity training and 
        simulation exercises for entities, including State and local 
        governments, critical infrastructure owners and operators, and 
        private industry, to encourage community-wide coordination in 
        defending against and responding to cybersecurity risks and 
        incidents, in accordance with section 228(c) of the Homeland 
        Security Act of 2002 (6 U.S.C. 149(c));
            (5) help States and communities develop cybersecurity 
        information sharing programs, in accordance with section 227 of 
        the Homeland Security Act of 2002 (6 U.S.C. 148), for the 
        dissemination of homeland security information related to 
        cybersecurity risks and incidents; and
            (6) help incorporate cybersecurity risk and incident 
        prevention and response into existing State and local emergency 
        plans, including continuity of operations plans.
    (c) Considerations Regarding Selection of a Consortium.--In 
selecting a consortium with which to work under this Act, the Secretary 
shall take into consideration the following:
            (1) Any prior experience conducting cybersecurity training 
        and exercises for State and local entities.
            (2) Geographic diversity of the members of any such 
        consortium so as to cover different regions throughout the 
        United States.
    (d) Metrics.--If the Secretary works with a consortium under 
subsection (a), the Secretary shall measure the effectiveness of the 
activities undertaken by the consortium under this Act.
    (e) Outreach.--The Secretary shall conduct outreach to universities 
and colleges, including historically Black colleges and universities, 
Hispanic-serving institutions, Tribal Colleges and Universities, and 
other minority-serving institutions, regarding opportunities to support 
efforts to address cybersecurity risks and incidents, by working with 
the Secretary under subsection (a).

SEC. 4. RULE OF CONSTRUCTION.

    Nothing in this Act may be construed to authorize a consortium to 
control or direct any law enforcement agency in the exercise of the 
duties of the law enforcement agency.
                                                       Calendar No. 714

115th CONGRESS

  2d Session

                                 S. 594

                          [Report No. 115-410]

_______________________________________________________________________

                                 A BILL

     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.

_______________________________________________________________________

                            December 4, 2018

                       Reported with an amendment