

116 HR 1975 IH: Cybersecurity Advisory Committee Authorization Act of 2019
U.S. House of Representatives
2019-03-28
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I116th CONGRESS1st SessionH. R. 1975IN THE HOUSE OF REPRESENTATIVESMarch 28, 2019Mr. Katko (for himself, Mr. Newhouse, Mr. Fitzpatrick, and Mr. Lipinski) introduced the following bill; which was referred to the Committee on Homeland Security, and in addition to the Committees on Energy and Commerce, and Oversight and Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such
			 provisions as fall within the jurisdiction of the committee concernedA BILLTo establish in the Cybersecurity and Infrastructure Security Agency of the Department of Homeland
			 Security a Chief Information Security Officer Advisory Committee.
	
 1.Short titleThis Act may be cited as the Cybersecurity Advisory Committee Authorization Act of 2019. 2.Cybersecurity Advisory Committee (a)In generalSubtitle A of title XXII of the Homeland Security Act of 2002 is amended by adding at the end the following new section:
				
					2215.Cybersecurity Advisory Committee
 (a)EstablishmentThe Secretary shall establish within the Cybersecurity and Infrastructure Security Agency a Cybersecurity Advisory Committee.
						(b)Duties
 (1)In generalThe Advisory Committee may advise, consult with, report to, and make recommendations to the Director of Cybersecurity and Infrastructure Security on the development, refinement, and implementation of policies, programs, rulemakings, planning, training, and security directives pertaining to the mission of the Cybersecurity and Infrastructure Security Agency.
							(2)Recommendations
 (A)In generalThe Advisory Committee shall develop, at the request of the Director, recommendations for improvements to the cybersecurity mission of the Cybersecurity and Infrastructure Security Agency.
 (B)Recommendations of subcommitteesRecommendations agreed upon by the subcommittees established under subsection (d) for any year shall be approved by the Advisory Committee before the Advisory Committee submits to the Director the annual report under paragraph (4) for that year.
 (3)Periodic reportsThe Advisory Committee shall periodically submit to the Director— (A)reports on matters identified by the Director; and
 (B)reports on other matters identified by a majority of the members of the Advisory Committee. (4)Annual reportThe Advisory Committee shall submit to the Director an annual report providing information on the activities, findings, and recommendations of the Advisory Committee, including its subcommittees, for the preceding year. Not later than six months after the date that the Director receives an annual report for a year, the Director shall publish a public version of the report describing the activities of the Advisory Committee and such related matters as would be informative to the public during that year, consistent with section 552(b) of title 5, United States Code.
 (5)FeedbackNot later than 90 days after receiving any recommendation submitted by the Advisory Committee under paragraph (2), (3), or (4), the Director shall respond in writing to the Advisory Committee with feedback on the recommendation. Such a response shall include—
 (A)with respect to any recommendation with which the Director concurs, an action plan to implement the recommendation; and
 (B)with respect to any recommendation with which the Director does not concur, a justification for why the Director does not plan to implement the recommendation.
 (6)Congressional notificationFor each fiscal quarter beginning after the date of the enactment of this section, the Director shall provide to the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate and the Committee on Homeland Security and the Committee on Appropriations of the House of Representatives a briefing on feedback from the Advisory Committee.
							(c)Membership
							(1)Appointment
 (A)In generalNot later than 180 days after the date of the enactment of this Act, the Director shall appoint the members of the Advisory Committee.
 (B)CompositionThe membership of the Advisory Committee shall consist of not more than 35 individuals, each of whom represent a category referred to in subparagraph (C)(i).
								(C)Representation
 (i)In generalThe membership of the Advisory Committee shall include representatives of State and local governments and of a broad range of industries, including the following:
 (I)Defense. (II)Education.
 (III)Financial services. (IV)Healthcare.
 (V)Manufacturing. (VI)Media and entertainment.
 (VII)Chemicals. (VIII)Retail.
 (IX)Transportation. (X)Energy.
 (XI)Information Technology. (XII)Communications.
 (XIII)Other relevant fields identified by the Director. (ii)ProhibitionNot more than three members may represent any one category under clause (i).
									(2)Term of office
 (A)TermsThe term of each member of the Advisory Committee shall be two years, but a member may continue to serve until a successor is appointed.
 (B)RemovalThe Director may review the participation of a member of the Advisory Committee and remove such member for cause at any time.
 (C)ReappointmentA member of the Advisory Committee may be reappointed for an unlimited number of terms. (3)Delegation of responsibilitiesA member of the Advisory Committee may delegate that member’s responsibilities under this section to another individual, with the exception of access to protected information and classified information under paragraph (6).
 (4)Prohibition on compensationThe members of the Advisory Committee may not receive pay or benefits from the United States Government by reason of their service on the Advisory Committee.
							(5)Meetings
 (A)In generalThe Director shall require the Advisory Committee to meet at least quarterly, and may convene additional meetings as necessary.
 (B)Public meetingsAt least one of the meetings referred to in subparagraph (A) shall be open to the public. (C)AttendanceThe Advisory Committee shall maintain a record of the persons present at each meeting.
								(6)Member access to classified and protected information
 (A)In generalNot later than 60 days after the date on which a member is first appointed to the Advisory Committee and before the member is granted access to any classified information or protected information, the Director shall determine if there is cause for such member to be restricted from reviewing, discussing, or possessing such information.
								(B)Access
 (i)Protected informationIf the Director does not restrict a member from reviewing, discussing, or possessing sensitive information under subparagraph (A) and the member voluntarily signs a nondisclosure agreement with respect to protected information, the member may be granted access to protected information that the Director determines is relevant to such member’s service on the Advisory Committee.
 (ii)Classified informationAccess to classified materials shall be managed in accordance with Executive Order No. 13526 of December 29, 2009 (75 Fed. Reg 707), or any subsequent corresponding Executive Order.
 (C)ProtectionsA member of the Advisory Committee shall agree, as a condition of such membership, to protect all classified information in accordance with the applicable requirements for the particular level of classification of such information and to protect all protected information appropriately.
 (D)Protected information definedIn this section, the term protected information means— (i)information specifically exempted from disclosure by statute or regulation;
 (ii)trade secrets and commercial or financial information obtained from a person and privileged or confidential;
 (iii)deliberative process privileged information; (iv)personally identifiable information, the disclosure of which would constitute an invasion of personal privacy;
 (v)records containing law enforcement sensitive information; and (vi)other categories of information, as determined by the Director.
 (7)ChairpersonThe Advisory Committee shall select, from among the members of the Advisory Committee— (A)a member to serve as chairperson of the Advisory Committee; and
 (B)a member to serve as chairperson of each subcommittee of the Advisory Committee established under subsection (d).
								(d)Subcommittees
 (1)In generalThe Director and the Advisory Committee shall establish subcommittees within the Advisory Committee to address cybersecurity issues, including relating to the following:
 (A)Information exchange. (B)Critical infrastructure.
 (C)Risk management. (D)Public and private partnerships.
 (2)Additional subcommitteesIn addition to the subcommittees established pursuant to paragraph (1), the Advisory Committee chairperson, in coordination with the Director, may establish within the Advisory Committee additional subcommittees that the Director and Advisory Committee determine to be necessary.
 (3)Meetings and reportingEach subcommittee shall meet at least bimonthly, and submit to the Advisory Committee for inclusion in the annual report required under subsection (b)(4) information, including activities, findings, and recommendations, regarding subject matter considered by the subcommittee.
 (4)Subject matter expertsThe chair of the Advisory Committee shall appoint members to subcommittees and shall ensure that each member appointed to a subcommittee has subject matter expertise relevant to the subject matter of the subcommittee.
 (e)Nonapplicability of FACAThe Federal Advisory Committee Act (5 U.S.C. App.) shall not apply to the Advisory Committee and its subcommittees..
 (b)Clerical amendmentThe table of contents in section 1(b) of such Act is amended by inserting after the item relating to section 2214 the following new item:
				
					
						2215. Cybersecurity Advisory Committee..
			