

115 HR 7265 IH: Small Manufacturer Cybersecurity Enhancement Act
U.S. House of Representatives
2020-06-18
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



I116th CONGRESS2d SessionH. R. 7265IN THE HOUSE OF REPRESENTATIVESJune 18, 2020Mr. Panetta (for himself, Mr. Wilson of South Carolina, Ms. Slotkin, Mr. Mitchell, Mr. Ruppersberger, Mr. Reschenthaler, Ms. Stevens, Mr. Carbajal, and Mr. Suozzi) introduced the following bill; which was referred to the Committee on Armed ServicesA BILLTo improve assistance provided by the Hollings Manufacturing Extension Partnership to small manufacturers in the defense industrial supply chain on matters relating to cybersecurity, and for other purposes.1.Short titleThis Act may be cited as the Small Manufacturer Cybersecurity Enhancement Act.2.FindingsCongress finds the following:(1)The Office of the Director of National Intelligence stated in its 2019 Worldwide Threat Assessment that United States adversaries and strategic competitors will increasingly use cyber capabilities—including cyber espionage, attack, and influence—to seek political, economic, and military advantage over the United States and its allies.(2)The Department of Defense recognizes that small manufacturers operating in the defense supply chain are particularly vulnerable to cyber attacks because they frequently lack the necessary human and financial resources to protect themselves.(3)The Department of Defense is implementing its Cybersecurity Maturity Model Certification (CMMC) to protect Controlled Unclassified Information and critical United States technology and information from cyber theft and hacking. All defense contractors will need to comply with CMMC.(4)The Undersecretary of Defense for Acquisition and Sustainment has stated that smaller companies in the defense supply chain might not be able to afford the Department of Defense’s increasingly demanding cybersecurity requirements, but that the Department is committed to ensuring that such companies get the resources they need to comply.(5)According to the Bureau of Labor Statistics, there are more than 347,000 manufacturing establishments in the United States, of which 72 percent have fewer than 20 employees and 99 percent have fewer than 500 employees.(6)During the past 7 years the Hollings Manufacturing Extension Partnership (MEP) Centers have worked closely with the Department of Defense to bolster the resilience of the defense industrial base supply chain by providing cybersecurity services to small manufacturers. The MEP Centers have worked with more than 26,000 small- and medium-sized manufacturers nationwide in fiscal year 2019 alone.(7)Hollings Manufacturing Extension Partnership Centers are located in all 50 States and provide a nationwide network that is—(A)raising the awareness of small manufacturers to cyber threats;(B)helping small manufacturers comply with new Department of Defense cybersecurity requirements; and(C)helping small manufacturers understand that if they do not comply with new Department of Defense cybersecurity requirements, then they risk losing their defense contracts.(8)The Hollings Manufacturing Extension Partnership Centers are well-positioned to aid small manufacturing companies in the defense supply chain in complying with cybersecurity requirements to protect controlled unclassified information relevant to defense manufacturing supply chains.3.Assistance for small manufacturers in the defense industrial supply chain on matters relating to cybersecurity(a)In generalSubject to the availability of appropriations, the Secretary of Defense, acting through the Office of Economic Adjustment and in consultation with the Director of the National Institute of Standards and Technology, may make grants to a Center established under the Hollings Manufacturing Extension Partnership for the purpose of providing cybersecurity services to small manufacturers.(b)CriteriaThe Secretary shall establish and publish in the Federal Register criteria for selecting grant recipients under this section.(c)Use of fundsGrant funds under this section—(1)shall be used by a Center to provide small manufacturers with cybersecurity services related to—(A)compliance with the cybersecurity requirements of the Department of Defense Supplement to the Federal Acquisition Regulation, including awareness, assessment, evaluation, preparation, and implementation of cybersecurity services; and(B)achieving compliance with the Cybersecurity Maturity Model Certification framework of the Department of Defense; and(2)may be used by a Center to employ trained personnel to deliver cybersecurity services to small manufacturers.(d)ReportsThe Secretary shall submit to the congressional defense committees a biennial report on grants awarded under this section. To the extent practicable, each such report shall include the following with respect to the years covered by the report:(1)The number of small manufacturing companies assisted.(2)A description of the cybersecurity services provided.(3)A description of the cybersecurity matters addressed.(4)An analysis of the operational effectiveness and cost-effectiveness of the cybersecurity services provided.(e)TerminationThe authority of the Secretary of Defense to make grants under this section shall terminate on the date that is five years after the date of the enactment of this Act.(f)DefinitionsIn this section:(1)CenterThe term Center has the meaning given that term in section 25(a) of the National Institute of Standards and Technology Act (15 U.S.C. 278k(a)).(2)Congressional defense committeesThe term congressional defense committees has the meaning given that term in section 101(a)(16) of title 10, United States Code.(3)Small manufacturerThe term small manufacturer has the meaning given that term in section 1644(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. 2224 note).