[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 2133 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  1st Session
                                S. 2133

    To establish an interagency working group for coordination and 
  development of Federal research protection, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 16, 2019

Mr. Cornyn (for himself, Ms. Rosen, Mr. Rubio, Mr. Murphy, Mr. Hoeven, 
    Mrs. Gillibrand, Mrs. Fischer, and Mr. Lankford) introduced the 
 following bill; which was read twice and referred to the Committee on 
               Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
    To establish an interagency working group for coordination and 
  development of Federal research protection, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Secure American Research Act of 
2019''.

SEC. 2. SECURING AMERICAN SCIENCE AND TECHNOLOGY.

    (a) Definitions.--In this section--
            (1) the term ``Academies'' means the National Academies of 
        Science, Engineering and Medicine;
            (2) the term ``Federal science agency'' means any Federal 
        agency with not less than $100,000,000 in basic and applied 
        research obligations in fiscal year 2018;
            (3) the term ``grantee'' means an entity that is--
                    (A) a recipient or subrecipient of a Federal grant 
                or cooperative agreement; and
                    (B) an institution of higher education or a 
                nonprofit organization;
            (4) the term ``institution of higher education'' has the 
        meaning given the term in section 101 of the Higher Education 
        Act of 1965 (20 U.S.C. 1001);
            (5) the term ``relevant Committees'' means--
                    (A) the Committee on Commerce, Science, and 
                Transportation of the Senate;
                    (B) the Committee on Science, Space, and Technology 
                of the House of Representatives;
                    (C) the Committee on Armed Services of the Senate;
                    (D) the Committee on Armed Services of the House of 
                Representatives;
                    (E) the Committee on Homeland Security and 
                Governmental Affairs of the Senate;
                    (F) the Committee on Oversight and Reform of the 
                House of Representatives;
                    (G) the Committee on Foreign Relations of the 
                Senate; and
                    (H) the Committee on Foreign Affairs of the House 
                of Representatives;
            (6) the term ``roundtable'' means the National Science, 
        Technology, and Security Roundtable established under 
        subsection (d); and
            (7) the term ``working group'' means the interagency 
        working group established under subsection (b).
    (b) Interagency Working Group for Coordination and Development of 
Federal Research Protection.--
            (1) In general.--The Director of the Office of Science and 
        Technology Policy, acting through the National Science and 
        Technology Council and in consultation with the National 
        Security Advisor, shall establish an interagency working group 
        to coordinate activities to protect federally funded research 
        and development from foreign interference, cyberattacks, theft, 
        or espionage and to develop common definitions and best 
        practices for Federal science agencies and grantees, while 
        accounting for the importance of the open exchange of ideas and 
        international talent required for scientific progress and 
        American leadership in science and technology.
            (2) Membership.--
                    (A) In general.--The working group shall include a 
                representative of--
                            (i) the National Science Foundation;
                            (ii) the Department of Energy;
                            (iii) the National Aeronautics and Space 
                        Administration;
                            (iv) the National Institute of Standards 
                        and Technology;
                            (v) the Department of Commerce;
                            (vi) the National Institutes of Health;
                            (vii) the Department of Defense;
                            (viii) the Department of Agriculture;
                            (ix) the Department of Education;
                            (x) the Department of State;
                            (xi) the Department of the Treasury;
                            (xii) the Department of Justice;
                            (xiii) the Department of Homeland Security;
                            (xiv) the Central Intelligence Agency;
                            (xv) the Federal Bureau of Investigation;
                            (xvi) the Office of the Director of 
                        National Intelligence;
                            (xvii) the Office of Management and Budget;
                            (xviii) the National Economic Council; and
                            (xix) such other Federal department or 
                        agency as the President considers appropriate.
                    (B) Chair.--The working group shall be chaired by 
                the Director of the Office of Science and Technology 
                Policy, or a designee of the Director.
            (3) Responsibilities of the working group.--The working 
        group shall--
                    (A) identify known and potential cyber, physical, 
                and human intelligence threats and vulnerabilities 
                within the United States scientific and technological 
                enterprise;
                    (B) coordinate efforts among Federal agencies to 
                update and share important information with grantees, 
                including specific examples of interference, 
                cyberattacks, theft, or espionage directed at federally 
                funded research and development or the integrity of the 
                United States scientific enterprise;
                    (C) identify effective existing mechanisms for 
                protection of federally funded research and 
                development, including mechanisms grantees are 
                employing to protect federally funded research;
                    (D) develop an inventory of--
                            (i) terms and definitions used across 
                        Federal science agencies to delineate areas 
                        that may require additional protection; and
                            (ii) policies and procedures at Federal 
                        science agencies regarding protection of 
                        federally funded research;
                    (E) develop and periodically update unclassified 
                policy guidance to assist Federal science agencies and 
                grantees in having consistent policies to defend 
                against threats to federally funded research and 
                development and the integrity of the United States 
                scientific enterprise that--
                            (i) includes--
                                    (I) descriptions of known and 
                                potential threats, including 
                                organizations of concern, to federally 
                                funded research and development and the 
                                integrity of the United States 
                                scientific enterprise;
                                    (II) common definitions and 
                                terminology for categorization of 
                                research and technologies that are 
                                protected;
                                    (III) identified areas of research 
                                or technology that might require 
                                additional protection;
                                    (IV) recommendations for how 
                                existing frameworks and control 
                                mechanisms can be better utilized to 
                                protect federally funded research and 
                                development from foreign interference, 
                                cyberattacks, theft or espionage, 
                                including any recommendations for 
                                updates to existing frameworks and 
                                control mechanisms and any 
                                recommendations, as appropriate, for 
                                new mechanisms for the protection of 
                                federally funded research;
                                    (V) recommendations for best 
                                practices for Federal science agencies 
                                and grantees to defend against threats 
                                to federally funded research and 
                                development, including coordination and 
                                harmonization of any relevant reporting 
                                requirements that Federal science 
                                agencies implement for grantees;
                                    (VI) assessments of potential 
                                consequences that any proposed 
                                practices would have on international 
                                collaboration and United States 
                                leadership in science and technology; 
                                and
                                    (VII) a classified addendum as 
                                necessary to further inform Federal 
                                science agency decisionmaking; and
                            (ii) accounts for the range of needs across 
                        different sectors of the United States science 
                        and technology enterprise;
                    (F) develop and ensure the implementation of a 
                means for Federal agencies listed in paragraph (2)(A) 
                to aggregate and share Federal agency information 
                regarding completed investigations of researchers that 
                were determined to be knowingly fraudulent in 
                disclosure of foreign interests, investments, or 
                involvement relating to Federal research, which shall--
                            (i) be shared among agencies listed in 
                        paragraph (2)(A);
                            (ii) not be made available to the public; 
                        and
                            (iii) not be subject to the requirements of 
                        section 552 of title 5, United States Code 
                        (commonly known as the ``Freedom of Information 
                        Act''); and
                    (G) develop guidelines to create a consistent 
                cybersecurity policy across Federal agencies to protect 
                federally funded research and development from foreign 
                interference theft or espionage through cybersecurity 
                breaches, which shall--
                            (i) be based on the framework the National 
                        Institute of Standards and Technology entitled 
                        ``Framework for Improving Critical 
                        Infrastructure Cybersecurity,'' and in the case 
                        of controlled unclassified information, on 
                        Special Publication 800-181 of the National 
                        Institutes of Standards and Technology entitled 
                        ``Protecting Controlled Unclassified 
                        Information in Nonfederal Systems and 
                        Organizations'', or any successor thereto;
                            (ii) include guidance on specific means 
                        Federal agencies can use to ensure grantees are 
                        complying with cybersecurity standards that 
                        Federal agencies develop consistent with this 
                        subparagraph; and
                            (iii) incorporate input from grantees, 
                        including from--
                                    (I) facility security officers;
                                    (II) chief information officers;
                                    (III) vice presidents for research;
                                    (IV) chief technology officers; and
                                    (V) other relevant officers as 
                                determined by the working group.
            (4) Coordination with national academies roundtable.--The 
        Director of the Office of Science and Technology Policy shall 
        coordinate with the Academies to ensure that not less than 1 
        member of the working group is also a member of the roundtable.
            (5) Interim report.--Not later than 6 months after the date 
        of enactment of this Act, the Director of the Office of Science 
        and Technology Policy shall provide a report to the relevant 
        Committees that includes--
                    (A) the inventory required under paragraph (3)(D);
                    (B) an update on progress toward developing the 
                policy guidance required under paragraph (3)(E); and
                    (C) any additional activities undertaken by the 
                working group in that time.
            (6) Biennial reporting.--Not later than 2 years after the 
        date of enactment of this Act, and not less frequently than 
        every 2 years thereafter, the Director of the Office of Science 
        and Technology Policy shall provide to the relevant Committees 
        a summary report on the activities of the working group and the 
        most current version of the policy guidance required under 
        subparagraphs (E) and (G) of paragraph (3).
    (c) Cyber Standards.--
            (1) In general.--Each Federal research agency shall--
                    (A) issue standards consistent with those developed 
                under subsection (b)(3)(G); and
                    (B) ensure that grantees are employing 
                cybersecurity practices that meet those agency 
                standards using means consistent with those developed 
                under subsection (b)(3)(G)(ii).
            (2) Cooperative agreements.--Each Federal research agency 
        shall make compliance with the standards described in paragraph 
        (1), as determined by the means described in that paragraph, a 
        requirement in each grant to or cooperative agreement with a 
        grantee.
    (d) National Science, Technology, and Security Roundtable.--
            (1) In general.--The National Science Foundation, the 
        Department of Energy, and the Department of Defense, and any 
        other Federal agency as determined by the Director of the 
        Office of Science and Technology Policy, shall enter into a 
        joint agreement with the Academies to create a National 
        Science, Technology, and Security Roundtable.
            (2) Participants.--The roundtable shall include senior 
        representatives and practitioners from Federal science, 
        intelligence, national security agencies, and law enforcement 
        agencies, as well as key stakeholders in the United States 
        scientific enterprise, including institutions of higher 
        education, Federal research laboratories, industry, and 
        nonprofit research organizations.
            (3) Purpose.--The purpose of the roundtable is to 
        facilitate among participants--
                    (A) exploration of critical issues related to 
                protecting United States national and economic security 
                while ensuring the open exchange of ideas and 
                international talent required for scientific progress 
                and the leadership of the United States in science and 
                technology;
                    (B) identification and consideration of security 
                threats and risks involving federally funded research 
                and development, including foreign interference, cyber 
                attacks, theft, or espionage;
                    (C) identification of effective approaches for 
                communicating the threats and risks identified in 
                subparagraph (B) to the academic and scientific 
                community, including through the sharing of 
                unclassified data and relevant case studies;
                    (D) sharing of best practices for addressing and 
                mitigating the threats and risks identified in 
                subparagraph (B); and
                    (E) examination of potential near- and long-term 
                responses by the Federal Government and the academic 
                and scientific community to mitigate and address the 
                risks associated with foreign threats.
            (4) Report and briefing.--The joint agreement under 
        paragraph (1) shall specify that--
                    (A) the roundtable shall periodically organize 
                workshops and issue publicly available reports on the 
                topics described in paragraph (3) and the activities of 
                the roundtable; and
                    (B) not later than March 1, 2020, the Academies 
                shall provide a briefing to relevant Committees on the 
                progress and activities of the roundtable.
    (e) Savings Clause.--Nothing in this Act may be construed to alter 
the jurisdiction, authority, or procedural responsibilities of any 
Federal agency.
                                 <all>