[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 333 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  1st Session
                                 S. 333

     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 5, 2019

   Mr. Cornyn (for himself, Mr. Leahy, and Mr. Cruz) introduced the 
 following bill; which was read twice and referred to the Committee on 
               Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
     To authorize the Secretary of Homeland Security to work with 
     cybersecurity consortia for training, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``National Cybersecurity Preparedness 
Consortium Act of 2019''.

SEC. 2. DEFINITIONS.

    In this Act--
            (1) the term ``consortium'' means a group primarily 
        composed of nonprofit entities, including academic 
        institutions, that develop, update, and deliver cybersecurity 
        training in support of homeland security;
            (2) the terms ``cybersecurity risk'' and ``incident'' have 
        the meanings given those terms in section 2209(a) of the 
        Homeland Security Act of 2002 (6 U.S.C. 659(a));
            (3) the term ``Department'' means the Department of 
        Homeland Security; and
            (4) the term ``Secretary'' means the Secretary of Homeland 
        Security.

SEC. 3. NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM.

    (a) In General.--The Secretary may work with a consortium to 
support efforts to address cybersecurity risks and incidents.
    (b) Assistance to the NCCIC.--The Secretary may work with a 
consortium to assist the national cybersecurity and communications 
integration center of the Department (established under section 2209 of 
the Homeland Security Act of 2002 (6 U.S.C. 659)) to--
            (1) provide training to State and local first responders 
        and officials specifically for preparing for and responding to 
        cybersecurity risks and incidents, in accordance with 
        applicable law;
            (2) develop and update a curriculum utilizing existing 
        programs and models in accordance with such section 2209, for 
        State and local first responders and officials, related to 
        cybersecurity risks and incidents;
            (3) provide technical assistance services to build and 
        sustain capabilities in support of preparedness for and 
        response to cybersecurity risks and incidents, including 
        threats of terrorism and acts of terrorism, in accordance with 
        such section 2209;
            (4) conduct cross-sector cybersecurity training and 
        simulation exercises for entities, including State and local 
        governments, critical infrastructure owners and operators, and 
        private industry, to encourage community-wide coordination in 
        defending against and responding to cybersecurity risks and 
        incidents, in accordance with section 2210(c) of the Homeland 
        Security Act of 2002 (6 U.S.C. 660(c));
            (5) help States and communities develop cybersecurity 
        information sharing programs, in accordance with section 2209 
        of the Homeland Security Act of 2002 (6 U.S.C. 659), for the 
        dissemination of homeland security information related to 
        cybersecurity risks and incidents; and
            (6) help incorporate cybersecurity risk and incident 
        prevention and response into existing State and local emergency 
        plans, including continuity of operations plans.
    (c) Considerations Regarding Selection of a Consortium.--In 
selecting a consortium with which to work under this Act, the Secretary 
shall take into consideration the following:
            (1) Any prior experience conducting cybersecurity training 
        and exercises for State and local entities.
            (2) Geographic diversity of the members of any such 
        consortium so as to cover different regions throughout the 
        United States.
    (d) Metrics.--If the Secretary works with a consortium under 
subsection (a), the Secretary shall measure the effectiveness of the 
activities undertaken by the consortium under this Act.
    (e) Outreach.--The Secretary shall conduct outreach to universities 
and colleges, including historically Black colleges and universities, 
Hispanic-serving institutions, Tribal Colleges and Universities, and 
other minority-serving institutions, regarding opportunities to support 
efforts to address cybersecurity risks and incidents, by working with 
the Secretary under subsection (a).

SEC. 4. RULE OF CONSTRUCTION.

    Nothing in this Act may be construed to authorize a consortium to 
control or direct any law enforcement agency in the exercise of the 
duties of the law enforcement agency.
                                 <all>