[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 6824 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 679
117th CONGRESS
  2d Session
                                H. R. 6824

                          [Report No. 117-280]


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                              May 17, 2022

Received; read twice and referred to the Committee on Homeland Security 
                        and Governmental Affairs

                           December 19, 2022

               Reported by Mr. Peters, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 AN ACT


 
 To authorize the Cybersecurity and Infrastructure Security Agency of 
  the Department of Homeland Security to hold an annual cybersecurity 
     competition relating to offensive and defensive cybersecurity 
                  disciplines, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``President's Cup 
Cybersecurity Competition Act''.</DELETED>

<DELETED>SEC. 2. PRESIDENT'S CUP CYBERSECURITY COMPETITION.</DELETED>

<DELETED>    (a) In General.--The Director of the Cybersecurity and 
Infrastructure Security Agency (in this section referred to as the 
``Director'') of the Department of Homeland Security is authorized to 
hold an annual cybersecurity competition to be known as the 
``Department of Homeland Security Cybersecurity and Infrastructure 
Security Agency's President's Cup Cybersecurity Competition'' (in this 
section referred to as the ``competition'') for the purpose of 
identifying, challenging, and competitively awarding prizes, including 
cash prizes, to the United States Government's best cybersecurity 
practitioners and teams across offensive and defensive cybersecurity 
disciplines.</DELETED>
<DELETED>    (b) Competition Design.--</DELETED>
        <DELETED>    (1) In general.--Notwithstanding section 1342 of 
        title 31, United States Code, the Director, in carrying out the 
        competition, may consult with, and consider advice from, any 
        person who has experience or expertise in the development, 
        design, or execution of cybersecurity competitions.</DELETED>
        <DELETED>    (2) Limitation.--The Federal Advisory Committee 
        Act (5 U.S.C. App.) shall not apply to consultations pursuant 
        to this section.</DELETED>
        <DELETED>    (3) Prohibition.--A person with whom the Director 
        consults under paragraph (1) may not--</DELETED>
                <DELETED>    (A) receive pay by reason of being so 
                consulted; or</DELETED>
                <DELETED>    (B) be considered an employee of the 
                Federal Government by reason of so 
                consulting.</DELETED>
<DELETED>    (c) Eligibility.--To be eligible to participate in the 
competition, an individual shall be a Federal civilian employee or 
member of the uniformed services (as such term is defined in section 
2101(3) of title 5, United States Code) and shall comply with any rules 
promulgated by the Director regarding the competition.</DELETED>
<DELETED>    (d) Competition Administration.--The Director may enter 
into a grant, contract, cooperative agreement, or other agreement with 
a private sector for-profit or nonprofit entity or State or local 
government agency to administer the competition.</DELETED>
<DELETED>    (e) Competition Parameters.--Each competition shall 
incorporate the following elements:</DELETED>
        <DELETED>    (1) Cybersecurity skills outlined in the National 
        Initiative for Cybersecurity Education Framework, or any 
        successor framework.</DELETED>
        <DELETED>    (2) Individual and team events.</DELETED>
        <DELETED>    (3) Categories demonstrating offensive and 
        defensive cyber operations, such as software reverse 
        engineering and exploitation, network operations, forensics, 
        big data analysis, cyber analysis, cyber defense, cyber 
        exploitation, secure programming, obfuscated coding, or cyber-
        physical systems.</DELETED>
        <DELETED>    (4) Any other elements related to paragraphs (1), 
        (2), or (3) as determined necessary by the Director.</DELETED>
<DELETED>    (f) Use of Funds.--</DELETED>
        <DELETED>    (1) In general.--Notwithstanding any other 
        provision of law, the Director may use amounts made available 
        to the Director for the competition for the 
        following:</DELETED>
                <DELETED>    (A) Advertising, marketing, and promoting 
                the competition.</DELETED>
                <DELETED>    (B) Meals for participants and organizers 
                of the competition if attendance at the meal during the 
                competition is necessary to maintain the integrity of 
                the competition.</DELETED>
                <DELETED>    (C) Promotional items, including 
                merchandise and apparel.</DELETED>
                <DELETED>    (D) Monetary and nonmonetary awards for 
                competition participants, including members of the 
                uniformed services.</DELETED>
                <DELETED>    (E) Necessary expenses for the honorary 
                recognition of competition participants, including 
                members of the uniformed services.</DELETED>
                <DELETED>    (F) Any other appropriate activity 
                necessary to carry out the competition, as determined 
                by the Director.</DELETED>
        <DELETED>    (2) Application.--This subsection shall apply to 
        amounts appropriated on or after the date of the enactment of 
        this Act.</DELETED>
<DELETED>    (g) Prize Limitation.--The Director may make one or more 
awards per competition, except that the amount or value of each shall 
not exceed $10,000. The Secretary of Homeland Security may make one or 
more awards per competition, except the amount or the value of each 
shall not to exceed $25,000. A monetary award under this section shall 
be in addition to the regular pay of the recipient.</DELETED>
<DELETED>    (h) Reporting Requirements.--The Director shall annually 
provide to the Committee on Homeland Security of the House of 
Representatives and the Committee on Homeland Security and Governmental 
Affairs of the Senate a report that includes the following:</DELETED>
        <DELETED>    (1) A description of available funds under 
        subsection (f) for each competition conducted in the preceding 
        year.</DELETED>
        <DELETED>    (2) A description of expenditures authorized in 
        subsection (g) for each competition.</DELETED>
        <DELETED>    (3) Information relating to the participation of 
        each competition.</DELETED>
        <DELETED>    (4) Information relating to lessons learned from 
        each competition and how such lessons may be applied to improve 
        cybersecurity operations and recruitment of the Cybersecurity 
        and Infrastructure Security Agency of the Department of 
        Homeland Security.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``President's Cup Cybersecurity 
Competition Act''.

SEC. 2. PRESIDENT'S CUP CYBERSECURITY COMPETITION.

    (a) In General.--The Director of the Cybersecurity and 
Infrastructure Security Agency (in this section referred to as the 
``Director'') of the Department of Homeland Security is authorized to 
hold an annual cybersecurity competition to be known as the 
``Department of Homeland Security Cybersecurity and Infrastructure 
Security Agency's President's Cup Cybersecurity Competition'' (in this 
section referred to as the ``competition'') for the purpose of 
identifying, challenging, and competitively awarding prizes, including 
cash prizes, to the best cybersecurity practitioners and teams of the 
United States Government across offensive and defensive cybersecurity 
disciplines.
    (b) Eligibility.--To be eligible to participate in the competition, 
an individual shall be a Federal employee in a position of civil 
service or a member of the uniformed services (as such terms are 
defined in section 2101 of title 5, United States Code) and shall 
comply with any rules promulgated by the Director regarding the 
competition.
    (c) Competition Administration.--The Director may award a grant to, 
or enter into a contract, cooperative agreement, or other agreement 
with a private sector for-profit or nonprofit entity or State or local 
government agency to administer the competition.
    (d) Competition Parameters.--Each competition shall incorporate the 
following elements:
            (1) Cybersecurity skills outlined in the National 
        Initiative for Cybersecurity Education Framework, or any 
        successor framework.
            (2) Individual and team events.
            (3) Categories demonstrating offensive and defensive cyber 
        operations, such as software reverse engineering and 
        exploitation, network operations, forensics, big data analysis, 
        cyber analysis, cyber defense, cyber exploitation, secure 
        programming, obfuscated coding, or cyber-physical systems.
            (4) Any other elements related to paragraph (1), (2), or 
        (3) as determined necessary by the Director.
    (e) Use of Funds.--
            (1) In general.--In order to further the goals and 
        objectives of the competition, the Director may use amounts 
        made available to the Director for the competition for 
        reasonable expenses for--
                    (A) advertising, marketing, and promoting the 
                competition;
                    (B) meals for participants in and organizers of the 
                competition if attendance at the meal during the 
                competition is necessary to maintain the integrity of 
                the competition;
                    (C) promotional items, including merchandise and 
                apparel;
                    (D) consistent with section 4503 of title 5, United 
                States Code, necessary expenses for the honorary 
                recognition of competition participants, including 
                members of the uniformed services, as defined in 
                section 2101(3) of title 5, United States Code; and
                    (E) subject to subsection (f), monetary and 
                nonmonetary awards for competition participants, 
                including members of the uniformed services.
            (2) Application.--This subsection shall apply to amounts 
        appropriated on or after the date of enactment of this Act.
    (f) Prize Limitation.--
            (1) Awards by the director.--The Director may make 1 or 
        more awards per competition in an amount or value not to exceed 
        $10,000 per award.
            (2) Awards by the secretary of homeland security.--The 
        Secretary of Homeland Security may make 1 or more awards per 
        competition in an amount or value not to exceed $25,000 per 
        award.
            (3) Regular pay.--A monetary award under this section shall 
        be in addition to the regular pay of the recipient.
            (4) Overall yearly award limit.--The total amount or value 
        of awards made under this Act during a fiscal year may not 
        exceed $100,000.
    (g) Reporting Requirements.--The Director shall annually provide to 
the Committee on Homeland Security of the House of Representatives and 
the Committee on Homeland Security and Governmental Affairs of the 
Senate a report that includes the following:
            (1) A description of funds used for expenses described in 
        subsection (e)(1) for each competition conducted in the 
        preceding fiscal year.
            (2) A description of awards authorized in subsection (f) 
        for each competition.
            (3) Information relating to the participation in each 
        competition.
            (4) Information relating to lessons learned from each 
        competition and how such lessons may be applied to improve 
        cybersecurity operations and recruitment of the Cybersecurity 
        and Infrastructure Security Agency of the Department of 
        Homeland Security.
                                                       Calendar No. 679

117th CONGRESS

  2d Session

                               H. R. 6824

                          [Report No. 117-280]

_______________________________________________________________________

                                 AN ACT

 To authorize the Cybersecurity and Infrastructure Security Agency of 
  the Department of Homeland Security to hold an annual cybersecurity 
     competition relating to offensive and defensive cybersecurity 
                  disciplines, and for other purposes.

_______________________________________________________________________

                           December 19, 2022

                       Reported with an amendment