[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 3635 Introduced in Senate (IS)]

<DOC>






118th CONGRESS
  2d Session
                                S. 3635

       To improve the President's Cup Cybersecurity Competitions.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            January 22, 2024

 Mr. Peters (for himself and Mr. Braun) introduced the following bill; 
which was read twice and referred to the Committee on Homeland Security 
                        and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
       To improve the President's Cup Cybersecurity Competitions.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Industrial Control Systems 
Cybersecurity Competition Act''.

SEC. 2. PRESIDENT'S CUP CYBERSECURITY COMPETITIONS.

    Section 7121(d) of the James M. Inhofe National Defense 
Authorization Act for Fiscal Year 2023 (6 U.S.C. 665m(d)) is amended--
            (1) by striking paragraph (3);
            (2) by redesignating paragraphs (1), (2), and (4) as 
        subparagraphs (A), (B), and (C), respectively, and adjusting 
        the margin accordingly;
            (3) by striking ``Each competition'' and inserting the 
        following:
            ``(1) In general.--Each competition'';
            (4) in subparagraph (C) of paragraph (1), as so 
        redesignated, by striking ``paragraphs (1), (2), or (3)'' and 
        inserting ``subparagraph (A) or (B)''; and
            (5) by adding at the end the following:
            ``(2) Biennial requirements.--Not less frequently than 
        every second competition, the competition shall incorporate 
        categories demonstrating offensive and defensive cyber 
        operations involving--
                    ``(A) information technology (as defined in section 
                11101 of title 40, United States Code), such as 
                software reverse engineering and exploitation, network 
                operations, forensics, big data analysis, cyber 
                analysis, cyber defense, cyber exploitation, secure 
                programming, and obfuscated coding;
                    ``(B) operational technology (as defined in section 
                3 of the IoT Cybersecurity Improvement Act of 2020 (15 
                U.S.C. 278g-3a)) or industrial control systems (as 
                defined in section 2220C of the Homeland Security Act 
                of 2002 (6 U.S.C. 665i)), such as knowledge of 
                supervisory control and data acquisition systems and 
                the protocols and communication methods used in these 
                systems, detection of anomalies, and responding to and 
                recovering after incidents involving such systems; or
                    ``(C) any other category of technological system 
                requiring cybersecurity or information security, as 
                determined appropriate by the Director.''.
                                 <all>