[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 3943 Introduced in Senate (IS)]

<DOC>






118th CONGRESS
  2d Session
                                S. 3943

 To require a plan to improve the cybersecurity and telecommunications 
      of the U.S. Academic Research Fleet, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             March 14, 2024

  Mr. Padilla (for himself and Mr. Sullivan) introduced the following 
 bill; which was read twice and referred to the Committee on Commerce, 
                      Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
 To require a plan to improve the cybersecurity and telecommunications 
      of the U.S. Academic Research Fleet, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Accelerating Networking, 
Cyberinfrastructure, and Hardware for Oceanic Research Act'' or the 
``ANCHOR Act''.

SEC. 2. DEFINITIONS.

    In this Act:
            (1) U.S. academic research fleet.--The term ``U.S. Academic 
        Research Fleet'' means the United States-flagged vessels that--
                    (A) have been accepted into, and are active 
                participants administered within, the University-
                National Oceanographic Laboratory System;
                    (B) are operated as oceanographic research vessels 
                by research universities and laboratories;
                    (C) receive funding from the National Science 
                Foundation; and
                    (D) have achieved designation as a member vessel 
                through a standard evaluation process.
            (2) Director.--The term ``Director'' means the Director of 
        the National Science Foundation.
            (3) Oceanographic research vessel.--The term 
        ``oceanographic research vessel'' has the meaning given the 
        term in section 2101 of title 46, United States Code.

SEC. 3. PLAN TO IMPROVE CYBERSECURITY AND TELECOMMUNICATIONS OF U.S. 
              ACADEMIC RESEARCH FLEET.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Director shall, in consultation with the head of any 
Federal agency, university, or laboratory that owns or operates a 
vessel of the U.S. Academic Research Fleet, submit to the Committee on 
Commerce, Science, and Transportation of the Senate and the Committee 
on Space, Science, and Technology of the House of Representatives a 
plan to improve the cybersecurity and telecommunications of the U.S. 
Academic Research Fleet.
    (b) Elements.--The plan required by subsection (a) shall include--
            (1) an assessment of the telecommunications and networking 
        needs of the U.S. Academic Research Fleet, consistent with the 
        typical scientific mission of that vessel;
            (2) in accordance with guidance issued by the Cybersecurity 
        and Infrastructure Security Agency and the National Institute 
        for Standards and Technology, an assessment of cybersecurity 
        needs appropriate for--
                    (A) the ownership of vessels within the U.S. 
                Academic Research Fleet; and
                    (B) the typical research functions and topics of 
                such vessels;
            (3) an assessment of the costs necessary to meet the needs 
        described in paragraphs (1) and (2), including--
                    (A) any necessary equipment, such as satellite 
                communications equipment, software, high-performance 
                computing clusters shipboard and shoreside, or 
                enterprise hardware; and
                    (B) estimated personnel costs in excess of current 
                expenditures, including any necessary training, 
                support, or logistics;
            (4) an assessment of the time required to implement any 
        upgrades required to meet the needs described in paragraphs (1) 
        and (2) under varying budgets and funding scenarios;
            (5) the adoption of common solutions or consortial 
        licensing agreements, or by centralizing elements of fleet 
        cybersecurity, telecommunications or data management at a 
        single facility; and
            (6) in consultation with any non-Federal owners of a vessel 
        of the U.S. Academic Research Fleet, a spending plan for the 
        National Science Foundation, the Office of Naval Research, non-
        Federal owners of vessels of the U.S. Academic Research Fleet, 
        users of the U.S. Academic Research Fleet, or any combination 
        thereof, to provide funding to cover the costs described in 
        paragraph (3).
    (c) Considerations.--The Director shall, in preparing the plan 
required by subsection (a), consider--
            (1) the network capabilities, including speed and bandwidth 
        targets, necessary to meet the scientific mission needs of each 
        class of vessel within the U.S. Academic Research Fleet for 
        such purposes as--
                    (A) executing the critical functions and 
                communications of the vessel;
                    (B) providing network access for the health and 
                well-being of deployed personnel, including 
                communications to conduct telemedicine (including 
                mental health care), counseling, interviews with crisis 
                response providers, and other remote individual care 
                and services;
                    (C) as necessary to meet operations, uploading any 
                scientific data to a shoreside server, including the 
                copying of data off ship for disaster recovery or risk 
                mitigation purposes;
                    (D) as appropriate, conducting real-time streaming 
                to enable shore-based observers to participate in ship-
                based maintenance or research activities;
                    (E) real-time coordinated viewing of--
                            (i) scientific instrumentation so that it 
                        is possible to conduct scientific surveys and 
                        seafloor mapping with fully remote subject-
                        matter experts; and
                            (ii) critical operational technology by 
                        manufacturers and vendors so that it is 
                        possible to carry out maintenance and repairs 
                        to systems with limited expertise on the 
                        vessel, with fully remote subject-matter 
                        experts advising; and
                    (F) as appropriate, enabling video communications 
                to allow improved outreach to, and other educational 
                services for, K-12 students, including occasional 
                remote classroom teaching for instructors at sea to 
                improve oceanographic access for students; and
            (2) in consultation with the Director of the Cybersecurity 
        and Infrastructure Security Agency, the Director of the 
        National Institute for Standards and Technology, and the heads 
        of other Federal agencies, as appropriate--
                    (A) the cybersecurity recommendations in the report 
                of the private scientific advisory group known as JASON 
                entitled ``Cybersecurity at NSF Major Facilities'' 
                (JSR-21-10E) and dated October 2021 as applied to the 
                U.S. Academic Research Fleet;
                    (B) aligning with international standards and 
                guidance for information security, including the use of 
                encryption for sensitive information, the detection and 
                handling of security incidents, and other areas 
                determined relevant by the Director;
                    (C) facilitating access to cybersecurity personnel 
                and training of research and support personnel; and
                    (D) the requirements for controlled unclassified or 
                classified information.
                                 <all>