[Congressional Record Volume 164, Number 24 (Wednesday, February 7, 2018)]
[Senate]
[Pages S705-S706]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




          STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS

      By Mr. DAINES:
  S. 2392. A bill to amend the Homeland Security Act of 2002 to 
authorize the Secretary of Homeland Security to designate cybersecurity 
technologies that qualify for protection under systems of risk and 
litigation management; to the Committee on Homeland Security and 
Governmental Affairs.
  Mr. DAINES. Mr. President, in recent years we have seen the inability 
of the Federal government to quickly adapt to changing technology and 
evolving cyber security threats. In June of 2015 the Office of 
Personnel Management (OPM) announced it had fallen victim to a major 
cyber breach, compromising the personally identifiable information of 
more than 22 million current and former Federal employees, including 
myself. Seven months later, nearly half a million more Americans had 
their social security numbers stolen when the Internal Revenue Service 
was hacked. We found out last year that the U.S. Securities and 
Exchange Commission had been hacked in 2016.
  I spent 28 years in the private sector, 12 years with a global cloud 
computing company. We faced new cyber threats daily and our customers 
expected security. We delivered, not once was our data compromised.
  I know firsthand that industry has the talent and the incentive to 
revolutionize cyber security and keep their information systems secure. 
The Federal government should unbridle the private sector whenever 
possible, utilizing their expertise, learning from their best 
practices, and facilitating their innovation.
  That is why I am introducing the Cyber Support for Anti-Terrorism by 
Fostering Effective Technologies Act or the Cyber SAFETY Act. Since 
2002, the Department of Homeland Security's existing SAFETY Act program 
has successfully incentivized the private sector's development and 
deployment of anti-terrorism and security technologies through limited 
liability protections. It has ensured the threat of litigation does not 
deter entrepreneurs from developing and commercializing products and 
services that protect lives and infrastructure. This legislation will 
simply expand the applicability of the program to ensure that cyber 
security firms can qualify for these same protections. It will enable 
cyber security firms to innovate and commercialize new technologies 
without a technology mandate.
  I ask my Senate colleagues to join me in support of this important 
legislation.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 2392

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Cyber Support for Anti-
     Terrorism by Fostering Effective Technologies Act of 2018'' 
     or the ``Cyber SAFETY Act of 2018''.

     SEC. 2. INCLUSION OF QUALIFYING CYBER INCIDENTS.

       Subtitle G of title VIII of the Homeland Security Act of 
     2002 (6 U.S.C. 441 et seq.) is amended--
       (1) in section 862(b) (6 U.S.C. 441(b))--
       (A) in the heading, by striking ``Designation of Qualified 
     Anti-terrorism Technologies'' and inserting ``Designation of 
     Anti-terrorism and Cybersecurity Technologies'';
       (B) in the matter preceding paragraph (1), by inserting 
     ``or cybersecurity'' after ``anti-terrorism'';
       (C) in paragraphs (3), (4), and (5), by inserting ``or 
     cybersecurity'' after ``anti-terrorism'' each place that term 
     appears; and
       (D) in paragraph (7)--
       (i) by inserting ``or cybersecurity'' after ``Anti-
     terrorism''; and
       (ii) by inserting ``or qualifying cyber incidents'' after 
     ``acts of terrorism'';
       (2) in section 863 (6 U.S.C. 442)--
       (A) by inserting ``or cybersecurity'' after ``anti-
     terrorism'' each place that term appears;
       (B) by inserting ``or qualifying cyber incident'' after 
     ``act of terrorism'' each place that term appears;
       (C) by inserting ``or qualifying cyber incidents'' after 
     ``acts of terrorism'' each place that term appears; and
       (D) in subsection (d)(3)--
       (i) by striking ``(3) Certificate.--'' and inserting the 
     following: ``(3) Certificates.--
       ``(A) Certificates for anti-terrorism technologies.--''; 
     and
       (ii) by adding at the end the following:
       ``(B) Certificates for cybersecurity technologies.--
       ``(i) In general.--For cybersecurity technology reviewed 
     and approved by the Secretary, the Secretary will issue a 
     certificate of conformance to the Seller and place the 
     cybersecurity technology on an Approved Product List for 
     Homeland Security.
       ``(ii) Subsequent review.--Not less frequently than once 
     every 2 years, the Secretary shall conduct a new review of 
     any cybersecurity technology for which the Secretary issued a 
     certification under clause (i).'';
       (3) in section 864 (6 U.S.C. 443)--
       (A) by inserting ``or cybersecurity'' after ``anti-
     terrorism'' each place that term appears; and
       (B) by inserting ``or qualifying cyber incident'' after 
     ``act of terrorism'' each place that term appears; and
       (4) in section 865 (6 U.S.C. 444)--
       (A) in paragraph (1)--
       (i) in the heading, by inserting ``or cybersecurity'' after 
     ``anti-terrorism'';
       (ii) by inserting ``or cybersecurity'' after ``anti-
     terrorism'';
       (iii) by inserting ``or qualifying cyber incidents'' after 
     ``acts of terrorism''; and
       (iv) by inserting ``or incidents'' after ``such acts''; and
       (B) by adding at the end the following:
       ``(7) Qualifying cyber incident.--The term `qualifying 
     cyber incident' has the meaning given the term `incident' in 
     section 3552(b) of title 44, United States Code.

[[Page S706]]

       ``(8) Final agency action.--The determination by the 
     Secretary that an act of terrorism or qualifying cyber 
     incident has occurred shall constitute a final agency action 
     subject to review under chapter 7 of title 5, United States 
     Code.''.
                                 ______
                                 
      By Mr. GRASSLEY:
  S. 2401. A bill to amend the Congressional Accountability Act of 1995 
to reform the procedures provided under such Act for the initiation, 
investigation, and resolution of claims alleging that employing offices 
of the legislative branch have violated the rights and protections 
provided to their employees under such Act, including protections 
against sexual harassment, and for other purposes; to the Committee on 
Homeland Security and Governmental Affairs.
  Mr. GRASSLEY. Mr. President, two decades ago, I championed passage of 
the Congressional Accountability Act. It was the first piece of 
legislation passed by the 104th Congress and the first time in history 
that Congressional employees enjoyed any legal protections relating to 
harassment and discrimination.
  Today, I am introducing a measure to update and improve this landmark 
legislation. I call on my colleagues to support these proposed reforms, 
which already have passed the House of Representatives. Doing so will 
promote greater transparency, accountability, and an improved work 
climate in the halls of Congress.
  For decades before the enactment of the original Congressional 
Accountability Act, our branch of government adopted legislation 
setting workplace safety, civil rights, labor and health policies that 
directly impacted workers and employers in our hometown communities. 
Until 1995, Congress was exempt from these Federal laws, which meant 
that Congressional staff enjoyed none of the employment protections 
that applied to private sector and executive branch employees.
  Because Members of Congress are elected to represent the people, it 
seemed to me rather disingenuous that the people's branch had authored 
laws that applied to the men and women on Main Street but didn't apply 
to the members of Congress who wrote them. Why shouldn't Congress be 
held to the same set of standards as everyone else?
  That's what prompted me to champion the development of the original, 
bipartisan Congressional Accountability Act.
  My initial good government effort wasn't met with open arms on 
Capitol Hill. It took tremendous effort and half a dozen years to 
secure enough support to pass these reforms. The Congressional 
Accountability Act finally passed when Republicans gained majority 
control of both houses of Congress for the first time in four decades. 
President Bill Clinton signed this legislation on January 23, 1995.
  The Federal legislative branch employs tens of thousands of workers 
on Capitol Hill, in state offices around the country, and in associated 
offices, such as the Capitol Police. Thanks to the Congressional 
Accountability Act, these legislative employees are covered by over a 
dozen Federal workplace laws, including provisions that mandate minimum 
wage and regulate overtime; make accommodations for workers with 
disabilities; spell out anti-discriminatory policies for workers based 
on race, color, religion, sex, national origin, age, disability or 
military service; guarantee family and medical leave; require hazard-
free workplaces; clarify collective bargaining rights for union 
members; and explain rules about lie detector tests for employees.
  The legislation I'm introducing today makes significant reforms, in 
three areas, to the Congressional Accountability Act (CAA). The purpose 
of these reforms is to enhance transparency, ensure accountability, and 
promote a more respectful work climate in both chambers of Congress.
  First, this legislation would streamline and enhance the dispute 
resolution process for Congressional staff and interns. For example, it 
would enable Congressional employees to have access to an advocate who 
can offer assistance in proceedings before the Congressional Office of 
Compliance. It would require that every Congressional office adopt an 
anti-harassment policy. It would make it optional, not mandatory, for 
staffers complaining of harassment to engage in mediation. And it would 
institute a periodic survey of employees to assess attitudes about 
harassment in Congress.
  Second, this legislation would make Congressional lawmakers 
personally liable for their harassment of employees and interns. It 
imposes a 90-day deadline by which Congressional lawmakers must 
reimburse the Treasury for awards or settlements of harassment claims. 
It bars the use of official House or Senate funds to cover a settlement 
of a harassment claim. It also ensures the automatic referral of 
harassment claims against a lawmaker to the Ethics Committee.
  Third, and finally, this measure would increase public transparency 
of Congressional settlement awards. It does so by ensuring that 
detailed information on awards and settlements will be reported twice a 
year and posted online.
  These reforms are overdue, and I urge my colleagues to join me in 
supporting the immediate passage of the Congressional Accountability 
Act of 1995 Reform Act. I also want to take this opportunity to thank 
Congressman Gregg Harper for introducing and championing the passage of 
very similar legislation in the House of Representatives earlier this 
week.

                          ____________________