[Congressional Record Volume 165, Number 187 (Thursday, November 21, 2019)]
[Senate]
[Page S6768]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




       NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM ACT OF 2019

  Mrs. FISCHER. Mr. President, I ask unanimous consent that the Senate 
proceed to the immediate consideration of Calendar No. 36, S. 333.
  The PRESIDING OFFICER. The clerk will report the bill by title.
  The senior assistant legislative clerk read as follows:

       A bill (S. 333) to authorize the Secretary of Homeland 
     Security to work with cybersecurity consortia for training, 
     and for other purposes.

  There being no objection, the Senate proceeded to consider the bill, 
which had been reported from the Committee on Homeland Security and 
Governmental Affairs.
  Mrs. FISCHER. I ask unanimous consent that the bill be considered 
read a third time and passed and that the motion to reconsider be 
considered made and laid upon the table.
  The PRESIDING OFFICER. Without objection, it is so ordered.
  The bill (S. 333) was ordered to be engrossed for a third reading, 
was read the third time, and passed, as follows:

                                 S. 333

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``National Cybersecurity 
     Preparedness Consortium Act of 2019''.

     SEC. 2. DEFINITIONS.

       In this Act--
       (1) the term ``consortium'' means a group primarily 
     composed of nonprofit entities, including academic 
     institutions, that develop, update, and deliver cybersecurity 
     training in support of homeland security;
       (2) the terms ``cybersecurity risk'' and ``incident'' have 
     the meanings given those terms in section 2209(a) of the 
     Homeland Security Act of 2002 (6 U.S.C. 659(a));
       (3) the term ``Department'' means the Department of 
     Homeland Security; and
       (4) the term ``Secretary'' means the Secretary of Homeland 
     Security.

     SEC. 3. NATIONAL CYBERSECURITY PREPAREDNESS CONSORTIUM.

       (a) In General.--The Secretary may work with a consortium 
     to support efforts to address cybersecurity risks and 
     incidents.
       (b) Assistance to the NCCIC.--The Secretary may work with a 
     consortium to assist the national cybersecurity and 
     communications integration center of the Department 
     (established under section 2209 of the Homeland Security Act 
     of 2002 (6 U.S.C. 659)) to--
       (1) provide training to State and local first responders 
     and officials specifically for preparing for and responding 
     to cybersecurity risks and incidents, in accordance with 
     applicable law;
       (2) develop and update a curriculum utilizing existing 
     programs and models in accordance with such section 2209, for 
     State and local first responders and officials, related to 
     cybersecurity risks and incidents;
       (3) provide technical assistance services to build and 
     sustain capabilities in support of preparedness for and 
     response to cybersecurity risks and incidents, including 
     threats of terrorism and acts of terrorism, in accordance 
     with such section 2209;
       (4) conduct cross-sector cybersecurity training and 
     simulation exercises for entities, including State and local 
     governments, critical infrastructure owners and operators, 
     and private industry, to encourage community-wide 
     coordination in defending against and responding to 
     cybersecurity risks and incidents, in accordance with section 
     2210(c) of the Homeland Security Act of 2002 (6 U.S.C. 
     660(c));
       (5) help States and communities develop cybersecurity 
     information sharing programs, in accordance with section 2209 
     of the Homeland Security Act of 2002 (6 U.S.C. 659), for the 
     dissemination of homeland security information related to 
     cybersecurity risks and incidents; and
       (6) help incorporate cybersecurity risk and incident 
     prevention and response into existing State and local 
     emergency plans, including continuity of operations plans.
       (c) Considerations Regarding Selection of a Consortium.--In 
     selecting a consortium with which to work under this Act, the 
     Secretary shall take into consideration the following:
       (1) Any prior experience conducting cybersecurity training 
     and exercises for State and local entities.
       (2) Geographic diversity of the members of any such 
     consortium so as to cover different regions throughout the 
     United States.
       (d) Metrics.--If the Secretary works with a consortium 
     under subsection (a), the Secretary shall measure the 
     effectiveness of the activities undertaken by the consortium 
     under this Act.
       (e) Outreach.--The Secretary shall conduct outreach to 
     universities and colleges, including historically Black 
     colleges and universities, Hispanic-serving institutions, 
     Tribal Colleges and Universities, and other minority-serving 
     institutions, regarding opportunities to support efforts to 
     address cybersecurity risks and incidents, by working with 
     the Secretary under subsection (a).

     SEC. 4. RULE OF CONSTRUCTION.

       Nothing in this Act may be construed to authorize a 
     consortium to control or direct any law enforcement agency in 
     the exercise of the duties of the law enforcement agency.

                          ____________________