[Congressional Record Volume 166, Number 170 (Wednesday, September 30, 2020)]
[House]
[Pages H5078-H5080]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                      SAFE COMMUNITIES ACT OF 2020

  Ms. UNDERWOOD. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 5780) to enhance stakeholder outreach to and operational 
engagement with owners and operators of critical infrastructure and 
other relevant stakeholders by the Cybersecurity and Infrastructure 
Security Agency to bolster security against acts of terrorism and other 
homeland security threats, including by maintaining a clearinghouse of 
security guidance, best practices, and other voluntary content 
developed by the Agency or aggregated from trusted sources, and for 
other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 5780

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Safe Communities Act of 
     2020''.

     SEC. 2. RESPONSIBILITIES OF CISA DIRECTOR RELATING TO 
                   SECURITY RESOURCES CLEARINGHOUSE.

       Subsection (c) of section 2202 of the Homeland Security Act 
     of 2002 (6 U.S.C. 652) is amended--
       (1) by redesignating paragraphs (6) through (11) as 
     paragraphs (7) through (12), respectively; and
       (2) by inserting after paragraph (5) the following new 
     paragraph:

[[Page H5079]]

       ``(6) maintain a clearinghouse for owners and operators of 
     critical infrastructure and other relevant stakeholders to 
     access security guidance, best practices, and other voluntary 
     content developed by the Agency in a manner consistent with 
     the requirements of section 508 of the Rehabilitation Act of 
     1973 (29 U.S.C. 794d) and the Plain Writing Act of 2010 (5 
     U.S.C. note) or aggregated from trusted sources;''.

     SEC. 3. STAKEHOLDER OUTREACH AND OPERATIONAL ENGAGEMENT 
                   STRATEGY.

       (a) Strategy.--Not later than 180 days after the date of 
     the enactment of this Act, the Director of the Cybersecurity 
     and Infrastructure Security Agency of the Department of 
     Homeland Security shall issue a strategy to improve 
     stakeholder outreach and operational engagement that includes 
     the Agency's strategic and operational goals and priorities 
     for carrying out stakeholder engagement activities.
       (b) Contents.--The stakeholder outreach and operational 
     engagement strategy issued under subsection (a) shall include 
     the following:
       (1) A catalogue of the stakeholder engagement activities 
     and services delivered by protective security advisors and 
     cybersecurity advisors of the Cybersecurity and 
     Infrastructure Security Agency of the Department of Homeland 
     Security, including the locations of the stakeholder 
     engagement and services delivered and the critical 
     infrastructure sectors (as such term is defined in section 
     2001(3) of the Homeland Security Act of 2002 (6 U.S.C. 
     601(3)) involved.
       (2) An assessment of the capacity of programs of the Agency 
     to deploy protective security advisors and cybersecurity 
     advisors, including the adequacy of such advisors to meet 
     service requests and the ability of such advisors to engage 
     with and deliver services to stakeholders in urban, suburban, 
     and rural areas.
       (3) Long-term objectives of the protective security advisor 
     and cybersecurity advisor programs, including cross-training 
     of the protective security advisor and cybersecurity advisor 
     workforce to optimize the capabilities of such programs and 
     capacity goals.
       (4) A description of programs, policies, and activities 
     used to carry out such stakeholder engagement activities and 
     services under paragraph (1).
       (5) Resources and personnel necessary to effectively 
     support critical infrastructure owners and operators and, as 
     appropriate, other entities, including non-profit 
     organizations, based on current and projected demand for 
     Agency services.
       (6) Guidance on how outreach to critical infrastructure 
     owners and operators in a region should be prioritized.
       (7) Plans to ensure that stakeholder engagement field 
     personnel of the Agency have a clear understanding of 
     expectations for engagement within each critical 
     infrastructure sector and subsector, whether during steady 
     state or surge capacity.
       (8) Metrics for measuring the effectiveness of stakeholder 
     engagement activities and services under paragraph (1), 
     including mechanisms to track regional engagement of field 
     personnel of the Agency with critical infrastructure owners 
     and operators, and how frequently such engagement takes 
     place.
       (9) Plans for awareness campaigns to familiarize owners and 
     operators of critical infrastructure with security resources 
     and support offered by the Cybersecurity and Infrastructure 
     Security Agency, including the clearinghouse maintained 
     pursuant to paragraph (6) of section 2202(c) of the Homeland 
     Security Act of 2002 (6 U.S.C. 652(c)), as added by section 
     2.
       (10) A description of how to prioritize engagement with 
     critical infrastructure sectors based on threat information 
     and the capacity of such sectors to mitigate such threats
       (c) Stakeholder Input.--In issuing the stakeholder outreach 
     and operational engagement strategy required under subsection 
     (a), the Director of the Cybersecurity and Infrastructure 
     Security Agency of the Department of Homeland Security shall, 
     to the extent practicable, solicit input from stakeholders 
     representing the following:
       (1) Each of the critical infrastructure sectors.
       (2) Critical infrastructure owners and operators located in 
     each region in which the Agency maintains a field office.
       (d) Implementation Plan.--Not later than 90 days after 
     issuing the stakeholder outreach and operational engagement 
     strategy required under subsection (a), the Director of the 
     Cybersecurity and Infrastructure Security Agency of the 
     Department of Homeland Security shall issue an implementation 
     plan for the strategy that includes the following:
       (1) Strategic objectives and corresponding tasks for 
     protective security advisor and cybersecurity advisor 
     workforce development, training, and retention plans.
       (2) Projected timelines, benchmarks, and resource 
     requirements for such tasks.
       (3) Metrics to evaluate the performance of such tasks.
       (e) Congressional Oversight.--Upon issuance of the 
     implementation plan required under subsection (d), the 
     Director of the Cybersecurity and Infrastructure Security 
     Agency of the Department of Homeland Security, shall submit 
     to the Committee on Homeland Security of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate the stakeholder outreach 
     and operational engagement strategy required under subsection 
     (a) and the implementation plan required under subsection 
     (b), together with any other associated legislative or 
     budgetary proposals relating thereto.

     SEC. 4. INFORMATION PROVIDED BY PROTECTIVE SECURITY ADVISORS.

       The Director of the Cybersecurity and Infrastructure 
     Security Agency of the Department of Homeland Security shall 
     ensure, to the greatest extent practicable, protective 
     security advisors of the Agency are disseminating homeland 
     security information on voluntary programs and services of 
     the Department of Homeland Security, including regarding the 
     Nonprofit Security Grant Program, to bolster security and 
     terrorism resilience.

     SEC. 5. PROTECTIVE SECURITY ADVISOR FORCE MULTIPLIER PILOT 
                   PROGRAM.

       (a) In General.--Not later than one year after the date of 
     the enactment of this Act, the Director of the Cybersecurity 
     and Infrastructure Security Agency of the Department of 
     Homeland Security shall establish a one-year pilot program 
     for State, local, Tribal, and territorial law enforcement 
     agencies and appropriate government officials to be trained 
     by protective security advisors of the Agency regarding 
     carrying out security vulnerability or terrorism risk 
     assessments of facilities.
       (b) Report.--Not later than 90 days after the completion of 
     the pilot program under subsection (a), the Director of the 
     Cybersecurity and Infrastructure Security Agency of the 
     Department of Homeland Security shall report on such pilot 
     program to the Committee on Homeland Security of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate.

  The SPEAKER pro tempore. Pursuant to the rule, the gentlewoman from 
Illinois (Ms. Underwood) and the gentleman from Pennsylvania (Mr. 
Joyce) each will control 20 minutes.
  The Chair recognizes the gentlewoman from Illinois.


                             General Leave

  Ms. UNDERWOOD. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days to revise and extend their remarks and to 
include extraneous material on this measure.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentlewoman from Illinois?
  There was no objection.
  Ms. UNDERWOOD. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, I rise today in strong support of H.R. 5780, the Safe 
Communities Act.
  Last month, a teenager from my district in Antioch, Illinois, went to 
Kenosha, Wisconsin, where he allegedly killed two people with an AR-15-
style rifle.
  The next day, I heard from another constituent, a mother who lives in 
the alleged shooter's hometown. She wrote: ``There is a militia cell in 
Antioch that is becoming more and more emboldened to take the law into 
their own hands. I am becoming fearful to send my children to the same 
schools at white supremacist militia members.''
  I share my constituents' concerns with the rise of domestic violent 
extremism in this country. FBI Director Wray recently testified before 
the House Homeland Security Committee that white supremacist extremists 
are a leading threat to our Nation.
  I believe we must do more to address the root causes of violent 
behavior, and I look forward to continuing to work with my colleagues 
in Congress to make America a place where racism, misogyny, and other 
forms of hate can no longer flourish.
  Meanwhile, in the face of extremist threats like these, we must take 
immediate action to secure our critical infrastructure and make soft 
targets less vulnerable to attack.
  In addition to domestic extremists, our suburban and rural 
communities face too many other threats of mass violence. Just last 
year, five of our neighbors, four of whom were my constituents, were 
killed by an act of gun violence at the Henry Pratt Company in Aurora, 
Illinois. Our workplaces, schools, and places of worship are far too 
vulnerable to mass shootings and other forms of targeted violence. This 
bill seeks to fix that.
  Rural and suburban communities like mine in northern Illinois are 
increasingly targets of violence but often don't have access to the 
Federal resources they need to protect themselves. That is why I 
introduced H.R. 5780, the Safe Communities Act of 2020, bipartisan 
legislation to help better protect soft targets in communities like 
mine.

[[Page H5080]]

  The Cybersecurity and Infrastructure Security Agency's protective 
security advisers help improve security at schools, places of worship, 
and other soft targets, but there are too few of them to meet the 
demand of their services.
  H.R. 5780 would require CISA to maintain an online security resources 
clearinghouse to provide security guidance and best practices, serving 
as a one-stop shop for school districts, religious organizations, and 
local officials to find the information they need to keep their 
communities safe.
  The bill would also require CISA to develop a stakeholder outreach 
and operational engagement strategy and implementation plan to ensure 
that the Agency is delivering infrastructure security services across 
sectors and throughout regions.
  Finally, H.R. 5780 would authorize a PSA force multiplier pilot 
program, which would require CISA PSAs to train State, local, Tribal, 
and territorial officials to perform security vulnerability and 
terrorism risk assessments. These risk assessments are an important 
part of qualifying for FEMA's security grants; the force multiplier 
program will help expand access to them.
  I am proud that the Safe Communities Act of 2020 has been endorsed by 
the Jewish Federations of North America and the Anti-Defamation League.
  I would like to thank my colleague, Mr. Katko, for joining me in 
introducing this measure. I am grateful for his collaboration and 
leadership as ranking member of the Subcommittee on Cybersecurity, 
Infrastructure Protection, and Innovation.
  I want to extend my sincere appreciation to the Homeland Security 
Committee staff for their work on this legislation.
  I urge my colleagues on both sides of the aisle to support this 
legislation today to make sure every community in America has the 
resources it needs to keep people safe.
  I urge my colleagues to support H.R. 5780, and I reserve the balance 
of my time.
  Mr. JOYCE of Pennsylvania. Mr. Speaker, I yield myself such time as I 
may consume.
  I rise in support of H.R. 5780. This bill makes the great work done 
by the Cybersecurity and Infrastructure Security Agency more accessible 
to stakeholders.
  CISA provides advice and recommendations upon the request of critical 
infrastructure owners and operators on how to secure and protect their 
facilities in cyberspace and physically.
  This bill will help stakeholders clearly know what CISA can do. 
Continuing to develop the relationship between CISA and our private 
stakeholders remains an integral piece of our critical infrastructure 
security.
  I thank Representatives Underwood and Katko for their bill.
  Mr. Speaker, I urge a ``yes'' vote on the bill, and I yield back the 
balance of my time.
  Ms. UNDERWOOD. Mr. Speaker, I yield myself such time as I may 
consume.
  Last week, I was appointed as the new chair of the Subcommittee on 
Cybersecurity, Infrastructure Protection, and Innovation of the 
Homeland Security Committee. It is a great honor and opportunity for me 
to amplify the homeland security concerns of the people of Illinois' 
14th Congressional District here in Washington.

                              {time}  1330

  My constituents are concerned about the vulnerability of so-called 
soft targets to violence. CISA, which is overseen by my subcommittee, 
has a critical role to play to empower communities to be more secure 
and resilient against ever-increasing lists of homeland security 
threats.
  I am committed to ensuring the success of the PSA program, and I look 
forward to working with CISA to make sure that every community can 
benefit from it. Enactment of the Safe Communities Act of 2020 will 
help CISA think more strategically about how it deploys PSAs and other 
services and do so in a way that will scale.
  Mr. Speaker, I urge my colleagues to support the measure, and I yield 
back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentlewoman from Illinois (Ms. Underwood) that the House suspend the 
rules and pass the bill, H.R. 5780, as amended.
  The question was taken; and (two-thirds being in the affirmative) the 
rules were suspended and the bill, as amended, was passed.
  A motion to reconsider was laid on the table.

                          ____________________