[Congressional Record Volume 167, Number 190 (Thursday, October 28, 2021)]
[Senate]
[Pages S7513-S7514]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 4042. Ms. ROSEN (for herself, Mr. Sasse, and Mr. King) submitted 
an amendment intended to be proposed to amendment SA 3867 submitted by 
Mr. Reed and intended to be proposed to the bill H.R. 4350, to 
authorize appropriations for fiscal year 2022 for military activities 
of the Department of Defense, for military construction, and for 
defense activities of the Department of Energy, to prescribe military 
personnel strengths for such fiscal year, and for other purposes; which 
was ordered to lie on the table; as follows:

        At the appropriate place, insert the following:

     SEC. __. NATIONAL CYBER EXERCISE PROGRAM.

       (a) In General.--Subtitle A of title XXII of the Homeland 
     Security Act of 2002 (6 U.S.C. 651 et seq.) is amended by 
     adding at the end the following new section:

     ``SEC. 2220A. NATIONAL CYBER EXERCISE PROGRAM.

       ``(a) Establishment of Program.--
       ``(1) In general.--There is established in the Agency the 
     National Cyber Exercise Program (referred to in this section 
     as the `Exercise Program') to evaluate the National Cyber 
     Incident Response Plan, and other related plans and 
     strategies.
       ``(2) Requirements.--
       ``(A) In general.--The Exercise Program shall be--
       ``(i) based on current risk assessments, including credible 
     threats, vulnerabilities, and consequences;
       ``(ii) designed, to the extent practicable, to simulate the 
     partial or complete incapacitation of a government or 
     critical infrastructure network resulting from a cyber 
     incident;
       ``(iii) designed to provide for the systematic evaluation 
     of cyber readiness and enhance operational understanding of 
     the cyber incident response system and relevant information 
     sharing agreements; and
       ``(iv) designed to promptly develop after-action reports 
     and plans that can quickly incorporate lessons learned into 
     future operations.
       ``(B) Model exercise selection.--The Exercise Program 
     shall--
       ``(i) include a selection of model exercises that 
     government and private entities can readily adapt for use; 
     and
       ``(ii) aid such governments and private entities with the 
     design, implementation, and evaluation of exercises that--

       ``(I) conform to the requirements described in subparagraph 
     (A);
       ``(II) are consistent with any applicable national, State, 
     local, or Tribal strategy or plan; and
       ``(III) provide for systematic evaluation of readiness.

       ``(3) Consultation.--In carrying out the Exercise Program, 
     the Director may consult with appropriate representatives 
     from Sector Risk Management Agencies, the Office of the 
     National Cyber Director, cybersecurity

[[Page S7514]]

     research stakeholders, and Sector Coordinating Councils.
       ``(b) Definitions.--In this section:
       ``(1) State.--The term `State' means any State of the 
     United States, the District of Columbia, the Commonwealth of 
     Puerto Rico, the Northern Mariana Islands, the United States 
     Virgin Islands, Guam, American Samoa, and any other territory 
     or possession of the United States.
       ``(2) Private entity.--The term `private entity' has the 
     meaning given such term in section 102 of the Cybersecurity 
     Information Sharing Act of 2015 (6 U.S.C. 1501).
       ``(c) Rule of Construction.--Nothing in this section shall 
     be construed to affect the authority or responsibilities of 
     the Administrator of the Federal Emergency Management Agency 
     pursuant to section 648 of the Post-Katrina Emergency 
     Management Reform Act of 2006 (6 U.S.C. 748).''.
       (b) Clerical Amendment.--The table of contents in section 
     1(b) of the Homeland Security Act of 2002 is amended by 
     inserting after the item relating to section 2217 the 
     following:

``Sec. 2220A. National Cyber Exercise Program.''.
                                 ______