[Congressional Record (Bound Edition), Volume 159 (2013), Part 9]
[Senate]
[Pages 12330-12337]
[From the U.S. Government Publishing Office, www.gpo.gov]




          STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS

      By Mr. BOOZMAN (for himself and Mr. Pryor):
  S. 1350. A bill to exclude from gross income compensation provided 
for victims of the March 29, 2013, pipeline oil spill in Mayflower, 
Arkansas; to the Committee on Finance.
  Mr. BOOZMAN. Mr. President, on March 29, 2013, the ExxonMobil 
pipeline ruptured spilling an estimated 147,000 gallons of oil into 
Mayflower, Arkansas. Victims of this oil spill are rightfully being 
compensated by ExxonMobil, but the Internal Revenue Service has said 
that compensatory payments will be considered taxable income. These 
families should not have to pay taxes on this disaster relief 
assistance. The Mayflower Oil Spill Tax Relief Act of 2013 prohibits 
compensation to Mayflower oil spill victims from being taxed by 
treating it as ``a qualified disaster relief payment'' under current 
law. My colleague Senator Pryor joins me in introducing this important 
legislation. I would also like to thank Representative Tim Griffin for 
his support and leadership on the House companion version of the 
Mayflower Oil Spill Tax Relief Act of 2013.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 1350

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Mayflower Oil Spill Tax 
     Relief Act of 2013''.

     SEC. 2. MAYFLOWER, ARKANSAS OIL SPILL COMPENSATION EXCLUDED 
                   FROM GROSS INCOME.

       For purposes of the Internal Revenue Code of 1986--
       (1) the March 29, 2013, pipeline rupture and oil spill in 
     Mayflower, Arkansas, shall be treated as a qualified disaster 
     under section 139(c) of such Code, and
       (2) any compensation provided to or for the benefit of a 
     victim of such disaster shall be treated as a qualified 
     disaster relief payment under section 139(b) of such Code.
                                 ______
                                 
      By Mr. ROCKEFELLER (for himself and Mr. Thune):
  S. 1353. A bill to provide for an ongoing, voluntary public-private 
partnership to improve cybersecurity, and to strengthen cybersecurity 
research and development, workforce development and education, and 
public awareness and preparedness, and for other purposes; to the 
Committee on Commerce, Science, and Transportation.
  Mr. ROCKEFELLER. Mr. President, the cybersecurity legislation Senator 
Thune and I introduce today is built upon several years of bipartisan 
hard work on the Senate Commerce, Science, and Transportation 
Committee. I am proud of that fact and proud of our work product.
  I would like to sincerely thank Senator Thune for working closely 
with me on this legislation. Senator Thune appreciates the gravity of 
the cybersecurity threat to our national security and our economy--a 
genuine threat to the free flow of commerce. He has been laser focused 
in finding workable, private sector led solutions to mitigate this 
existential threat.
  Our bill will go a long way to better secure our nation from ongoing 
cyber threats by having the National Institute of Standards and 
Technology, NIST, a world-class, non-regulatory agency within the 
Department of Commerce--facilitate and support the development of 
voluntary, industry-led standards and best practices to reduce cyber 
risks to critical infrastructure and all businesses.
  Our bill will give NIST the permanent authority it needs to continue 
the standards development process initiated by the President's 
Executive Order on Improving Critical Infrastructure Cybersecurity to 
ensure such efforts remain industry led and voluntary.
  It will also make sure that the Federal Government supports cutting 
edge research, works to increase public awareness, and improves our 
workforce to better address cyber threats.
  Our country's future economic success and security demands prompt 
attention to the cyber threat. It demands we all pull together to face 
the reality of cyber intrusions into every aspect of our nation's 
business, our electric grid, our trade secrets, our water supply, and 
so much more. The stakes are great. This is about our national 
security--3 Directors of National Intelligence have said cyber attacks 
are the number 1 national security threat to our country. That is why 
we have to find a way to reach a consensus that allows us to 
responsibly legislate.
  This bill is a very good start. There is a lot more we can and should 
do to protect our critical infrastructure, including promoting more 
sharing of private sector threat information. I will certainly keep 
looking for ways to work with my colleagues to provide this nation with 
the tools and resources we need to take on this threat.
  Again, I thank Senator Thune for dedicating his time, talent, and 
energy to this legislation, and his fine staff.
  Mr. President, I ask unanimous consent that the text of the bill be 
printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 1353

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

       (a) Short Title.--This Act may be cited as the 
     ``Cybersecurity Act of 2013''.
       (b) Table of Contents.--The table of contents of this Act 
     is as follows:

Sec. 1. Short title; table of contents.
Sec. 2. Definitions.
Sec. 3. No regulatory authority.

         TITLE I--PUBLIC-PRIVATE COLLABORATION ON CYBERSECURITY

Sec. 101. Public-private collaboration on cybersecurity.

            TITLE II--CYBERSECURITY RESEARCH AND DEVELOPMENT

Sec. 201. Federal cybersecurity research and development.
Sec. 202. Computer and network security research centers.

            TITLE III--EDUCATION AND WORKFORCE DEVELOPMENT.

Sec. 301. Cybersecurity competitions and challenges.
Sec. 302. Federal cyber scholarship-for-service program.
Sec. 303. Study and analysis of education, accreditation, training, and 
              certification of information infrastructure and 
              cybersecurity professionals.

           TITLE IV--CYBERSECURITY AWARENESS AND PREPAREDNESS

Sec. 401. National cybersecurity awareness and preparedness campaign.

     SEC. 2. DEFINITIONS.

       In this Act:
       (1) Cybersecurity mission.--The term ``cybersecurity 
     mission'' means activities that encompass the full range of 
     threat reduction, vulnerability reduction, deterrence, 
     international engagement, incident response, resiliency, and 
     recovery policies and activities, including computer network 
     operations, information assurance, law enforcement, 
     diplomacy, military, and intelligence missions as such 
     activities relate to the security and stability of 
     cyberspace.
       (2) Information infrastructure.--The term ``information 
     infrastructure'' means the underlying framework that 
     information systems and assets rely on to process, transmit, 
     receive, or store information electronically, including 
     programmable electronic devices, communications networks, and 
     industrial or supervisory control systems and any associated 
     hardware, software, or data.
       (3) Information system.--The term ``information system'' 
     has the meaning given that term in section 3502 of title 44, 
     United States Code.

     SEC. 3. NO REGULATORY AUTHORITY.

       Nothing in this Act shall be construed to confer any 
     regulatory authority on any Federal, State, tribal, or local 
     department or agency.

[[Page 12331]]



         TITLE I--PUBLIC-PRIVATE COLLABORATION ON CYBERSECURITY

     SEC. 101. PUBLIC-PRIVATE COLLABORATION ON CYBERSECURITY.

       (a) Cybersecurity.--Section 2(c) of the National Institute 
     of Standards and Technology Act (15 U.S.C. 272(c)) is 
     amended--
       (1) by redesignating paragraphs (15) through (22) as 
     paragraphs (16) through (23), respectively; and
       (2) by inserting after paragraph (14) the following:
       ``(15) on an ongoing basis, facilitate and support the 
     development of a voluntary, industry-led set of standards, 
     guidelines, best practices, methodologies, procedures, and 
     processes to reduce cyber risks to critical infrastructure 
     (as defined under subsection (e));''.
       (b) Scope and Limitations.--Section 2 of the National 
     Institute of Standards and Technology Act (15 U.S.C. 272) is 
     amended by adding at the end the following:
       ``(e) Cyber Risks.--
       ``(1) In general.--In carrying out the activities under 
     subsection (c)(15), the Director--
       ``(A) shall--
       ``(i) coordinate closely and continuously with relevant 
     private sector personnel and entities, critical 
     infrastructure owners and operators, sector coordinating 
     councils, Information Sharing and Analysis Centers, and other 
     relevant industry organizations, and incorporate industry 
     expertise;
       ``(ii) consult with the heads of agencies with national 
     security responsibilities, sector-specific agencies, State 
     and local governments, the governments of other nations, and 
     international organizations;
       ``(iii) identify a prioritized, flexible, repeatable, 
     performance-based, and cost-effective approach, including 
     information security measures and controls, that may be 
     voluntarily adopted by owners and operators of critical 
     infrastructure to help them identify, assess, and manage 
     cyber risks;
       ``(iv) include methodologies--

       ``(I) to identify and mitigate impacts of the cybersecurity 
     measures or controls on business confidentiality; and
       ``(II) to protect individual privacy and civil liberties;

       ``(v) incorporate voluntary consensus standards and 
     industry best practices;
       ``(vi) align with voluntary international standards to the 
     fullest extent possible;
       ``(vii) prevent duplication of regulatory processes and 
     prevent conflict with or superseding of regulatory 
     requirements, mandatory standards, and related processes; and
       ``(viii) include such other similar and consistent elements 
     as the Director considers necessary; and
       ``(B) shall not prescribe or otherwise require--
       ``(i) the use of specific solutions;
       ``(ii) the use of specific information or communications 
     technology products or services; or
       ``(iii) that information or communications technology 
     products or services be designed, developed, or manufactured 
     in a particular manner.
       ``(2) Limitation.--Information shared with or provided to 
     the Institute for the purpose of the activities described 
     under subsection (c)(15) shall not be used by any Federal, 
     State, tribal, or local department or agency to regulate the 
     activity of any entity.
       ``(3) Definitions.--In this subsection:
       ``(A) Critical infrastructure.--The term `critical 
     infrastructure' has the meaning given the term in section 
     1016(e) of the USA PATRIOT Act of 2001 (42 U.S.C. 5195c(e)).
       ``(B) Sector-specific agency.--The term `sector-specific 
     agency' means the Federal department or agency responsible 
     for providing institutional knowledge and specialized 
     expertise as well as leading, facilitating, or supporting the 
     security and resilience programs and associated activities of 
     its designated critical infrastructure sector in the all-
     hazards environment.''.

            TITLE II--CYBERSECURITY RESEARCH AND DEVELOPMENT

     SEC. 201. FEDERAL CYBERSECURITY RESEARCH AND DEVELOPMENT.

       (a) Fundamental Cybersecurity Research.--
       (1) In general.--The Director of the Office of Science and 
     Technology Policy, in coordination with the head of any 
     relevant Federal agency, shall build upon programs and plans 
     in effect as of the date of enactment of this Act to develop 
     a Federal cybersecurity research and development plan to meet 
     objectives in cybersecurity, such as--
       (A) how to design and build complex software-intensive 
     systems that are secure and reliable when first deployed;
       (B) how to test and verify that software and hardware, 
     whether developed locally or obtained from a third party, is 
     free of significant known security flaws;
       (C) how to test and verify that software and hardware 
     obtained from a third party correctly implements stated 
     functionality, and only that functionality;
       (D) how to guarantee the privacy of an individual, 
     including that individual's identity, information, and lawful 
     transactions when stored in distributed systems or 
     transmitted over networks;
       (E) how to build new protocols to enable the Internet to 
     have robust security as one of the key capabilities of the 
     Internet;
       (F) how to determine the origin of a message transmitted 
     over the Internet;
       (G) how to support privacy in conjunction with improved 
     security;
       (H) how to address the growing problem of insider threats;
       (I) how improved consumer education and digital literacy 
     initiatives can address human factors that contribute to 
     cybersecurity;
       (J) how to protect information processed, transmitted, or 
     stored using cloud computing or transmitted through wireless 
     services; and
       (K) any additional objectives the Director of the Office of 
     Science and Technology Policy, in coordination with the head 
     of any relevant Federal agency and with input from 
     stakeholders, including industry and academia, determines 
     appropriate.
       (2) Requirements.--
       (A) In general.--The Federal cybersecurity research and 
     development plan shall identify and prioritize near-term, 
     mid-term, and long-term research in computer and information 
     science and engineering to meet the objectives under 
     paragraph (1), including research in the areas described in 
     section 4(a)(1) of the Cyber Security Research and 
     Development Act (15 U.S.C. 7403(a)(1)).
       (B) Private sector efforts.--In developing, implementing, 
     and updating the Federal cybersecurity research and 
     development plan, the Director of the Office of Science and 
     Technology Policy shall work in close cooperation with 
     industry, academia, and other interested stakeholders to 
     ensure, to the extent possible, that Federal cybersecurity 
     research and development is not duplicative of private sector 
     efforts.
       (3) Triennial updates.--
       (A) In general.--The Federal cybersecurity research and 
     development plan shall be updated triennially.
       (B) Report to congress.--The Director of the Office of 
     Science and Technology Policy shall submit the plan, not 
     later than 1 year after the date of enactment of this Act, 
     and each updated plan under this section to the Committee on 
     Commerce, Science, and Transportation of the Senate and the 
     Committee on Science, Space, and Technology of the House of 
     Representatives.
       (b) Cybersecurity Practices Research.--The Director of the 
     National Science Foundation shall support research that--
       (1) develops, evaluates, disseminates, and integrates new 
     cybersecurity practices and concepts into the core curriculum 
     of computer science programs and of other programs where 
     graduates of such programs have a substantial probability of 
     developing software after graduation, including new practices 
     and concepts relating to secure coding education and 
     improvement programs; and
       (2) develops new models for professional development of 
     faculty in cybersecurity education, including secure coding 
     development.
       (c) Cybersecurity Modeling and Test Beds.--
       (1) Review.--Not later than 1 year after the date of 
     enactment of this Act, the Director the National Science 
     Foundation, in coordination with the Director of the Office 
     of Science and Technology Policy, shall conduct a review of 
     cybersecurity test beds in existence on the date of enactment 
     of this Act to inform the grants under paragraph (2). The 
     review shall include an assessment of whether a sufficient 
     number of cybersecurity test beds are available to meet the 
     research needs under the Federal cybersecurity research and 
     development plan.
       (2) Additional cybersecurity modeling and test beds.--
       (A) In general.--If the Director of the National Science 
     Foundation, after the review under paragraph (1), determines 
     that the research needs under the Federal cybersecurity 
     research and development plan require the establishment of 
     additional cybersecurity test beds, the Director of the 
     National Science Foundation, in coordination with the 
     Secretary of Commerce and the Secretary of Homeland Security, 
     may award grants to institutions of higher education or 
     research and development non-profit institutions to establish 
     cybersecurity test beds.
       (B) Requirement.--The cybersecurity test beds under 
     subparagraph (A) shall be sufficiently large in order to 
     model the scale and complexity of real-time cyber attacks and 
     defenses on real world networks and environments.
       (C) Assessment required.--The Director of the National 
     Science Foundation, in coordination with the Secretary of 
     Commerce and the Secretary of Homeland Security, shall 
     evaluate the effectiveness of any grants awarded under this 
     subsection in meeting the objectives of the Federal 
     cybersecurity research and development plan under subsection 
     (a) no later than 2 years after the review under paragraph 
     (1) of this subsection, and periodically thereafter.
       (d) Coordination With Other Research Initiatives.--In 
     accordance with the responsibilities under section 101 of the 
     High-Performance Computing Act of 1991 (15 U.S.C. 5511), the 
     Director the Office of Science and Technology Policy shall 
     coordinate, to the extent practicable, Federal research and 
     development activities under this section with

[[Page 12332]]

     other ongoing research and development security-related 
     initiatives, including research being conducted by--
       (1) the National Science Foundation;
       (2) the National Institute of Standards and Technology;
       (3) the Department of Homeland Security;
       (4) other Federal agencies;
       (5) other Federal and private research laboratories, 
     research entities, and universities;
       (6) institutions of higher education;
       (7) relevant nonprofit organizations; and
       (8) international partners of the United States.
       (e) National Science Foundation Computer and Network 
     Security Research Grant Areas.--Section 4(a)(1) of the Cyber 
     Security Research and Development Act (15 U.S.C. 7403(a)(1)) 
     is amended--
       (1) in subparagraph (H), by striking ``and'' at the end;
       (2) in subparagraph (I), by striking the period at the end 
     and inserting a semicolon; and
       (3) by adding at the end the following:
       ``(J) secure fundamental protocols that are integral to 
     inter-network communications and data exchange;
       ``(K) secure software engineering and software assurance, 
     including--
       ``(i) programming languages and systems that include 
     fundamental security features;
       ``(ii) portable or reusable code that remains secure when 
     deployed in various environments;
       ``(iii) verification and validation technologies to ensure 
     that requirements and specifications have been implemented; 
     and
       ``(iv) models for comparison and metrics to assure that 
     required standards have been met;
       ``(L) holistic system security that--
       ``(i) addresses the building of secure systems from trusted 
     and untrusted components;
       ``(ii) proactively reduces vulnerabilities;
       ``(iii) addresses insider threats; and
       ``(iv) supports privacy in conjunction with improved 
     security;
       ``(M) monitoring and detection;
       ``(N) mitigation and rapid recovery methods;
       ``(O) security of wireless networks and mobile devices; and
       ``(P) security of cloud infrastructure and services.''.
       (f) Research on the Science of Cybersecurity.--The head of 
     each agency and department identified under section 
     101(a)(3)(B) of the High-Performance Computing Act of 1991 
     (15 U.S.C. 5511(a)(3)(B)), through existing programs and 
     activities, shall support research that will lead to the 
     development of a scientific foundation for the field of 
     cybersecurity, including research that increases 
     understanding of the underlying principles of securing 
     complex networked systems, enables repeatable 
     experimentation, and creates quantifiable security metrics.

     SEC. 202. COMPUTER AND NETWORK SECURITY RESEARCH CENTERS.

       Section 4(b) of the Cyber Security Research and Development 
     Act (15 U.S.C. 7403(b)) is amended--
       (1) by striking ``the center'' in paragraph (4)(D) and 
     inserting ``the Center''; and
       (2) in paragraph (5)--
       (A) by striking ``and'' at the end of subparagraph (C);
       (B) by striking the period at the end of subparagraph (D) 
     and inserting a semicolon; and
       (C) by adding at the end the following:
       ``(E) the demonstrated capability of the applicant to 
     conduct high performance computation integral to complex 
     computer and network security research, through on-site or 
     off-site computing;
       ``(F) the applicant's affiliation with private sector 
     entities involved with industrial research described in 
     subsection (a)(1);
       ``(G) the capability of the applicant to conduct research 
     in a secure environment;
       ``(H) the applicant's affiliation with existing research 
     programs of the Federal Government;
       ``(I) the applicant's experience managing public-private 
     partnerships to transition new technologies into a commercial 
     setting or the government user community; and
       ``(J) the capability of the applicant to conduct 
     interdisciplinary cybersecurity research, such as in law, 
     economics, or behavioral sciences.''.

            TITLE III--EDUCATION AND WORKFORCE DEVELOPMENT.

     SEC. 301. CYBERSECURITY COMPETITIONS AND CHALLENGES.

       (a) In General.--The Secretary of Commerce, Director of the 
     National Science Foundation, and Secretary of Homeland 
     Security shall--
       (1) support competitions and challenges under section 105 
     of the America COMPETES Reauthorization Act of 2010 (124 
     Stat. 3989) or any other provision of law, as appropriate--
       (A) to identify, develop, and recruit talented individuals 
     to perform duties relating to the security of information 
     infrastructure in Federal, State, and local government 
     agencies, and the private sector; or
       (B) to stimulate innovation in basic and applied 
     cybersecurity research, technology development, and prototype 
     demonstration that has the potential for application to the 
     information technology activities of the Federal Government; 
     and
       (2) ensure the effective operation of the competitions and 
     challenges under this section.
       (b) Participation.--Participants in the competitions and 
     challenges under subsection (a)(1) may include--
       (1) students enrolled in grades 9 through 12;
       (2) students enrolled in a postsecondary program of study 
     leading to a baccalaureate degree at an institution of higher 
     education;
       (3) students enrolled in a postbaccalaureate program of 
     study at an institution of higher education;
       (4) institutions of higher education and research 
     institutions;
       (5) veterans; and
       (6) other groups or individuals that the Secretary of 
     Commerce, Director of the National Science Foundation, and 
     Secretary of Homeland Security determine appropriate.
       (c) Affiliation and Cooperative Agreements.--Competitions 
     and challenges under this section may be carried out through 
     affiliation and cooperative agreements with--
       (1) Federal agencies;
       (2) regional, State, or school programs supporting the 
     development of cyber professionals;
       (3) State, local, and tribal governments; or
       (4) other private sector organizations.
       (d) Areas of Skill.--Competitions and challenges under 
     subsection (a)(1)(A) shall be designed to identify, develop, 
     and recruit exceptional talent relating to--
       (1) ethical hacking;
       (2) penetration testing;
       (3) vulnerability assessment;
       (4) continuity of system operations;
       (5) security in design;
       (6) cyber forensics;
       (7) offensive and defensive cyber operations; and
       (8) other areas the Secretary of Commerce, Director of the 
     National Science Foundation, and Secretary of Homeland 
     Security consider necessary to fulfill the cybersecurity 
     mission.
       (e) Topics.--In selecting topics for competitions and 
     challenges under subsection (a)(1), the Secretary of 
     Commerce, Director of the National Science Foundation, and 
     Secretary of Homeland Security--
       (1) shall consult widely both within and outside the 
     Federal Government; and
       (2) may empanel advisory committees.
       (f) Internships.--The Director of the Office of Personnel 
     Management may support, as appropriate, internships or other 
     work experience in the Federal Government to the winners of 
     the competitions and challenges under this section.

     SEC. 302. FEDERAL CYBER SCHOLARSHIP-FOR-SERVICE PROGRAM.

       (a) In General.--The Director of the National Science 
     Foundation, in coordination with the Director of the Office 
     of Personnel Management and Secretary of Homeland Security, 
     shall continue a Federal Cyber Scholarship-for-Service 
     program to recruit and train the next generation of 
     information technology professionals, industrial control 
     system security professionals, and security managers to meet 
     the needs of the cybersecurity mission for Federal, State, 
     local, and tribal governments.
       (b) Program Description and Components.--The Federal Cyber 
     Scholarship-for-Service program shall--
       (1) provide scholarships to students who are enrolled in 
     programs of study at institutions of higher education leading 
     to degrees or specialized program certifications in the 
     cybersecurity field;
       (2) provide the scholarship recipients with summer 
     internship opportunities or other meaningful temporary 
     appointments in the Federal information technology workforce; 
     and
       (3) provide a procedure by which the National Science 
     Foundation or a Federal agency, consistent with regulations 
     of the Office of Personnel Management, may request and fund 
     security clearances for scholarship recipients, including 
     providing for clearances during internships or other 
     temporary appointments and after receipt of their degrees.
       (c) Scholarship Amounts.--Each scholarship under subsection 
     (b) shall be in an amount that covers the student's tuition 
     and fees at the institution under subsection (b)(1) and 
     provides the student with an additional stipend.
       (d) Scholarship Conditions.--Each scholarship recipient, as 
     a condition of receiving a scholarship under the program, 
     shall enter into an agreement under which the recipient 
     agrees to work in the cybersecurity mission of a Federal, 
     State, local, or tribal agency for a period equal to the 
     length of the scholarship following receipt of the student's 
     degree.
       (e) Hiring Authority.--
       (1) Appointment in excepted service.--Notwithstanding any 
     provision of chapter 33 of title 5, United States Code, 
     governing appointments in the competitive service, an agency 
     shall appoint in the excepted service an individual who has 
     completed the academic program for which a scholarship was 
     awarded.
       (2) Noncompetitive conversion.--Except as provided in 
     paragraph (4), upon fulfillment of the service term, an 
     employee appointed under paragraph (1) may be converted 
     noncompetitively to term, career-conditional or career 
     appointment.

[[Page 12333]]

       (3) Timing of conversion.--An agency may noncompetitively 
     convert a term employee appointed under paragraph (2) to a 
     career-conditional or career appointment before the term 
     appointment expires.
       (4) Authority to decline conversion.--An agency may decline 
     to make the noncompetitive conversion or appointment under 
     paragraph (2) for cause.
       (f) Eligibility.--To be eligible to receive a scholarship 
     under this section, an individual shall--
       (1) be a citizen or lawful permanent resident of the United 
     States;
       (2) demonstrate a commitment to a career in improving the 
     security of information infrastructure; and
       (3) have demonstrated a high level of proficiency in 
     mathematics, engineering, or computer sciences.
       (g) Repayment.--If a scholarship recipient does not meet 
     the terms of the program under this section, the recipient 
     shall refund the scholarship payments in accordance with 
     rules established by the Director of the National Science 
     Foundation, in coordination with the Director of the Office 
     of Personnel Management and Secretary of Homeland Security.
       (h) Evaluation and Report.--The Director of the National 
     Science Foundation shall evaluate and report periodically to 
     Congress on the success of recruiting individuals for 
     scholarships under this section and on hiring and retaining 
     those individuals in the public sector workforce.

     SEC. 303. STUDY AND ANALYSIS OF EDUCATION, ACCREDITATION, 
                   TRAINING, AND CERTIFICATION OF INFORMATION 
                   INFRASTRUCTURE AND CYBERSECURITY PROFESSIONALS.

       (a) Study.--The Director of the National Science Foundation 
     and the Secretary of Homeland Security shall undertake to 
     enter into appropriate arrangements with the National Academy 
     of Sciences to conduct a comprehensive study of government, 
     academic, and private-sector education, accreditation, 
     training, and certification programs for the development of 
     professionals in information infrastructure and 
     cybersecurity. The agreement shall require the National 
     Academy of Sciences to consult with sector coordinating 
     councils and relevant governmental agencies, regulatory 
     entities, and nongovernmental organizations in the course of 
     the study.
       (b) Scope.--The study shall include--
       (1) an evaluation of the body of knowledge and various 
     skills that specific categories of professionals in 
     information infrastructure and cybersecurity should possess 
     in order to secure information systems;
       (2) an assessment of whether existing government, academic, 
     and private-sector education, accreditation, training, and 
     certification programs provide the body of knowledge and 
     various skills described in paragraph (1);
       (3) an evaluation of--
       (A) the state of cybersecurity education at institutions of 
     higher education in the United States;
       (B) the extent of professional development opportunities 
     for faculty in cybersecurity principles and practices;
       (C) the extent of the partnerships and collaborative 
     cybersecurity curriculum development activities that leverage 
     industry and government needs, resources, and tools;
       (D) the proposed metrics to assess progress toward 
     improving cybersecurity education; and
       (E) the descriptions of the content of cybersecurity 
     courses in undergraduate computer science curriculum;
       (4) an analysis of any barriers to the Federal Government 
     recruiting and hiring cybersecurity talent, including 
     barriers relating to compensation, the hiring process, job 
     classification, and hiring flexibility; and
       (5) an analysis of the sources and availability of 
     cybersecurity talent, a comparison of the skills and 
     expertise sought by the Federal Government and the private 
     sector, an examination of the current and future capacity of 
     United States institutions of higher education, including 
     community colleges, to provide current and future 
     cybersecurity professionals, through education and training 
     activities, with those skills sought by the Federal 
     Government, State and local entities, and the private sector.
       (c) Report.--Not later than 1 year after the date of 
     enactment of this Act, the National Academy of Sciences shall 
     submit to the President and Congress a report on the results 
     of the study. The report shall include--
       (1) findings regarding the state of information 
     infrastructure and cybersecurity education, accreditation, 
     training, and certification programs, including specific 
     areas of deficiency and demonstrable progress; and
       (2) recommendations for further research and the 
     improvement of information infrastructure and cybersecurity 
     education, accreditation, training, and certification 
     programs.

           TITLE IV--CYBERSECURITY AWARENESS AND PREPAREDNESS

     SEC. 401. NATIONAL CYBERSECURITY AWARENESS AND PREPAREDNESS 
                   CAMPAIGN.

       (a) National Cybersecurity Awareness and Preparedness 
     Campaign.--The Director of the National Institute of 
     Standards and Technology (referred to in this section as the 
     ``Director''), in consultation with appropriate Federal 
     agencies, shall continue to coordinate a national 
     cybersecurity awareness and preparedness campaign, such as--
       (1) a campaign to increase public awareness of 
     cybersecurity, cyber safety, and cyber ethics, including the 
     use of the Internet, social media, entertainment, and other 
     media to reach the public;
       (2) a campaign to increase the understanding of State and 
     local governments and private sector entities of--
       (A) the benefits of ensuring effective risk management of 
     the information infrastructure versus the costs of failure to 
     do so; and
       (B) the methods to mitigate and remediate vulnerabilities;
       (3) support for formal cybersecurity education programs at 
     all education levels to prepare skilled cybersecurity and 
     computer science workers for the private sector and Federal, 
     State, and local government; and
       (4) initiatives to evaluate and forecast future 
     cybersecurity workforce needs of the Federal government and 
     develop strategies for recruitment, training, and retention.
       (b) Considerations.--In carrying out the authority 
     described in subsection (a), the Director, in consultation 
     with appropriate Federal agencies, shall leverage existing 
     programs designed to inform the public of safety and security 
     of products or services, including self-certifications and 
     independently-verified assessments regarding the 
     quantification and valuation of information security risk.
       (c) Strategic Plan.--The Director, in cooperation with 
     relevant Federal agencies and other stakeholders, shall build 
     upon programs and plans in effect as of the date of enactment 
     of this Act to develop and implement a strategic plan to 
     guide Federal programs and activities in support of the 
     national cybersecurity awareness and preparedness campaign 
     under subsection (a).
       (d) Report.--Not later than 1 year after the date of 
     enactment of this Act, and every 5 years thereafter, the 
     Director shall transmit the strategic plan under subsection 
     (c) to the Committee on Commerce, Science, and Transportation 
     of the Senate and the Committee on Science, Space, and 
     Technology of the House of Representatives.
                                 ______
                                 
      By Mr. DURBIN:
  S. 1359. A bill to amend the Federal Water Pollution Control Act to 
establish national standards for discharges from cruise vessels; to the 
Committee on Commerce, Science, and Transportation.
  Mr. DURBIN. Mr. President, I ask unanimous consent that the text of 
the bill be printed in the Record.
  There being no objection, the text of the bill was ordered to be 
printed in the Record, as follows:

                                S. 1359

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``Clean Cruise Ship Act of 
     2013''.

     SEC. 2. FINDINGS AND PURPOSES.

       (a) Findings.--Congress finds that--
       (1) cruise ships carry millions of passengers through North 
     American waters each year, showcase some of the most 
     beautiful ocean and coastal environments in the United 
     States, and provide opportunities for passengers to relax and 
     enjoy oceans and marine ecosystems;
       (2) the natural beauty and health of the ocean and coastal 
     environment is what draws passengers to travel along these 
     waterways by ship;
       (3) protecting the natural environment is beneficial to 
     both the environment and to the cruise industry;
       (4) the number of cruise passengers continues to grow, 
     making the cruise industry 1 of the fastest growing tourism 
     sectors in the world;
       (5) in 2010, more than 10,000,000 passengers departed from 
     North America on thousands of cruise ships;
       (6) as of 2010, the average annual growth rate of cruise 
     passengers is 7.5 percent;
       (7) during the 2 decades preceding the date of enactment of 
     this Act, the average cruise ship size has increased at a 
     rate of approximately 90 feet every 5 years;
       (8) an average-sized cruise vessel generates millions of 
     gallons of liquid waste and many tons of solid waste;
       (9) in just 1 week, a 3000-passenger cruise ship generates 
     approximately 200,000 gallons of human sewage, more than 
     1,000,000 gallons of water from showers and sinks and 
     dishwashing water (commonly known as ``graywater''), more 
     than 8 tons of solid waste, and toxic wastes from dry 
     cleaning and photo-processing laboratories;
       (10) in an Environmental Protection Agency survey of 29 
     ships traveling in Alaskan waters, reported sewage generation 
     rates ranged from 1,000 to 74,000 gallons per day per vessel, 
     with the average volume of sewage generated being 21,000 
     gallons per day per vessel;

[[Page 12334]]

       (11) those frequently untreated cruise ship discharges 
     deliver nutrients, hazardous substances, pharmaceuticals, and 
     human pathogens, including viruses and bacteria, directly 
     into the marine environment;
       (12) in the final report of the United States Commission on 
     Ocean Policy, that Commission found that cruise ship 
     discharges, if not treated and disposed of properly, and the 
     cumulative impacts caused when cruise ships repeatedly visit 
     the same environmentally sensitive areas, ``can be a 
     significant source of pathogens and nutrients with the 
     potential to threaten human health and damage shellfish beds, 
     coral reefs, and other aquatic life'';
       (13) pollution from cruise ships not only has the potential 
     to threaten marine life and human health through consumption 
     of contaminated seafood, but also poses a health risk for 
     recreational swimmers, surfers, and other beachgoers;
       (14) according to the Environmental Protection Agency, 
     ``Sewage may host many pathogens of concern to human health, 
     including Salmonella, Shigella, Hepatitis A and E, and 
     gastro-intestinal viruses. Sewage contamination in swimming 
     areas and shellfish beds poses potential risks to human 
     health and the environment by increasing the rate of 
     waterborne illnesses'';
       (15) the nutrient pollution from human sewage discharges 
     from cruise ships can contribute to the incidence of harmful 
     algal blooms;
       (16) algal blooms have been implicated in the deaths of 
     marine life, including the deaths of more than 150 manatees 
     off the coast of Florida;
       (17) in a 2005 report requested by the International 
     Council of Cruise Lines, the Science Panel of the Ocean 
     Conservation and Tourism Alliance recommended that--
       (A) ``[a]ll blackwater should be treated'';
       (B) treated blackwater should be ``avoided in ports, close 
     to bathing beaches or water bodies with restricted 
     circulation, flushing or inflow''; and
       (C) blackwater should not be discharged within 4 nautical 
     miles of shellfish beds, coral reefs, or other sensitive 
     habitats;
       (18) that Science Panel further recommended that graywater 
     be treated in the same manner as blackwater and that sewage 
     sludge be off-loaded to approved land-based facilities;
       (19) in a summary of recommendations for addressing 
     unabated point sources of pollution, the Pew Oceans 
     Commission states that, ``Congress should enact legislation 
     that regulates wastewater discharges from cruise ships under 
     the Clean Water Act by establishing uniform minimum standards 
     for discharges in all State waters and prohibiting discharges 
     within the U.S. Exclusive Economic Zone that do not meet 
     effluent standards.''; and
       (20) a comprehensive statutory regime for managing 
     pollution discharges from cruise vessels, applicable 
     throughout the United States, is needed--
       (A) to protect coastal and ocean areas from pollution 
     generated by cruise vessels;
       (B) to reduce and better regulate discharges from cruise 
     vessels; and
       (C) to improve monitoring, reporting, and enforcement of 
     standards regarding discharges.
       (b) Purpose.--The purpose of this Act is to amend the 
     Federal Water Pollution Control Act (33 U.S.C. 1251 et seq.) 
     to establish national standards and prohibitions for 
     discharges from cruise vessels.

     SEC. 3. CRUISE VESSEL DISCHARGES.

       Section 402 of the Federal Water Pollution Control Act (33 
     U.S.C. 1342) is amended by adding at the end the following:
       ``(s) Cruise Vessel Discharges.--
       ``(1) Definitions.--In this subsection:
       ``(A) Bilge water.--
       ``(i) In general.--The term `bilge water' means wastewater.
       ``(ii) Inclusions.--The term `bilge water' includes 
     lubrication oils, transmission oils, oil sludge or slops, 
     fuel or oil sludge, used oil, used fuel or fuel filters, and 
     oily waste.
       ``(B) Commandant.--The term `Commandant' means the 
     Commandant of the Coast Guard.
       ``(C) Cruise vessel.--
       ``(i) In general.--The term `cruise vessel' means a 
     passenger vessel that--

       ``(I) is authorized to carry at least 250 passengers; and
       ``(II) has onboard sleeping facilities for each passenger.

       ``(ii) Exclusions.--The term `cruise vessel' does not 
     include--

       ``(I) a vessel of the United States operated by the Federal 
     Government;
       ``(II) a vessel owned and operated by the government of a 
     State; or
       ``(III) a vessel owned by a local government.

       ``(D) Discharge.--The term `discharge' means the release, 
     escape, disposal, spilling, leaking, pumping, emitting, or 
     emptying of bilge water, graywater, hazardous waste, 
     incinerator ash, sewage, sewage sludge, trash, or garbage 
     from a cruise vessel into the environment, however caused, 
     other than--
       ``(i) at an approved shoreside reception facility, if 
     applicable; and
       ``(ii) in compliance with all applicable Federal, State, 
     and local laws (including regulations).
       ``(E) Exclusive economic zone.--The term `exclusive 
     economic zone' has the meaning given the term in section 2101 
     of title 46, United States Code (as in effect on the day 
     before the date of enactment of Public Law 109-304 (120 Stat. 
     1485)).
       ``(F) Fund.--The term `Fund' means the Cruise Vessel 
     Pollution Control Fund established by paragraph (11)(A)(i).
       ``(G) Garbage.--The term `garbage' means solid waste from 
     food preparation, service and disposal activities, even if 
     shredded, ground, processed, or treated to comply with other 
     requirements.
       ``(H) Graywater.--
       ``(i) In general.--The term `graywater' means galley water, 
     dishwasher, and bath, shower, and washbasin water.
       ``(ii) Inclusions.--The term `graywater' includes, to the 
     extent not already covered under provisions of law relating 
     to hazardous waste--

       ``(I) spa, pool, and laundry wastewater;
       ``(II) wastes from soot tanker or economizer cleaning;
       ``(III) wastes from photo processing;
       ``(IV) wastes from vessel interior surface cleaning; and
       ``(V) miscellaneous equipment and process wastewater.

       ``(I) Hazardous waste.--The term `hazardous waste' has the 
     meaning given the term in section 6903 of the Solid Waste 
     Disposal Act (42 U.S.C. 6903).
       ``(J) Incinerator ash.--The term `incinerator ash' means 
     ash generated during the incineration of solid waste or 
     sewage sludge.
       ``(K) New vessel.--The term `new vessel' means a vessel, 
     the construction of which is initiated after promulgation of 
     standards and regulations under this subsection.
       ``(L) No-discharge zone.--
       ``(i) In general.--The term `no-discharge zone' means an 
     area of ecological importance, whether designated by Federal, 
     State, or local authorities.
       ``(ii) Inclusions.--The term `no-discharge zone' includes--

       ``(I) a marine sanctuary;
       ``(II) a marine protected area;
       ``(III) a marine reserve; and
       ``(IV) a marine national monument.

       ``(M) Passenger.--The term `passenger' means any person 
     (including a paying passenger and any staff member, such as a 
     crew member, captain, or officer) traveling on board a cruise 
     vessel.
       ``(N) Sewage.--The term `sewage' means--
       ``(i) human and animal body wastes; and
       ``(ii) wastes from toilets and other receptacles intended 
     to receive or retain human and animal body wastes.
       ``(O) Sewage sludge.--
       ``(i) In general.--The term `sewage sludge' means any 
     solid, semi-solid, or liquid residue removed during the 
     treatment of on-board sewage.
       ``(ii) Inclusions.--The term `sewage sludge' includes--

       ``(I) solids removed during primary, secondary, or advanced 
     wastewater treatment;
       ``(II) scum;
       ``(III) septage;
       ``(IV) portable toilet pumpings;
       ``(V) type III marine sanitation device pumpings (as 
     defined in part 159 of title 33, Code of Federal Regulations 
     (or a successor regulation)); and
       ``(VI) sewage sludge products.

       ``(iii) Exclusions.--The term `sewage sludge' does not 
     include--

       ``(I) grit or screenings; or
       ``(II) ash generated during the incineration of sewage 
     sludge.

       ``(P) Trash.--The term `trash' means solid waste from 
     vessel operations and passenger services, even if shredded, 
     ground, processed, or treated to comply with other 
     regulations.
       ``(2) Prohibitions.--
       ``(A) Prohibition on discharge of sewage sludge, 
     incinerator ash, and hazardous waste.--
       ``(i) In general.--Except as provided by subparagraph (C), 
     no cruise vessel departing from, or calling on, a port of the 
     United States may discharge sewage sludge, incinerator ash, 
     or hazardous waste into navigable waters, including the 
     contiguous zone and the exclusive economic zone.
       ``(ii) Off-loading.--Sewage sludge, incinerator ash, and 
     hazardous waste described in clause (i) shall be off-loaded 
     at an appropriate land-based facility.
       ``(B) Prohibition on discharge of sewage, graywater, and 
     bilge water.--
       ``(i) In general.--Except as provided by subparagraph (C), 
     no cruise vessel departing from or calling on, a port of the 
     United States may discharge sewage, graywater, or bilge water 
     into navigable waters, including the contiguous zone and the 
     exclusive economic zone, unless--

       ``(I) the sewage, graywater, or bilge water is treated to 
     meet all applicable effluent limits established under this 
     section and is in accordance with all other applicable laws;
       ``(II) the cruise vessel is underway and proceeding at a 
     speed of not less than 6 knots;
       ``(III) the cruise vessel is more than 12 nautical miles 
     from shore; and
       ``(IV) the cruise vessel complies with all applicable 
     standards established under this Act.

       ``(ii) No-discharge zones.--Notwithstanding any other 
     provision of this paragraph, no cruise vessel departing from, 
     or

[[Page 12335]]

     calling on, a port of the United States may discharge treated 
     or untreated sewage, graywater, or bilge water into a no-
     discharge zone.
       ``(C) Safety exception.--
       ``(i) Scope of exception.--Subparagraphs (A) and (B) shall 
     not apply in any case in which--

       ``(I) a discharge is made solely for the purpose of 
     securing the safety of the cruise vessel or saving human life 
     at sea; and
       ``(II) all reasonable precautions have been taken to 
     prevent or minimize the discharge.

       ``(ii) Notification.--

       ``(I) In general.--If the owner, operator, master, or other 
     person in charge of a cruise vessel authorizes a discharge 
     described in clause (i), the person shall notify the 
     Administrator and the Commandant of the decision to authorize 
     the discharge as soon as practicable, but not later than 24 
     hours, after authorizing the discharge.
       ``(II) Report.--Not later than 7 days after the date on 
     which a discharge described in clause (i) occurs, the owner, 
     operator, master, or other person in charge of a cruise 
     vessel, shall submit to the Administrator and the Commandant 
     a report that describes--

       ``(aa) the quantity and composition of each discharge 
     authorized under clause (i);
       ``(bb) the reason for authorizing each such discharge;
       ``(cc) the location of the vessel during the course of each 
     such discharge; and
       ``(dd) such other supporting information and data as are 
     requested by the Commandant or the Administrator.

       ``(III) Disclosure of reports.--Upon receiving a report 
     under subclause (II), the Administrator shall make the report 
     available to the public.

       ``(3) Effluent limits.--
       ``(A) Effluent limits for discharges of sewage, graywater, 
     and bilge water.--
       ``(i) In general.--Not later than 1 year after the date of 
     enactment of this subsection, the Administrator shall 
     promulgate effluent limits for sewage, graywater, and bilge 
     water discharges from cruise vessels.
       ``(ii) Requirements.--The effluent limits shall--

       ``(I) be consistent with the capability of the best 
     available technology to treat effluent;
       ``(II) take into account the best available scientific 
     information on the environmental effects of sewage, 
     graywater, and bilge water discharges, including 
     conventional, nontoxic, and toxic pollutants and petroleum;
       ``(III) take into account marine life and ecosystems, 
     including coral reefs, shell fish beds, endangered species, 
     marine mammals, seabirds, and marine ecosystems;
       ``(IV) take into account conditions that will affect marine 
     life, ecosystems, and human health, including seamounts, 
     continental shelves, oceanic fronts, warm core and cold core 
     rings, and ocean currents; and
       ``(V) require compliance with all relevant Federal and 
     State water quality standards.

       ``(iii) Minimum limits.--The effluent limits promulgated 
     under clause (i) shall require, at a minimum, that treated 
     sewage, treated graywater, and treated bilge water effluent 
     discharges from cruise vessels, measured at the point of 
     discharge, shall, not later than the date described in 
     subparagraph (C)--

       ``(I) satisfy the minimum level of effluent quality 
     specified in section 133.102 of title 40, Code of Federal 
     Regulations (or a successor regulation); and
       ``(II) with respect to the samples from the discharge 
     during any 30-day period--

       ``(aa) have a geometric mean that does not exceed 20 fecal 
     coliform per 100 milliliters;
       ``(bb) not exceed 40 fecal coliform per 100 milliliters in 
     more than 10 percent of the samples; and
       ``(cc) with respect to concentrations of total residual 
     chlorine, not exceed 10 milligrams per liter.
       ``(B) Review and revision of effluent limits.--The 
     Administrator shall--
       ``(i) review the effluent limits promulgated under 
     subparagraph (A) at least once every 5 years; and
       ``(ii) revise the effluent limits to incorporate technology 
     available at the time of the review in accordance with 
     subparagraph (A)(Ii).
       ``(C) Compliance date.--The Administrator shall require 
     compliance with the effluent limits promulgated pursuant to 
     subparagraph (A)--
       ``(i) with respect to new vessels put into water after the 
     date of enactment of this subsection, as of the date that is 
     180 days after the date of promulgation of the effluent 
     limits; and
       ``(ii) with respect to vessels in use as of that date of 
     enactment, as of the date that is 1 year after the date of 
     promulgation of the effluent limits.
       ``(D) Sampling, monitoring, and reporting.--
       ``(i) In general.--The Administrator shall require 
     sampling, monitoring, and reporting to ensure compliance 
     with--

       ``(I) the effluent limitations promulgated under 
     subparagraph (A);
       ``(II) all other applicable provisions of this Act;
       ``(III) any regulations promulgated under this Act;
       ``(IV) other applicable Federal laws (including 
     regulations); and
       ``(V) all applicable international treaty requirements.

       ``(ii) Responsibilities of persons in charge of cruise 
     vessels.--The owner, operator, master, or other person in 
     charge of a cruise vessel, shall at a minimum--

       ``(I) conduct sampling or testing at the point of discharge 
     on a monthly basis, or more frequently, as determined by the 
     Administrator;
       ``(II) provide real-time data to the Administrator, using 
     telemetric or other similar technology, for reporting 
     relating to--

       ``(aa) discharges of sewage, graywater, and bilge water 
     from cruise vessels;
       ``(bb) pollutants emitted in sewage, graywater, and bilge 
     water from cruise vessels; and
       ``(cc) functioning of cruise vessel components relating to 
     fuel consumption and control of air and water pollution;

       ``(III) ensure, to the maximum extent practicable, that 
     technologies providing real-time data have the ability to 
     record--

       ``(aa) the location and time of discharges from cruise 
     vessels;
       ``(bb) the source, content, and volume of the discharges; 
     and
       ``(cc) the operational state of components relating to 
     pollution control technology at the time of the discharges, 
     including whether the components are operating correctly;

       ``(IV) establish chains of custody, analysis protocols, and 
     other specific information necessary to ensure that the 
     sampling, testing, and records of that sampling and testing 
     are reliable; and
       ``(V) maintain, and provide on a monthly basis to the 
     Administrator, electronic copies of required sampling and 
     testing data.

       ``(iii) Reporting requirements.--The Administrator shall 
     require the compilation and production, and not later than 1 
     year after the date of enactment of this subsection and 
     biennially thereafter, the provision to the Administrator and 
     the Commandant in electronic format, of documentation for 
     each cruise vessel that includes, at a minimum--

       ``(I) a detailed description of onboard waste treatment 
     mechanisms in use by the cruise vessel, including the 
     manufacturer of the waste treatment technology on board;
       ``(II) a detailed description of onboard sludge management 
     practices of the cruise vessel;
       ``(III) copies of applicable hazardous materials forms;
       ``(IV) a characterization of the nature, type, and 
     composition of discharges by the cruise vessel;
       ``(V) a determination of the volumes of those discharges, 
     including average volumes; and
       ``(VI) the locations, including the more common locations, 
     of those discharges.

       ``(iv) Shoreside disposal.--The Administrator shall require 
     documentation of shoreside disposal at approved facilities 
     for all wastes by, at a minimum--

       ``(I) establishing standardized forms for the receipt of 
     those wastes;
       ``(II) requiring those receipts to be sent electronically 
     to the Administrator and Commandant and maintained in an 
     onboard record book; and
       ``(III) requiring those receipts to be signed and dated by 
     the owner, operator, master, or other person in charge of the 
     discharging vessel and the authorized representative of the 
     receiving facility.

       ``(v) Regulations.--Not later than 18 months after the date 
     of enactment of this subsection, the Administrator, in 
     consultation with the Commandant, shall promulgate 
     regulations that, at a minimum, implement the sampling, 
     monitoring, and reporting protocols required by this 
     subparagraph.
       ``(4) Inspection program.--
       ``(A) In general.--The Administrator shall establish an 
     inspection program to require that--
       ``(i) regular announced and unannounced inspections be 
     conducted of any relevant aspect of cruise vessel operations, 
     equipment, or discharges, including sampling and testing of 
     cruise vessel discharges;
       ``(ii) each cruise vessel that calls on a port of the 
     United States be subject to an unannounced inspection at 
     least once per year; and
       ``(iii) inspections be carried out by the Environmental 
     Protection Agency or the Coast Guard.
       ``(B) Coast guard inspections.--If the Administrator and 
     the Commandant jointly agree that some or all inspections are 
     to be carried out by the Coast Guard, the inspections shall--
       ``(i) occur outside the Coast Guard matrix system for 
     setting boarding priorities;
       ``(ii) be consistent across Coast Guard districts; and
       ``(iii) be conducted by specially-trained environmental 
     inspectors.
       ``(C) Regulations.--Not later than 18 months after the date 
     of enactment of this subsection, the Administrator, in 
     consultation with the Commandant, shall promulgate 
     regulations that, at a minimum--
       ``(i) designate responsibility for conducting inspections;
       ``(ii) require the owner, operator, master, or other person 
     in charge of a cruise vessel to maintain and submit a logbook 
     detailing

[[Page 12336]]

     the times, types, volumes, flow rates, origins, and specific 
     locations of, and explanations for, any discharges from the 
     cruise vessel not otherwise required by the International 
     Convention for the Prevention of Pollution from Ships, 1973 
     (done at London on November 2, 1973; entered into force on 
     October 2, 1983), as modified by the Protocol of 1978 
     relating to the International Convention for the Prevention 
     of Pollution from Ships, 1973 (done at London, February 17, 
     1978);
       ``(iii) provide for routine announced and unannounced 
     inspections of--

       ``(I) cruise vessel environmental compliance records and 
     procedures; and
       ``(II) the functionality, sufficiency, redundancy, and 
     proper operation and maintenance of installed equipment for 
     abatement and control of any cruise vessel discharge 
     (including equipment intended to treat sewage, graywater, or 
     bilge water);

       ``(iv) ensure that--

       ``(I) all crew members are informed of, in the native 
     language of the crew members, and understand, the pollution 
     control obligations under this subsection, including 
     regulations promulgated under this subsection; and
       ``(II) applicable crew members are sufficiently trained and 
     competent to comply with requirements under this subsection, 
     including sufficient training and competence--

       ``(aa) to effectively operate shipboard pollution control 
     systems;
       ``(bb) to conduct all necessary sampling and testing; and
       ``(cc) to monitor and comply with recording requirements;
       ``(v) require that operating manuals be on the cruise 
     vessel and accessible to all crew members;
       ``(vi) require the posting of the phone number for a toll-
     free whistleblower hotline on all ships and at all ports 
     using language likely to be understood by international 
     crews;
       ``(vii) require any owner, operator, master, or other 
     person in charge of a cruise vessel, who has knowledge of a 
     discharge from the cruise vessel in violation of this 
     subsection, including regulations promulgated under this 
     subsection, to report immediately the discharge to the 
     Administrator and the Commandant;
       ``(viii) require the owner, operator, master, or other 
     person in charge of a cruise vessel to provide, not later 
     than 1 year after the date of enactment of this subsection, 
     to the Administrator, Commandant, and on-board observers 
     (including designated representatives), a copy of cruise 
     vessel plans, including--

       ``(I) piping schematic diagrams;
       ``(II) construction drawings; and
       ``(III) drawings or diagrams of storage systems, 
     processing, treating, intake, or discharge systems, and any 
     modifications of those systems (within the year during which 
     the modifications are made); and

       ``(ix) inhibit illegal discharges by prohibiting all means 
     of altering piping, tankage, pumps, valves, and processes to 
     bypass or circumvent measures or equipment designed to 
     monitor, sample, or prevent discharges.
       ``(D) Disclosure of logbooks.--The logbook described in 
     subparagraph (C)(ii) shall be submitted to the Administrator 
     and the Commandant.
       ``(5) Cruise observer program.--
       ``(A) In general.--Not later than 18 months after the date 
     of enactment of this subsection, the Commandant, in 
     consultation with the Administrator, shall establish and 
     carry out a program for the hiring and placement of 1 or more 
     trained, independent, observers on each cruise vessel.
       ``(B) Purpose.--The purpose of the cruise observer program 
     established under subparagraph (A) is to monitor and inspect 
     cruise vessel operations, equipment, and discharges to ensure 
     compliance with--
       ``(i) this subsection (including regulations promulgated 
     under this subsection); and
       ``(ii) all other relevant Federal and State laws and 
     international agreements.
       ``(C) Regulations.--Not later than 18 months after the date 
     of enactment of this subsection, the Commandant, in 
     consultation with the Administrator and the Attorney General, 
     shall promulgate regulations that, at a minimum--
       ``(i) specify that the Coast Guard shall be responsible for 
     the hiring of observers;
       ``(ii) specify the qualifications, experience, and duties 
     of the observers;
       ``(iii) specify methods and criteria for Coast Guard hiring 
     of observers;
       ``(iv) establish the means for ensuring constant observer 
     coverage and allowing for observer relief and rotation; and
       ``(v) establish an appropriate rate of pay to ensure that 
     observers are highly trained and retained by the Coast Guard.
       ``(D) Responsibilities.--Cruise observers participating in 
     the program established under subparagraph (A) shall --
       ``(i) observe and inspect--

       ``(I) onboard liquid and solid handling and processing 
     systems;
       ``(II) onboard environmental treatment systems;
       ``(III) use of shore-based treatment and storage 
     facilities;
       ``(IV) discharges and discharge practices; and
       ``(V) documents relating to environmental compliance, 
     including--

       ``(aa) sounding boards, logs, and logbooks;
       ``(bb) daily and corporate maintenance and engineers' 
     logbooks;
       ``(cc) fuel, sludge, slop, waste, and ballast tank capacity 
     tables;
       ``(dd) installation, maintenance, and operation records for 
     oily water separators, incinerators, and boilers;
       ``(ee) piping diagrams;
       ``(ff) e-mail archives;
       ``(gg) receipts for the transfer of materials, including 
     waste disposal;
       ``(hh) air emissions data; and
       ``(ii) electronic and other records of relevant 
     information, including fuel consumption, maintenance, and 
     spares ordering for all waste processing- and pollution-
     related equipment;
       ``(ii) have the authority to interview and otherwise query 
     any crew member with knowledge of cruise vessel operations;
       ``(iii) have access to all data and information made 
     available to government officials under this subsection;
       ``(iv) immediately report any known or suspected violation 
     of this subsection or any other applicable Federal law or 
     international agreement to--

       ``(I) the owner, operator, master, or other person in 
     charge of a cruise vessel;
       ``(II) the Commandant; and
       ``(III) the Administrator;

       ``(v) maintain inspection records to be submitted to the 
     Commandant and the Administrator on a semiannual basis; and
       ``(vi) have authority to conduct the full range of duties 
     of the observers within the United States territorial seas, 
     contiguous zone, and exclusive economic zone.
       ``(E) Program evaluation.--The cruise observer program 
     established and carried out by the Commandant under 
     subparagraph (A) shall include--
       ``(i) a method for collecting and reviewing data relating 
     to the efficiency, sufficiency, and operation of the cruise 
     observer program, including--

       ``(I) the ability to achieve program goals;
       ``(II) cruise vessel personnel cooperation;
       ``(III) necessary equipment and analytical resources; and
       ``(IV) the need for additional observer training; and

       ``(ii) a process for adopting periodic revisions to the 
     program based on the data collected under clause (i).
       ``(F) Observer support.--Not later than 18 months after the 
     date of enactment of this subsection, the Commandant, in 
     consultation with the Administrator, shall implement a 
     program to provide support to observers, including, at a 
     minimum--
       ``(i) training for observers to ensure the ability of the 
     observers to carry out this paragraph;
       ``(ii) necessary equipment and analytical resources, such 
     as laboratories, to carry out the responsibilities 
     established under this subsection; and
       ``(iii) support relating to the administration of the 
     program and the response to any recalcitrant cruise vessel 
     personnel.
       ``(G) Report.--Not later than 3 years after the date of 
     establishment of the program under this paragraph, the 
     Commandant, in consultation with the Administrator, shall 
     submit to Congress a report describing--
       ``(i) the results of the program in terms of observer 
     effectiveness, optimal coverage, environmental benefits, and 
     cruise ship cooperation;
       ``(ii) recommendations for increased effectiveness, 
     including increased training needs and increased equipment 
     needs; and
       ``(iii) other recommendations for improvement of the 
     program.
       ``(6) Rewards.--
       ``(A) Payments to individuals.--
       ``(i) In general.--The Administrator or a court of 
     competent jurisdiction, as the case may be, may order 
     payment, from a civil penalty or criminal fine collected for 
     a violation of this subsection, of an amount not to exceed 
     \1/2\ of the amount of the civil penalty or criminal fine, to 
     any individual who furnishes information that leads to the 
     payment of the civil penalty or criminal fine.
       ``(ii) Multiple individuals.--If 2 or more individuals 
     provide information described in clause (i), the amount 
     available for payment as a reward shall be divided equitably 
     among the individuals.
       ``(iii) Ineligible individuals.--No officer or employee of 
     the United States, a State, or an Indian tribe who furnishes 
     information or renders service in the performance of the 
     official duties of the officer or employee shall be eligible 
     for a reward payment under this paragraph.
       ``(B) Payments to indian tribes.--The Administrator or a 
     court of competent jurisdiction, as the case may be, may 
     order payment, from a civil penalty or criminal fine 
     collected for a violation of this subsection, to an Indian 
     tribe providing information or investigative assistance that 
     leads to payment of the penalty or fine, of an amount that 
     reflects the level of information or investigative assistance 
     provided.
       ``(C) Payments divided among indian tribes and 
     individuals.--In a case in which an Indian tribe and an 
     individual under subparagraph (A) are eligible to receive a 
     reward payment under this paragraph, the Administrator or the 
     court shall divide the

[[Page 12337]]

     amount available for the reward equitably among those 
     recipients.
       ``(7) Liability in rem.--A cruise vessel operated in 
     violation of this subsection or any regulation promulgated 
     under this subsection--
       ``(A) shall be liable in rem for any civil penalty or 
     criminal fine imposed for the violation; and
       ``(B) may be subject to a proceeding instituted in any 
     United States district court of competent jurisdiction.
       ``(8) Permit requirement.--A cruise vessel may operate in 
     the waters of the United States, or visit a port or place 
     under the jurisdiction of the United States, only if the 
     cruise vessel has been issued a permit under this section.
       ``(9) Nonapplicability of certain provisions.--Paragraphs 
     (6)(A) and (12)(B) of section 502 shall not apply to any 
     cruise vessel.
       ``(10) Statutory or common law rights not restricted.--
     Nothing in this subsection--
       ``(A) restricts the rights of any person (or class of 
     persons) to regulate or seek enforcement or other relief 
     (including relief against the Administrator or Commandant) 
     under any statute or common law;
       ``(B) affects the right of any person (or class of persons) 
     to regulate or seek enforcement or other relief with regard 
     to vessels other than cruise vessels under any statute or 
     common law; or
       ``(C) affects the right of any person (or class of persons) 
     under any statute or common law, including this Act, to 
     regulate or seek enforcement or other relief with regard to 
     pollutants or emission streams from cruise vessels that are 
     not otherwise regulated under this subsection.
       ``(11) Establishment of fund; fees.--
       ``(A) Cruise vessel pollution control fund.--
       ``(i) Establishment.--There is established in the general 
     fund of the Treasury a separate account, to be known as the 
     `Cruise Vessel Pollution Control Fund' (referred to in this 
     paragraph as the `Fund').
       ``(ii) Amounts.--The Fund shall consist of such amounts as 
     are deposited in the Fund under subparagraph (B)(vi).
       ``(iii) Availability and use of amounts in fund.--Amounts 
     in the Fund shall be--

       ``(I) available to the Administrator and the Commandant as 
     provided in appropriations Acts; and
       ``(II) used by the Administrator and the Commandant only 
     for purposes of carrying out this subsection.

       ``(B) Fees on cruise vessels.--
       ``(i) In general.--The Commandant and the Administrator 
     shall establish and collect from each cruise vessel a 
     reasonable and appropriate fee for each paying passenger on a 
     cruise vessel voyage, for use in carrying out this 
     subsection.
       ``(ii) Adjustment of fee.--

       ``(I) In general.--The Commandant and the Administrator 
     shall biennially adjust the amount of the fee established 
     under clause (i) to reflect changes in the Consumer Price 
     Index for All Urban Consumers published by the Department of 
     Labor during the most recent 2-year period for which data are 
     available.
       ``(II) Rounding.--The Commandant and the Administrator may 
     round an adjustment under subclause (I) to the nearest 1/10 
     of a dollar.

       ``(iii) Factors in establishing fees.--

       ``(I) In general.--In establishing fees under clause (i), 
     the Commandant and Administrator may establish lower levels 
     of fees and the maximum amount of fees for certain classes of 
     cruise vessels based on--

       ``(aa) size;
       ``(bb) economic share; and
       ``(cc) such other factors as are determined to be 
     appropriate by the Commandant and the Administrator.
       ``(iv) Fee schedules.--Any fee schedule established under 
     clause (i), including the level of fees and the maximum 
     amount of fees, shall take into account--

       ``(I) cruise vessel routes;
       ``(II) the frequency of stops at ports of call by cruise 
     vessels; and
       ``(III) other applicable considerations.

       ``(v) Collection of fees.--A fee established under clause 
     (i) shall be collected by the Administrator or the Commandant 
     from the owner or operator of each cruise vessel to which 
     this subsection applies.
       ``(vi) Deposits to fund.--Notwithstanding any other 
     provision of law, all fees collected under this paragraph, 
     and all penalties and payments collected for violations of 
     this subsection, shall be deposited in the Fund.
       ``(12) Authorization of appropriations.--There are 
     authorized to be appropriated to the Administrator and the 
     Commandant such sums as are necessary to carry out this 
     subsection for each of fiscal years 2010 through 2014.''.

                          ____________________