[House Report 114-629]
[From the U.S. Government Publishing Office]


114th Congress }                                            { Report
                        HOUSE OF REPRESENTATIVES
 2d Session    }                                            { 114-629

======================================================================
 
                SUPPORT FOR RAPID INNOVATION ACT OF 2016

                                _______
                                

 June 21, 2016.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

  Mr. McCaul, from the Committee on Homeland Security, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 5388]

    The Committee on Homeland Security, to whom was referred 
the bill (H.R. 5388) to amend the Homeland Security Act of 2002 
to provide for innovative research and development, and for 
other purposes, having considered the same, reports favorably 
thereon without amendment and recommends that the bill do pass.

                                CONTENTS

                                                                   Page
Purpose and Summary..............................................     1
Background and Need for Legislation..............................     2
Hearings.........................................................     2
Committee Consideration..........................................     3
Committee Votes..................................................     3
Committee Oversight Findings.....................................     3
New Budget Authority, Entitlement Authority, and Tax Expenditures     3
Congressional Budget Office Estimate.............................     3
Statement of General Performance Goals and Objectives............     4
Duplicative Federal Programs.....................................     4
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
  Benefits.......................................................     4
Federal Mandates Statement.......................................     4
Preemption Clarification.........................................     4
Disclosure of Directed Rule Makings..............................     4
Advisory Committee Statement.....................................     4
Applicability to Legislative Branch..............................     5
Section-by-Section Analysis of the Legislation...................     5
Changes in Existing Law Made by the Bill, as Reported............     6

                          Purpose and Summary

    H.R. 5388, the Support for Rapid Innovation Act of 2016, 
requires the Under Secretary for Science and Technology (S&T) 
to support cybersecurity research, development, testing, 
evaluation and transition and to coordinate those activities 
with other Federal agencies, industry, and academia. In service 
to the components of the Department of Homeland Security (DHS), 
the Under Secretary is required to: 1) advance the development 
and deployment of secure information systems; 2) improve and 
create technologies to detect attacks or intrusions; 3) improve 
and create mitigation and recovery methodologies; 4) support 
the review of source code that underpins critical 
infrastructure information systems in coordination with the 
private sector; 5) develop and support tools to support 
cybersecurity research and development efforts; 6) assist the 
development of technologies to reduce vulnerabilities in 
industrial control systems; and 7) develop and support 
forensics and attack attribution capabilities.
    In addition, the bill requires the Under Secretary to 
support the full life cycle of cyber research and development 
projects, identify mature technologies that address existing or 
imminent cybersecurity gaps, and introduce new cybersecurity 
technologies throughout the homeland security enterprise 
through partnerships and commercialization. The Under Secretary 
is directed to target Federally funded cybersecurity research 
that demonstrates a high probability of successful transition 
to the commercial market within two years.
    This bill also extends the timeframe for the Secretary to 
exercise Other Transaction Authority (OTA) until the year 2020. 
In the event that the head of a component seeks to have funds 
expended under OTA, the Secretary must provide prior approval 
after evaluating the component's proposal which must include 
the rationale, funds to be spent, and expected outcomes of the 
project. The Secretary is required to submit an annual report 
to Congress detailing those projects for which OTA was 
authorized.

                  Background and Need for Legislation

    The S&T Directorate was established by Congress in Title 
III of the Homeland Security Act of 2002 (Pub. L. 107-296), and 
is DHS's primary research and development arm. This Directorate 
manages basic and applied research and development of science 
and technology, including cybersecurity research and 
development, for the Department's operational components and 
first responders that protect the homeland. OTA allows the 
Department to engage with nontraditional entities outside the 
regular government contracting mechanisms. Ensuring there are 
mechanisms in place like S&T's cybersecurity research and 
development programs and OTA to support the dynamic nature of 
cybersecurity R&D is essential for addressing homeland security 
capability gaps.

                                Hearings

    No hearings were held on H.R. 5388, however the Committee 
held the following overight hearings.
    On February 12, 2015, the Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies held a 
hearing entitled ``Emerging Threats and Technologies to Protect 
the Homeland.'' The Subcommittee received testimony from Mr. 
Andy Ozment, Assistant Secretary, Office of Cybersecurity and 
Communications, National Protection and Programs Directorate, 
U.S. Department of Homeland Security; Dr. Huban Gowadia, 
Director, Domestic Nuclear Detection Office, U.S. Department of 
Homeland Security; Mr. Joseph Martin, Acting Director, Homeland 
Security Enterprise and First Responders Group, Science and 
Technology Directorate, U.S. Department of Homeland Security; 
Mr. William Noonan, Deputy Special Agent in Charge, Criminal 
Investigative Division, Cyber Operations Branch, United States 
Secret Service, U.S. Department of Homeland Security; and Mr. 
William Painter, Analyst, Government and Finance Division, 
Congressional Research Service, Library of Congress.
    On May 19, 2015, the Subcommittee on Cybersecurity, 
Infrastructure Protection, and Security Technologies held a 
hearing entitled ``Examining DHS Science and Technology 
Directorate's Engagement with Academia and Industry.'' The 
Subcommittee received testimony from Mr. Jake Parker, Director 
Government Relations, Security Industry Association; Mr. Marc 
Pearl, President and Chief Executive Officer, Homeland Security 
and Defense Business Council; and Dr. Samuel H. Aronson, 
President, American Physical Society.

                        Committee Consideration

    The Committee met on June 8, 2016, to consider H.R. 5388, 
and ordered the measure to be reported to the House with a 
favorable recommendation, without amendment, by voice vote.

                            Committee Votes

    Clause 3(b) of Rule XIII of the Rules of the House of 
Representatives requires the Committee to list the recorded 
votes on the motion to report legislation and amendments 
thereto.
    No recorded votes were requested during consideration of 
H.R. 5388.

                      Committee Oversight Findings

    Pursuant to clause 3(c)(1) of Rule XIII of the Rules of the 
House of Representatives, the Committee has held oversight 
hearings and made findings that are reflected in this report.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    In compliance with clause 3(c)(2) of Rule XIII of the Rules 
of the House of Representatives, the Committee finds that H.R. 
5388, the Support for Rapid Innovation Act of 2016, would 
result in no new or increased budget authority, entitlement 
authority, or tax expenditures or revenues.

                  Congressional Budget Office Estimate

    Pursuant to clause 3(c)(3) of Rule XIII of the Rules of the 
House of Representatives, a cost estimate provided by the 
Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974 was not made available to the 
Committee in time for the filing of this report. The Chairman 
of the Committee shall cause such estimate to be printed in the 
Congressional Record upon its receipt by the Committee.

         Statement of General Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of Rule XIII of the Rules of the 
House of Representatives, H.R. 5388 contains the following 
general performance goals and objectives, including outcome 
related goals and objectives authorized.
    This legislation provides for the Secretary of Homeland 
Security to report to Congress on the projects for which OTA is 
used, the rationale for use, the funds spent, the extent of 
cost-sharing, the extent to which the use of the authority 
addresses a homeland security capability gap, the outcome of 
the project and any audits of each project.

                      Duplicative Federal Programs

    Pursuant to clause 3(c) of Rule XIII, the Committee finds 
that H.R. 5388 does not contain any provision that establishes 
or reauthorizes a program known to be duplicative of another 
Federal program.

   Congressional Earmarks, Limited Tax Benefits, and Limited Tariff 
                                Benefits

    In compliance with Rule XXI of the Rules of the House of 
Representatives, this bill, as reported, contains no 
congressional earmarks, limited tax benefits, or limited tariff 
benefits as defined in clause 9(e), 9(f), or 9(g) of the Rule 
XXI.

                       Federal Mandates Statement

    Pursuant to clause 3(c)(3) of Rule XIII of the Rules of the 
House of Representatives, a cost estimate provided by the 
Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974 was not made available to the 
Committee in time for the filing of this report. The Chairman 
of the Committee shall cause such estimate to be printed in the 
Congressional Record upon its receipt by the Committee.

                        Preemption Clarification

    In compliance with section 423 of the Congressional Budget 
Act of 1974, requiring the report of any Committee on a bill or 
joint resolution to include a statement on the extent to which 
the bill or joint resolution is intended to preempt State, 
local, or Tribal law, the Committee finds that H.R. 5388 does 
not preempt any State, local, or Tribal law.

                  Disclosure of Directed Rule Makings

    The Committee estimates that H.R. 5388 would require no 
directed rule makings.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation


Section 1.   Short Title.

    This section provides that this bill may be cited as the 
``Support for Rapid Innovation Act of 2016''.

Sec. 2.   Cybersecurity Research and Development Projects.

    This section amends the Homeland Security Act of 2002 to 
insert a new section entitled ``Sec. 319. Cybersecurity 
Research and Development.''
    This section requires the Under Secretary for Science and 
Technology to support research, development, testing, 
evaluation, and transition of cybersecurity technologies that 
will: 1) advance the development and deployment of secure 
information systems; 2) improve and create technologies to 
detect attacks or intrusions; 3) improve and create mitigation 
and recovery methodologies; 4) support the review of source 
code that underpins critical infrastructure information systems 
in coordination with the private sector; 5) develop and support 
tools to support cybersecurity research and development 
efforts; 6) assist the development of technologies to reduce 
vulnerabilities in industrial control systems; and 7) develop 
and support forensics and attack attribution capabilities. This 
section also requires the Under Secretary to coordinate these 
cybersecurity activities with other relevant Federal agencies, 
and industry and academia. The Committee intends for this 
coordination to include inter-agency Federal programs like the 
Networking and Information Technology Research and Development 
program as well as technology-based small businesses and 
startup ventures.
    Additionally, this section codifies in law the Transition 
to Practice program that currently is being administered by the 
Under Secretary to support the life cycle of projects, 
including research, development, testing, evaluation, pilots, 
and transitions. This section requires the Under Secretary to 
target federally funded research that demonstrates a high 
probability of successful transition to the commercial market 
within two years that is expected to have a notable impact on 
public or private information systems and networks.
    The Committee intends for the research and development to 
support the development of technologies targeted at detecting 
and analyzing known and unknown intrusions and anomalous 
behavior, as well as managing data loss and manipulation with 
attention to insider threats. These efforts shall seek to 
enhance capabilities to identify emerging methods of carrying 
out cyber attacks and to mitigate the effects of cyber attacks 
and intrusions.
    The Committee is supportive of the Transition to Practice 
program, which takes advantage of research already conducted 
and funds already spent to support robust cyber tools 
nationwide. Where appropriate, the Committee encourages the 
Under Secretary to utilize the Department of Energy and 
Federally Funded Research and Development Centers and academic 
institutions funded by the National Science Foundation (NSF). 
The Committee intends for the Under Secretary to introduce new 
technologies and capabilities throughout the homeland security 
enterprise.
    This section also amends section 831 of the HSA, extending 
Other Transaction Authority (OTA) until 2020 and requiring the 
Secretary to approve OTA prior to its use. This section updates 
existing reporting requirements and requires training of 
acquisition staff in the use of OTA.
    The Committee encourages the Under Secretary to support the 
transition of innovative or emerging cyber technologies that 
currently are not procured by the Federal government but may 
offer novel or groundbreaking methods to address cyber 
capability gaps. The Committee intends for the Secretary to 
engage the Under Secretary for Science and Technology in the 
evaluation of OTA requests not involving the Science and 
Technology Directorate.
    No additional funds are authorized to be appropriated to 
carry out this Act or the amendments made by this Act.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italics, and existing law in which no 
change is proposed is shown in roman):

                     HOMELAND SECURITY ACT OF 2002


SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

  (a) Short Title.--This Act may be cited as the ``Homeland 
Security Act of 2002''.
  (b) Table of Contents.--The table of contents for this Act is 
as follows:

     * * * * * * *

    TITLE III--SCIENCE AND TECHNOLOGY IN SUPPORT OF HOMELAND SECURITY

     * * * * * * *
Sec. 319. Cybersecurity research and development.

           *       *       *       *       *       *       *


TITLE III--SCIENCE AND TECHNOLOGY IN SUPPORT OF HOMELAND SECURITY

           *       *       *       *       *       *       *


SEC. 319. CYBERSECURITY RESEARCH AND DEVELOPMENT.

  (a) In General.--The Under Secretary for Science and 
Technology shall support the research, development, testing, 
evaluation, and transition of cybersecurity technologies, 
including fundamental research to improve the sharing of 
information, analytics, and methodologies related to 
cybersecurity risks and incidents, consistent with current law.
  (b) Activities.--The research and development supported under 
subsection (a) shall serve the components of the Department and 
shall--
          (1) advance the development and accelerate the 
        deployment of more secure information systems;
          (2) improve and create technologies for detecting 
        attacks or intrusions, including real-time continuous 
        diagnostics and real-time analytic technologies;
          (3) improve and create mitigation and recovery 
        methodologies, including techniques and policies for 
        real-time containment of attacks, and development of 
        resilient networks and information systems;
          (4) support, in coordination with non-Federal 
        entities, the review of source code that underpins 
        critical infrastructure information systems;
          (5) develop and support infrastructure and tools to 
        support cybersecurity research and development efforts, 
        including modeling, testbeds, and data sets for 
        assessment of new cybersecurity technologies;
          (6) assist the development and support of 
        technologies to reduce vulnerabilities in industrial 
        control systems; and
          (7) develop and support cyber forensics and attack 
        attribution capabilities.
  (c) Coordination.--In carrying out this section, the Under 
Secretary for Science and Technology shall coordinate 
activities with--
          (1) the Under Secretary appointed pursuant to section 
        103(a)(1)(H);
          (2) the heads of other relevant Federal departments 
        and agencies, as appropriate; and
          (3) industry and academia.
  (d) Transition to Practice.--The Under Secretary for Science 
and Technology shall support projects carried out under this 
title through the full life cycle of such projects, including 
research, development, testing, evaluation, pilots, and 
transitions. The Under Secretary shall identify mature 
technologies that address existing or imminent cybersecurity 
gaps in public or private information systems and networks of 
information systems, identify and support necessary 
improvements identified during pilot programs and testing and 
evaluation activities, and introduce new cybersecurity 
technologies throughout the homeland security enterprise 
through partnerships and commercialization. The Under Secretary 
shall target federally funded cybersecurity research that 
demonstrates a high probability of successful transition to the 
commercial market within two years and that is expected to have 
a notable impact on the public or private information systems 
and networks of information systems.
  (e) Definitions.--In this section:
          (1) Cybersecurity risk.--The term ``cybersecurity 
        risk'' has the meaning given such term in section 227.
          (2) Homeland security enterprise.--The term 
        ``homeland security enterprise'' means relevant 
        governmental and nongovernmental entities involved in 
        homeland security, including Federal, State, local, and 
        tribal government officials, private sector 
        representatives, academics, and other policy experts.
          (3) Incident.--The term ``incident'' has the meaning 
        given such term in section 227.
          (4) Information system.--The term ``information 
        system'' has the meaning given such term in section 
        3502(8) of title 44, United States Code.

           *       *       *       *       *       *       *


TITLE VIII--COORDINATION WITH NON-FEDERAL ENTITIES; INSPECTOR GENERAL; 
UNITED STATES SECRET SERVICE; COAST GUARD; GENERAL PROVISIONS

           *       *       *       *       *       *       *


                        Subtitle D--Acquisitions

SEC. 831. RESEARCH AND DEVELOPMENT PROJECTS.

  (a) Authority.--Until September 30, [2016] 2020, and subject 
to subsection (d), the Secretary may carry out a pilot program 
under which the Secretary may exercise the following 
authorities:
          (1) In general.--When the Secretary carries out 
        basic, applied, and advanced research and development 
        projects, including the expenditure of funds for such 
        projects, the Secretary may exercise the same authority 
        (subject to the same limitations and conditions) with 
        respect to such research and projects as the Secretary 
        of Defense may exercise under section 2371 of title 10, 
        United States Code (except for subsections (b) and 
        (f)), after making a determination that the use of a 
        contract, grant, or cooperative agreement for such 
        project is not feasible or appropriate. [The annual 
        report required under subsection (b) of this section, 
        as applied to the Secretary by this paragraph, shall be 
        submitted to the President of the Senate and the 
        Speaker of the House of Representatives.]
          (2) Prototype projects.--The Secretary may, under the 
        authority of paragraph (1), carry out prototype 
        projects in accordance with the requirements and 
        conditions provided for carrying out prototype projects 
        under section 845 of the National Defense Authorization 
        Act for Fiscal Year 1994 (Public Law 103-160). In 
        applying the authorities of that section 845, 
        subsection (c) of that section shall apply with respect 
        to prototype projects under this paragraph, and the 
        Secretary shall perform the functions of the Secretary 
        of Defense under subsection (d) thereof.
          (3) Prior approval.--In any case in which the head of 
        a component or office of the Department seeks to 
        utilize the authority under this section, such head 
        shall first receive prior approval from the Secretary 
        by providing to the Secretary a proposal that includes 
        the rationale for the utilization of such authority, 
        the funds to be spent on the use of such authority, and 
        the expected outcome for each project that is the 
        subject of the use of such authority. In such a case, 
        the authority for evaluating the proposal may not be 
        delegated by the Secretary to anyone other than the 
        Under Secretary for Management.
  (b) Procurement of Temporary and Intermittent Services.--The 
Secretary may--
          (1) procure the temporary or intermittent services of 
        experts or consultants (or organizations thereof) in 
        accordance with section 3109(b) of title 5, United 
        States Code; and
          (2) whenever necessary due to an urgent homeland 
        security need, procure temporary (not to exceed 1 year) 
        or intermittent personal services, including the 
        services of experts or consultants (or organizations 
        thereof), without regard to the pay limitations of such 
        section 3109.
  (c) Additional Requirements.--
          (1) In general.--The authority of the Secretary under 
        this section shall terminate September 30, [2016] 2020, 
        unless before that date the Secretary--
                  (A) issues policy guidance detailing the 
                appropriate use of that authority; and
                  (B) provides training to each employee that 
                is authorized to exercise that authority.
          [(2) Report.--The Secretary shall provide an annual 
        report to the Committees on Appropriations of the 
        Senate and the House of Representatives, the Committee 
        on Homeland Security and Governmental Affairs of the 
        Senate, and the Committee on Homeland Security of the 
        House of Representatives detailing the projects for 
        which the authority granted by subsection (a) was used, 
        the rationale for its use, the funds spent using that 
        authority, the outcome of each project for which that 
        authority was used, and the results of any audits of 
        such projects.]
          (2) Report.--The Secretary shall annually submit to 
        the Committee on Homeland Security and the Committee on 
        Science, Space, and Technology of the House of 
        Representatives and the Committee on Homeland Security 
        and Governmental Affairs of the Senate a report 
        detailing the projects for which the authority granted 
        by subsection (a) was utilized, the rationale for such 
        utilizations, the funds spent utilizing such authority, 
        the extent of cost-sharing for such projects among 
        Federal and non-Federal sources, the extent to which 
        utilization of such authority has addressed a homeland 
        security capability gap or threat to the homeland 
        identified by the Department, the total amount of 
        payments, if any, that were received by the Federal 
        Government as a result of the utilization of such 
        authority during the period covered by each such 
        report, the outcome of each project for which such 
        authority was utilized, and the results of any audits 
        of such projects.
  (d) Definition of Nontraditional Government Contractor.--In 
this section, the term ``nontraditional Government contractor'' 
has the same meaning as the term ``nontraditional defense 
contractor'' as defined in section 845(e) of the National 
Defense Authorization Act for Fiscal Year 1994 (Public Law 103-
160; 10 U.S.C. 2371 note).
  (e) Training.--The Secretary shall develop a training program 
for acquisitions staff on the utilization of the authority 
provided under subsection (a).

           *       *       *       *       *       *       *