[Senate Report 116-266]
[From the U.S. Government Publishing Office]


                                                     Calendar No. 529
116th Congress      }                                   {       Report
                                 SENATE
 2d Session         }                                   {       116-266
_______________________________________________________________________

                                     

                                                       

                   NATIONAL INFRASTRUCTURE SIMULATION

           AND ANALYSIS CENTER PANDEMIC MODELING ACT OF 2020

                               __________

                              R E P O R T

                                 of the

                   COMMITTEE ON HOMELAND SECURITY AND

                          GOVERNMENTAL AFFAIRS

                          UNITED STATES SENATE

                              to accompany

                                S. 4157

             TO AMEND THE HOMELAND SECURITY ACT OF 2002 TO
          EXPAND THE AUTHORITY OF THE NATIONAL INFRASTRUCTURE
         SIMULATION AND ANALYSIS CENTER, AND FOR OTHER PURPOSES

               
               
               
               [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]





               September 9, 2020.--Ordered to be printed


                                  __________


                        U.S. GOVERNMENT PUBLISHING OFFICE
                        
99-010                           WASHINGTON : 2020










        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin, Chairman
ROB PORTMAN, Ohio                    GARY C. PETERS, Michigan
RAND PAUL, Kentucky                  THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma             MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah                    KAMALA D. HARRIS, California
RICK SCOTT, Florida                  KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming             JACKY ROSEN, Nevada
JOSH HAWLEY, Missouri

                Gabrielle D'Adamo Singer, Staff Director
                   Joseph C. Folio III, Chief Counsel
              Colleen E. Berny, Professional Staff Member
               David M. Weinberg, Minority Staff Director
               Zachary I. Schram, Minority Chief Counsel
 Christopher J. Mulkins, Minority Deputy Director of Homeland Security
                     Laura W. Kilbride, Chief Clerk









                                                      Calendar No. 529
116th Congress      }                                   {       Report
                                 SENATE
 2d Session         }                                   {       116-266

======================================================================



 
    NATIONAL INFRASTRUCTURE SIMULATION AND ANALYSIS CENTER PANDEMIC 
                          MODELING ACT OF 2020

                                _______
                                

               September 9, 2020.--Ordered to be printed

                                _______
                                

 Mr. Johnson, from the Committee on Homeland Security and Governmental 
                    Affairs, submitted the following

                              R E P O R T

                         [To accompany S. 4157]

      [Including cost estimate of the Congressional Budget Office]

    The Committee on Homeland Security and Governmental 
Affairs, to which was referred the bill (S. 4157) to amend the 
Homeland Security Act of 2002 to expand the authority of the 
National Infrastructure Simulation and Analysis Center, and for 
other purposes, having considered the same, reports favorably 
thereon with an amendment in the nature of a substitute and 
recommends that the bill, as amended, do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................1
 II. Background and Need for the Legislation..........................2
III. Legislative History..............................................4
 IV. Section-by-Section Analysis......................................5
  V. Evaluation of Regulatory Impact..................................5
 VI. Congressional Budget Office Cost Estimate........................6
VII. Changes in Existing Law Made by the Bill, as Reported............7

                         I. Purpose and Summary

    S. 4157, the National Infrastructure Simulation and 
Analysis Center Pandemic Modeling Act of 2020, incorporates 
``pandemic,'' and ``such other activities as determined 
appropriate'' by the Director of the Department of Homeland 
Security's (``DHS'' or ``Department'') Cybersecurity and 
Infrastructure Security Agency (CISA), into the National 
Infrastructure Simulation and Analysis Center's (NISAC) 
authority and capabilities. It also requires the relevant 
Federal agencies and departments, including those designated 
under Presidential Policy Directive-21 (PPD-21), to receive the 
NISAC's modeling, simulation, and analysis upon request and 
within 15 days of completion.
    This bill also requires the Director of CISA to comply with 
a number of reporting requirements to the relevant Federal 
agencies, departments, and Congress for greater transparency, 
including additional information on the NISAC's current 
projects and priorities, a catalogue of the NISAC's projects 
from fiscal year (FY) 2014 through FY 2020, and a pandemic 
portfolio summary.
    Finally, this bill requires the Director of CISA to brief 
the Committee on Homeland Security and Governmental Affairs of 
the Senate and the Committee on Homeland Security of the House 
of Representatives within six months of the bill's enactment, 
and every six months thereafter for two years, on the NISAC's 
ongoing pandemic modeling, simulation, and analysis efforts and 
activities.

              II. Background and the Need for Legislation

    DHS's NISAC is responsible for conducting simulation, 
modeling, and analysis of cyber and physical risks to the 
nation's sixteen critical infrastructure sectors.\1\ The NISAC 
started as a partnership between Sandia National Laboratories 
and Los Alamos National Laboratory in 1999, and was 
subsequently integrated into DHS in 2003.\2\ The NISAC was 
previously housed under the former National Protection and 
Programs Directorate's Office of Cyber and Infrastructure 
Analysis.\3\ The NISAC now resides within CISA's National Risk 
Management Center (NRMC).\4\ The NRMC is CISA's risk advisor, 
``leveraging sector and stakeholder expertise to identify the 
most significant risks to the nation, and to coordinate risk 
reduction activities to ensure critical infrastructure is 
secure and resilient . . . .''\5\ DHS's NISAC has an array of 
expertise, and still maintains its partnership with the 
National Laboratories.\6\
---------------------------------------------------------------------------
    \1\About the National Infrastructure Simulation and Analysis 
Center, U.S. Dep't of Homeland Security, https://www.dhs.gov/about-
national-infrastructure-simulation-and-analysis-center (last updated 
June 27, 2016). See also James Platt, U.S. Cybersecurity and 
Infrastructure Security Agency, National Risk Management Center (June 
2019), https://www.gps.gov/governance/advisory/meetings/2019-06/
platt.pdf (referring to NISAC slide).
    \2\About the National Infrastructure Simulation and Analysis 
Center, supra note 1.
    \3\Id. (describing NISAC's then location in OCIA).
    \4\Platt, supra note 1.
    \5\National Risk Management, Cybersecurity and Infrastructure 
Security Agency, https://www.cisa.gov/national-risk-management (last 
visited Aug. 3, 2020).
    \6\Platt, supra note 1.
---------------------------------------------------------------------------
    Over the years, the NISAC has conducted a range of 
modeling, simulation, and analysis to support risk mitigation, 
policymakers, and private sector partners.\7\ This includes 
analyses of the nation's chemical supply chain, water systems, 
electric grid, and various hurricane scenarios.\8\ In addition, 
the NISAC has completed modeling, simulation, and analysis 
surrounding pandemics, including the 2007 H5N1 bird flu, 2009 
H1N1 influenza, 2014 Ebola virus disease, and 2016 Zika virus 
disease.\9\ The NISAC has also completed more general pandemic 
work, such as assessing the impact of a pandemic to the 
nation's lifeline critical infrastructure in 2015,\10\ and 
pandemic modeling focused on the State of Washington in 
2017.\11\
---------------------------------------------------------------------------
    \7\About the National Infrastructure Simulation and Analysis 
Center, supra note 1.
    \8\Id.
    \9\Id. See also Call from Majority and Minority Staff, U.S. Senate 
Committee on Homeland Security and Governmental Affairs, to Bob 
Kolasky, Director, National Risk Management Center, and supporting 
staff, National Risk Management Center and National Infrastructure 
Simulation and Analysis Center (April 15, 2020, 11:00 AM) (notes on 
file with Committee Majority staff).
    \10\Office of Cyber and Infrastructure Analysis, U.S. Dep't of 
Homeland Sec., Pandemic Impacts to Lifeline Critical Infrastructure 1, 
3 (2015), https://content.govdelivery.com/attachments/MIMSP/2015/08/05/
file_attachments/414079/OCIA%2B-%2BPandemic%2BImpacts%2B
to%2BLifeline%2BCritical%2BInfrastructure.pdf.
    \11\Call from Majority and Minority Staff, U.S. Senate Committee on 
Homeland Security and Governmental Affairs, to Bob Kolasky, Director, 
National Risk Management Center, and supporting staff, National Risk 
Management Center and National Infrastructure Simulation and Analysis 
Center, supra note 9.
---------------------------------------------------------------------------
    On December 31, 2019, the World Health Organization (WHO) 
was notified of a pneumonia outbreak in Wuhan, China.\12\ In 
early January 2020, Chinese scientists confirmed the discovery 
of a novel coronavirus,\13\ which was later designated ``COVID-
19'' by the WHO.\14\ On January 21, 2020, the first COVID-19 
case in the United States was confirmed by the Centers for 
Disease Control and Prevention (CDC) in the State of 
Washington.\15\ Since that time, COVID-19 has spread rapidly 
throughout the world. As of September 3, 2020, over 26 million 
cases and 864,153 deaths have been confirmed worldwide, 
including 6.1 million cases and 186,018 deaths in the United 
States alone.\16\
---------------------------------------------------------------------------
    \12\Pneumonia Of Unknown Cause--China, World Health Org. (Jan. 5, 
2020), https://www.who.int/csr/don/05-january-2020-pneumonia-of-unkown-
cause-china/en/.
    \13\Natasha Khan, New Virus Discovered by Chinese Scientists 
Investigating Pneumonia Outbreak, Wall St. J., (Jan. 8, 2020), https://
www.wsj.com/articles/new-virus-discovered-by-chinese-scientists-
investigating-pneumonia-outbreak-11578485668.
    \14\Naming the coronavirus disease (COVID-19) and the virus that 
causes it, World Health Org., https://www.who.int/emergencies/diseases/
novel-coronavirus-2019/technical-guidance/naming-the-coronavirus-
disease-(covid-2019)-and-the-virus-that-causes-it (last visited Aug. 3, 
2020).
    \15\Press Release, Ctrs. for Disease Control & Prevention, First 
Travel-Related Case of 2019 Novel Coronavirus Detected in United States 
(Jan. 21, 2020), https://www.cdc.gov/media/releases/2020/p0121-novel-
coronavirus-travel-case.html.
    \16\COVID-19 Dashboard by the Center for Systems Science and 
Engineering (CSSE), Johns Hopkins U. of Med., Coronavirus Resource 
Ctr., https://coronavirus.jhu.edu/map.html.
---------------------------------------------------------------------------
    As the United States responded to the COVID-19 national 
emergency,\17\ news reports circulated in March that the NISAC 
ceased its pandemic work in 2017.\18\ This was confirmed during 
a bipartisan Committee staff phone call with officials from the 
NRMC and NISAC on April 15, 2020.\19\ According to news 
reports, the pandemic projects were halted to prioritize other 
work, such as hurricanes, cybersecurity, and election 
security.\20\ In addition, some DHS officials believed the CDC 
was best suited to conduct such types of analysis.\21\
---------------------------------------------------------------------------
    \17\Proclamation No. 9994, 85 Fed. Reg. 15,337 (Mar. 18, 2020), 
https://www.whitehouse.gov/presidential-actions/proclamation-declaring-
national-emergency-concerning-novel-coronavirus-disease-covid-19-
outbreak/.
    \18\Daniel Lippman, DHS Wound Down Pandemic Models Before 
Coronavirus Struck, POLITICO (Mar. 24, 2020, 8:47 PM), https://
www.politico.com/news/2020/03/24/dhs-pandemic-coronavirus-146884; see 
also Kayla Epstein, A Bureaucratic Fight Halted a Vital Department of 
Homeland Security Program that Helped Model Pandemics in 2017, Bus. 
Insider (Mar. 25, 2020, 11:44 AM), https://www.businessinsider.com/
coronavirus-dhs-reportedly-shut-down-pandemic-modeling-program-in-2017-
2020-3.
    \19\Call from Majority and Minority Staff, U.S. Senate Committee on 
Homeland Security and Governmental Affairs, to Bob Kolasky, Director, 
National Risk Management Center, and supporting staff, National Risk 
Management Center and National Infrastructure Simulation and Analysis 
Center, supra note 9.
    \20\Lippman, supra note 19; see also Epstein, supra note 18.
    \21\Id.
---------------------------------------------------------------------------
    It was also reported that officials at the Department of 
Health and Human Services requested DHS provide the NISAC's 
prior pandemic reports to assist in their response.\22\ 
However, DHS officials had issues locating these prior pandemic 
analyses, including reports from 2007 (H5N1), 2009 (H1N1), and 
a 2014 (Ebola) exercise.\23\ According to one agency official, 
``[n]obody even knew where any of the documents were anymore . 
. . .''\24\
---------------------------------------------------------------------------
    \22\Lippman, supra note 18.
    \23\Id.
    \24\Id.
---------------------------------------------------------------------------
    If readily available when needed, the past pandemic 
modeling, simulation, and analyses conducted by the NISAC could 
have assisted the Federal Government's response to the COVID-19 
pandemic and national emergency. For example, during the 2014 
Ebola outbreak, the NISAC was utilized to support policymakers 
``on deliberations about banning travel from certain countries 
based on risk, whether to close any borders and how to spend 
money on airport screening . . . .''\25\ In addition, a 2015 
report found that the healthcare and public health sector would 
be one of the most impacted critical infrastructure sectors 
during a pandemic.\26\ Specifically, this sector ``will have to 
prioritize limited resources to treat pandemic victims,''\27\ 
and ``may also experience significant shortages in vaccines, 
antivirals, pharmaceuticals needed to treat secondary 
infections and complications, personal protective equipment 
(PPE), and medical equipment, including ventilators.''\28\ 
According to NRMC and NISAC officials, there are current 
projects supporting the response to the COVID-19 pandemic and 
national emergency, as well as work specifically focused on 
it.\29\ This includes how the COVID-19 pandemic is impacting 
the national critical functions and the use of PPE by critical 
infrastructure workers.\30\
---------------------------------------------------------------------------
    \25\Id.
    \26\Office of Cyber and Infrastructure Analysis, supra note 10, at 
1, 4-5.
    \27\Id. at 4.
    \28\Id. at 4-5.
    \29\Call from Majority and Minority Staff, U.S. Senate Committee on 
Homeland Security and Governmental Affairs, to Bob Kolasky, Director, 
National Risk Management Center, and supporting staff, National Risk 
Management Center and National Infrastructure Simulation and Analysis 
Center, supra note 9.
    \30\Id.
---------------------------------------------------------------------------
    The NISAC is a valuable tool to increase situational 
awareness about the threats posed by pandemics. As such, DHS 
should prioritize efforts to reform the NISAC, particularly 
surrounding pandemic modeling, simulation, and analysis. S. 
4157 clarifies the NISAC's authority and capabilities. The bill 
also ensures that the relevant Federal agencies, departments, 
and Congress receive information on the NISAC's current 
projects and priorities, prior work, and specific pandemic 
information.

                        III. Legislative History

    On July 2, 2020, Chairman Ron Johnson (R-WI) introduced S. 
4157, the National Infrastructure Simulation and Analysis 
Center Pandemic Modeling Act of 2020, which was referred to the 
Committee on Homeland Security and Governmental Affairs. 
Ranking Member Gary Peters (D-MI) and Senator Margaret Wood 
Hassan (D-NH) later joined as cosponsors.
    The Committee considered S. 4157 at a business meeting on 
July 22, 2020. During the business meeting, Chairman Johnson 
and Ranking Member Peters offered an amendment in the nature of 
a substitute. The Johnson-Peters substitute amendment adds an 
annual reporting requirement for the NISAC to provide Federal 
agencies a report on its priorities, as well as a summary of 
each completed project, key findings, and recommendations. The 
substitute amendment also requires that this report be provided 
to appropriate congressional committeesalong with a briefing on 
how the NISAC is applying its information and analysis on to the 
current COVID-19 pandemic and future pandemics.
    The Committee favorably reported the bill en bloc, as 
amended by the Johnson-Peters Substitute Amendment, by voice 
vote. Senators present for the vote were: Johnson, Portman, 
Paul, Lankford, Romney, Scott, Enzi, Hawley, Peters, Carper, 
Hassan, Harris, and Rosen.

        IV. Section-by-Section Analysis of the Bill, as Reported


Section 1. Short title

    This section provides the bill's short title, the 
``National Infrastructure Simulation and Analysis Center 
Pandemic Modeling Act of 2020.''

Section 2. National Infrastructure Simulation and Analysis Center

    Section 2 amends the Homeland Security Act of 2002 to 
incorporate ``pandemic'' and ``such other activities as 
determined appropriate'' by the Director of CISA into the 
NISAC's authority and capabilities. This section also requires 
the relevant federal agencies and departments, including those 
designated under PPD-21, receive the NISAC's modeling, 
simulation, and analysis upon request and within 15 days of 
completion.

Section 3. Reporting and briefing requirements

    Subsection (a) adds reporting requirements to the 
appropriate federal agencies and departments with critical 
infrastructure duties, as designated under PPD-21. This 
includes information on the NISAC's current projects and 
priorities, a catalogue of the NISAC's projects from FY 2014 
through FY 2020, and a pandemic portfolio summary.
    Subsection (b) adds reporting requirements to the Committee 
on Homeland Security and Governmental Affairs of the Senate and 
the Committee on Homeland Security of the House of 
Representatives. This includes information on the NISAC's 
current projects and priorities, a catalogue of the NISAC's 
projects from FY 2014 through FY 2020, and a pandemic portfolio 
summary.
    Finally, subsection (c) requires the Director of CISA to 
provide a pandemic portfolio briefing to the Committee on 
Homeland Security and Governmental Affairs of the Senate and 
the Committee on Homeland Security of the House of 
Representatives within 180 days, and every six months after for 
two years. This includes information on the NISAC's ongoing 
pandemic efforts and how DHS is applying this information to 
its present and forthcoming work on COVID-19.

                   V. Evaluation of Regulatory Impact

    Pursuant to the requirements of paragraph 11(b) of rule 
XXVI of the Standing Rules of the Senate, the Committee has 
considered the regulatory impact of this bill and determined 
that the bill will have no regulatory impact within the meaning 
of the rules. The Committee agrees with the Congressional 
Budget Office's statement that the bill contains no 
intergovernmental or private-sector mandates as defined in the 
Unfunded Mandates Reform Act (UMRA) and would impose no costs 
on state, local, or tribal governments.

             VI. Congressional Budget Office Cost Estimate

                                     U.S. Congress,
                               Congressional Budget Office,
                                    Washington, DC, August 5, 2020.
Hon. Ron Johnson,
Chairman, Committee on Homeland Security and Governmental Affairs, U.S. 
        Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 4157, the National 
Infrastructure Simulation and Analysis Center Pandemic Modeling 
Act of 2020.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contact is Aldo 
Prosperi.
            Sincerely,
                                         Phillip L. Swagel,
                                                          Director.
    Enclosure.

    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
    

    S. 4157 would require the Cybersecurity and Infrastructure 
Security Agency (CISA) to create a computer model to simulate 
the cascading consequences of a pandemic on critical 
infrastructure such as hospitals and manufacturing supply 
chains. The bill also would require CISA to report to the 
Congress and other federal entities on the results of those 
simulations.
    On the basis of information from CISA about the costs to 
create similar simulations and satisfy reporting requirements, 
CBO estimates that implementing S. 4157 would cost $1 million 
over the 2020-2025 period; such spending would be subject to 
the availability of appropriations. For this estimate, CBO 
assumes that the legislation will be enacted near the start of 
fiscal year 2021. The CBO staff contact for this estimate is 
Aldo Prosperi. The estimate was reviewed by Leo Lex, Deputy 
Director of Budget Analysis.

       VII. Changes in Existing Law Made by the Bill, as Reported

    In compliance with paragraph 12 of rule XXVI of the 
Standing Rules of the Senate, changes in existing law made by 
the bill, as reported, are shown as follows: (existing law 
proposed to be omitted is enclosed in brackets, new matter is 
printed in italic, and existing law in which no change is 
proposed is shown in roman):

HOMELAND SECURITY ACT OF 2002

           *       *       *       *       *       *       *


TITLE V: NATIONAL EMERGENCY MANAGEMENT

           *       *       *       *       *       *       *


SEC. 511. THE NATIONAL INFRASTRUCTURE SIMULATION AND ANALYSIS CENTER.

    (a) * * *
    (b) Authority.--
          (1) In general.--There is in the Department the 
        National Infrastructure Simulation and Analysis Center 
        which shall serve as a source of national expertise to 
        address critical infrastructure protection and 
        continuity through support for activities related to--
                  (A) counterterrorism, threat assessment, and 
                risk mitigation; [and]
                (B) a natural disaster, pandemic, act of 
                terrorism, or other manmade disaster[.]; and
                (C) such other activities as determined 
                appropriate by the Director of the 
                Cybersecurity and Infrastructure Security 
                Agency.
          (2) Infrastructure modeling.--
                  (A) * * *
                  (B) * * *
                  (C) Purpose.--
                          (i) In general.--The purpose of the 
                        relationship under subparagraph (B) 
                        shall be to permit each Federal agency 
                        and department described in 
                        subparagraph (B) to take full advantage 
                        of the capabilities of the National 
                        Infrastructure Simulation and Analysis 
                        Center (particularly vulnerability and 
                        consequence analysis), consistent with 
                        its work load capacity and priorities, 
                        for real-time response to reported and 
                        projected natural disasters, pandemics, 
                        acts of terrorism, [and other man-made 
                        disasters] other man-made disasters, 
                        and such other activities as determined 
                        appropriate by the Director of the 
                        Cybersecurity and Infrastructure 
                        Security Agency.
                          (ii) Recipient of certain support.--
                        Modeling, simulation, and analysis 
                        provided under this subsection shall be 
                        provided to relevant Federal agencies 
                        and departments upon request and not 
                        later than 15 days after completion, 
                        including Federal agencies and 
                        departments with critical 
                        infrastructure responsibilities under 
                        Homeland Security Presidential 
                        Directive 7, or any successor to such 
                        directive.

           *       *       *       *       *       *       *


                                  [all]