[House Report 117-324]
[From the U.S. Government Publishing Office]
117th Congress } { Report
HOUSE OF REPRESENTATIVES
2d Session } { 117-324
======================================================================
PRESIDENT'S CUP CYBERSECURITY COMPETITION ACT
_______
May 13, 2022.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. Thompson of Mississippi, from the Committee on Homeland Security,
submitted the following
R E P O R T
[To accompany H.R. 6824]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security, to whom was referred
the bill (H.R. 6824) to authorize the Cybersecurity and
Infrastructure Security Agency of the Department of Homeland
Security to hold an annual cybersecurity competition relating
to offensive and defensive cybersecurity disciplines, and for
other purposes, having considered the same, reports favorably
thereon with an amendment and recommends that the bill as
amended do pass.
CONTENTS
Page
Purpose and Summary.............................................. 3
Background and Need for Legislation.............................. 3
Hearing.......................................................... 4
Committee Consideration.......................................... 4
Committee Votes.................................................. 4
Committee Oversight Findings..................................... 5
C.B.O. Estimate, New Budget Authority, Entitlement Authority, and
Tax Expenditures............................................... 5
Federal Mandates Statement....................................... 7
Duplicative Federal Programs..................................... 7
Statement of General Performance Goals and Objectives............ 7
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits....................................................... 7
Advisory Committee Statement..................................... 7
Applicability to Legislative Branch.............................. 7
Section-by-Section Analysis of the Legislation................... 7
The amendment is as follows:
Strike all after the enacting clause and insert the
following:
SECTION 1. SHORT TITLE.
This Act may be cited as the ``President's Cup Cybersecurity
Competition Act''.
SEC. 2. PRESIDENT'S CUP CYBERSECURITY COMPETITION.
(a) In General.--The Director of the Cybersecurity and Infrastructure
Security Agency (referred to in this section as the ``Director'') of
the Department of Homeland Security is authorized to hold an annual
cybersecurity competition to be known as the ``Department of Homeland
Security Cybersecurity and Infrastructure Security Agency's President's
Cup Cybersecurity Competition'' (in this section referred to as the
``competition'') for the purpose of identifying, challenging, and
competitively awarding prizes, including cash prizes, to the United
States Government's best cybersecurity practitioners and teams across
offensive and defensive cybersecurity disciplines.
(b) Competition Design.--
(1) In general.--Notwithstanding section 1342 of title 31,
United States Code, the Director, in carrying out the
competition, may consult with, and consider advice from, any
person who has experience or expertise in the development,
design, or execution of cybersecurity competitions.
(2) Limitation.--The Federal Advisory Committee Act (5 U.S.C.
App.) shall not apply to consultations pursuant to this
section.
(3) Prohibition.--A person with whom the Director consults
under paragraph (1) may not--
(A) receive pay by reason of being so consulted; or
(B) be considered an employee of the Federal
Government by reason of so consulting.
(c) Eligibility.--To be eligible to participate in the competition,
an individual shall be a Federal civilian employee or member of the
uniformed services (as such term is defined in section 2101(3) of title
5, United States Code) and shall comply with any rules promulgated by
the Director regarding the competition.
(d) Competition Administration.--The Director may enter into a grant,
contract, cooperative agreement, or other agreement with a private
sector for-profit or nonprofit entity or State or local government
agency to administer the competition.
(e) Competition Parameters.--Each competition shall incorporate the
following elements:
(1) Cybersecurity skills outlined in the National Initiative
for Cybersecurity Education Framework, or any successor
framework.
(2) Individual and team events.
(3) Categories demonstrating offensive and defensive cyber
operations, such as software reverse engineering and
exploitation, network operations, forensics, big data analysis,
cyber analysis, cyber defense, cyber exploitation, secure
programming, obfuscated coding, or cyber-physical systems.
(4) Any other elements related to paragraphs (1), (2), or (3)
as determined necessary by the Director.
(f) Funding.--Support for the competition, including financial
support for the design and administration of the competition or funds
for a cash prize, may consist of--
(1) amounts appropriated pursuant to appropriations Acts or
otherwise made available for such purpose; and
(2) funds provided by other Federal agencies, which--
(A) shall be credited to, and in addition to, any
amounts appropriated or otherwise made available
pursuant to paragraph (1) to carry out this section;
and
(B) may be obligated and expended for such purpose by
the Secretary of the Homeland Security, acting through
the Director.
(g) Use of Funds.--Notwithstanding any other provision of law, the
Director may use funds available for carrying out the competition
authorized under this section for the following:
(1) Advertising, marketing, and promoting the competition.
(2) Meals for participants and organizers of the competition
if attendance at the meal during the competition is necessary
to maintain the integrity of the competition.
(3) Promotional items, including merchandise and apparel.
(4) Monetary and nonmonetary awards for competition
participants, including members of the uniformed services.
(5) Necessary expenses for the honorary recognition of
competition participants, including members of the uniformed
services.
(6) Any other appropriate activity necessary to carry out the
competition, as determined by the Director.
(h) Prize Limitation.--The Director may make one or more awards per
competition, except that the amount or value of each shall not exceed
$10,000. The Secretary of Homeland Security may make one or more awards
per competition, except the amount or the value of each shall not to
exceed $25,000. A monetary award under this section shall be in
addition to the regular pay of the recipient.
(i) Reporting Requirements.--The Director shall annually provide to
the Committee on Homeland Security of the House of Representatives and
the Committee on Homeland Security and Governmental Affairs of the
Senate a report that includes the following:
(1) A description of available funds under subsection (f) for
each competition conducted in the preceding year.
(2) A description of expenditures authorized in subsection
(g) for each competition.
(3) Information relating to the participation of each
competition.
(4) Information relating to lessons learned from each
competition and how such lessons may be applied to improve
cybersecurity operations and recruitment of the Cybersecurity
and Infrastructure Security Agency of the Department of
Homeland Security.
PURPOSE AND SUMMARY
H.R. 6824, the ``President's Cup Cybersecurity Competition
Act'' authorizes the Cybersecurity and Infrastructure Security
Agency (CISA) to carry out an annual cybersecurity competition
for Federal civilian employees and members of the armed forces.
First created by Executive Order No. 13870 in 2019, the
President's Cup Cybersecurity Competition (President's Cup)
seeks to identify, challenge, and reward the best cybersecurity
talent in the Federal Government through a series of challenges
that test a broad range of cybersecurity skills. This bill
grants CISA the necessary authorities to fully implement the
competition, including by authorizing CISA to accept assistance
of other Federal agencies and to directly provide cash prizes
to the winning individuals and teams regardless of where they
work in the Federal Government.
BACKGROUND AND NEED FOR LEGISLATION
Amid a nationwide shortage of highly sought-after cyber
talent, the Federal Government has struggled to compete with
salaries, benefits, and work-life flexibility that private
companies are able to offer cybersecurity job seekers. Since
2008, the Government Accountability Office (GAO) has observed
that the Federal hiring process ``is often an impediment to the
very customers it is designed to serve.''\1\ Collectively,
these challenges undermine the Federal Government's efforts to
recruit and retain cyber talent.
---------------------------------------------------------------------------
\1\``Human Capital: Transforming Federal Recruiting Efforts,''
Government Accountability Office, GAO-08-762T, (Mar. 8, 2008),
available at https://www.gao.gov/assets/a120001.html.
---------------------------------------------------------------------------
CISA launched the first President's Cup in 2019 as part of
its effort to ``identify, challenge, and reward the best
cybersecurity talent'' in the Federal workforce.\2\ The three-
round competition involves both individual and team challenges
focusing on areas across the National Initiative for
Cybersecurity Education Cybersecurity Workforce Framework and
reflecting the evolving cyber-threat landscape. The 2021
competition was broken down into three categories: incident
response and forensic analysis (team); incident response and
forensic analysis (individual); and exploitation analysis and
vulnerability assessment (individual). Members of both the
military and civilian workforce are eligible to participate.
---------------------------------------------------------------------------
\2\``CISA President's Cup 2020,'' Cybersecurity and Infrastructure
Security Agency, available at https://www.cisa.gov/publication/cisa-
presidents-cup-2020.
---------------------------------------------------------------------------
Enthusiasm for the President's Cup continues to grow among
the Federal cyber workforce. Over 1,000 individuals and 200
teams participated in the first year of the competition and, in
2020, participation grew to over 1,400 individuals and nearly
250 teams. Despite enthusiasm, lack of a formal authorization
has prevented the program from achieving a critical objective--
rewarding the best cyber talent within the Federal Government.
Notably, under current law, DHS lacks the authority to provide
cash prizes to Federal workers who are employed outside of the
Department. As such, CISA can only encourage other Federal
departments and agencies to reward, or otherwise recognize,
their employees who participated in and placed in the
competition.
H.R. 6824 will specifically authorize the President's Cup
Cybersecurity Competition in law in a manner that provides CISA
with needed authority to award cash prizes to the winners to
reward their demonstrated cybersecurity skills, which can act
as an important retention tool. Codifying the President's Cup
will demonstrate that both Congress is committed to addressing
Federal cybersecurity recruitment and retention challenges and
values the Federal cyber workforce.
HEARING
For the purposes of clause 3(c)(6) of rule XIII of the
Rules of the House of Representatives, the following hearing
was used to develop H.R. 6824:
On July 29, 2021, the Subcommittee on
Cybersecurity, Infrastructure Protection, and
Innovation held a hearing entitled ``The Cyber Talent
Pipeline: Educating a Workforce to Match Today's
Threats.'' The Subcommittee received testimony from Mr.
Kevin Nolten, Director of Academic Outreach at
CYBER.ORG; Dr. Tony Coulson, Executive Director of the
Cybersecurity Center and Lead at the National Centers
of Academic Excellence in Cybersecurity Community,
California State University, San Bernardino; Mr. Ralph
Ley, Department Manager of National and Homeland
Security Workforce Development and Training at the
Idaho National Laboratory; and Mr. Max Stier, President
and CEO, Partnership for Public Service.
COMMITTEE CONSIDERATION
The Committee met on March 2, 2022, a quorum being present,
to consider H.R. 6824 and ordered the measure to be favorably
reported to the House, as amended, by a recorded vote of 33-0.
COMMITTEE VOTES
Clause 3(b) of rule XIII requires the Committee to list the
recorded votes on the motion to report legislation and
amendments thereto.
1. A motion by Mr. Cleaver to favorably report H.R.
6824, H.R. 6868, and H.R. 6873, as amended, en bloc, to
the House was agreed to by a recorded vote of 33 ayes
to 0 noes (Rollcall No. 32).
Committee Rollcall No. 32
Motion by Mr. Cleaver to Favorably Report H.R. 6824, H.R. 6868, and H.R. 6873, As Amended, En Bloc
Agreed to: 33 ayes to 0 noes
----------------------------------------------------------------------------------------------------------------
Majority Members Vote Minority Members Vote
----------------------------------------------------------------------------------------------------------------
Ms. Jackson Lee................................ ............ Mr. Katko.......................... Aye
Mr. Langevin................................... Aye Mr. McCaul......................... ............
Mr. Payne...................................... Aye Mr. Higgins (LA)................... Aye
Mr. Correa..................................... Aye Mr. Guest.......................... Aye
Ms. Slotkin.................................... Aye Mr. Bishop (NC).................... Aye
Mr. Cleaver.................................... Aye Mr. Van Drew....................... Aye
Mr. Green (TX)................................. Aye Mr. Norman......................... Aye
Ms. Clarke (NY)................................ Aye Mrs. Miller-Meeks.................. Aye
Mr. Swalwell................................... Aye Mrs. Harshbarger................... Aye
Ms. Titus...................................... Aye Mr. Clyde.......................... Aye
Mrs. Watson Coleman............................ Aye Mr. Gimenez........................ Aye
Miss Rice (NY)................................. Aye Mr. LaTurner....................... Aye
Mrs. Demings................................... Aye Mr. Meijer......................... Aye
Ms. Barragan................................... Aye Mrs. Cammack....................... Aye
Mr. Gottheimer................................. Aye Mr. Pfluger........................ Aye
Mrs. Luria..................................... Aye Mr. Garbarino...................... Aye
Mr. Malinowski................................. Aye
Mr. Torres (NY)................................ Aye
Mr. Thompson (MS), Chairman.................... Aye
----------------------------------------------------------------------------------------------------------------
COMMITTEE OVERSIGHT FINDINGS
In compliance with clause 3(c)(1) of rule XIII, the
Committee advises that the findings and recommendations of the
Committee, based on oversight activities under clause 2(b)(1)
of rule X, are incorporated in the descriptive portions of this
report.
CONGRESSIONAL BUDGET OFFICE ESTIMATE, NEW BUDGET AUTHORITY, ENTITLEMENT
AUTHORITY, AND TAX EXPENDITURES
With respect to the requirements of clause 3(c)(2) of rule
XIII and section 308(a) of the Congressional Budget Act of
1974, and with respect to the requirements of clause 3(c)(3) of
rule XIII and section 402 of the Congressional Budget Act of
1974, the Committee adopts as its own the estimate of any new
budget authority, spending authority, credit authority, or an
increase or decrease in revenues or tax expenditures contained
in the cost estimate prepared by the Director of the
Congressional Budget Office.
U.S. Congress,
Congressional Budget Office,
Washington, DC, April 27, 2022.
Hon. Bennie G. Thompson,
Chairman, Committee on Homeland Security,
House of Representatives, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for H.R. 6824, the
President's Cup Cybersecurity Competition Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contact is Aldo
Prosperi.
Sincerely,
Phillip L. Swagel,
Director.
Enclosure.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
H.R. 6824 would authorize the Cybersecurity and
Infrastructure Security Agency (CISA) to conduct an awards
competition for the federal cybersecurity workforce. Under the
bill, CISA would award financial prizes to federal employees
who apply technical skills to solve real-world cybersecurity
scenarios. The bill also would require CISA to report to the
Congress on the effectiveness of the competition.
CISA is already operating the President's Cup Cybersecurity
Competition that would be required by H.R. 6824; thus, the bill
would not impose any new requirements on the agency. CBO
estimates that preparing and delivering the reports required by
H.R. 6824 would cost less than $500,000 over the 2022-2026
period; such spending would be subject to the availability of
appropriated funds.
The CBO staff contact for this estimate is Aldo Prosperi.
The estimate was reviewed by Leo Lex, Deputy Director of Budget
Analysis.
FEDERAL MANDATES STATEMENT
The Committee adopts as its own the estimate of Federal
mandates prepared by the Director of the Congressional Budget
Office pursuant to section 423 of the Unfunded Mandates Reform
Act.
DUPLICATIVE FEDERAL PROGRAMS
Pursuant to clause 3(c) of rule XIII, the Committee finds
that H.R. 6824 does not contain any provision that establishes
or reauthorizes a program known to be duplicative of another
Federal program.
STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES
Pursuant to clause 3(c)(4) of rule XIII, the objective of
H.R. 6824 is to identify, challenge, and reward the best cyber
talent in the Federal workforce and to encourage retention by
authorizing the President's Cup Cybersecurity Competition.
CONGRESSIONAL EARMARKS, LIMITED TAX BENEFITS, AND LIMITED TARIFF
BENEFITS
In compliance with rule XXI, this bill, as reported,
contains no congressional earmarks, limited tax benefits, or
limited tariff benefits as defined in clause 9(d), 9(e), or
9(f) of rule XXI.
ADVISORY COMMITTEE STATEMENT
No advisory committees within the meaning of section 5(b)
of the Federal Advisory Committee Act were created by this
legislation.
APPLICABILITY TO LEGISLATIVE BRANCH
The Committee finds that H.R. 6824 does not relate to the
terms and conditions of employment or access to public services
or accommodations within the meaning of section 102(b)(3) of
the Congressional Accountability Act.
SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION
Section 1. Short Title.
This section states that the Act may be cited as the
``President's Cup Cybersecurity Competition Act''.
Sec. 2. President's Cup cybersecurity competition.
Subsection (a) authorizes CISA to hold an annual
cybersecurity competition of cybersecurity practitioners from
across the Federal Government.
Subsection (b) authorizes CISA to consult with, and
consider advice from, any person who has experience or
expertise in the development, design, or execution of
cybersecurity competitions and exempts such consultations from
the Federal Advisory Committee Act. It additionally prohibits a
person engaging in consultation under this subsection from
receiving pay or being considered a Federal employee by reason
of such consultation.
Subsection (c) establishes that an individual must be a
Federal civilian employee or member of the uniformed services
to be eligible for the competition.
Subsection (d) authorizes CISA to enter into a grant,
contract, cooperative agreement, or other agreement to
administer the competition.
Subsection (e) directs that the competition shall include
cybersecurity skills outlined in the National Initiative for
Cybersecurity Education Framework, individual and team events,
categories demonstrating offensive and defensive cyber
operations, and other related elements identified by CISA.
Subsection (f) authorizes CISA to carry out the
competition using appropriated funds or funds provided by other
Federal agencies.
Subsection (g) authorizes CISA to use funds for the
competition for advertising, marketing, and promoting the
competition; meals for participants and organizers; promotional
items; monetary and nonmonetary awards for participants;
necessary expenses for honorary recognition of competition
participants; and any other appropriate activity necessary to
carry out the competition.
Subsection (h) authorizes CISA to provide awards up to
$10,000 in value per award and Department of Homeland Security
to provide awards up to $25,000 in value per award. It
additionally establishes that any monetary award shall be in
addition to the regular pay of the recipient.
Subsection (i) directs CISA to provide an annual report to
the House Committee on Homeland Security and the Senate
Committee on Homeland Security and Governmental Affairs that
provides a description of funds available for each competition,
a description of expenditures for each competition, information
relating to participation of each competition, and information
relating to lessons learned from each competition.
[all]