[House Report 117-668]
[From the U.S. Government Publishing Office]


117th Congress    }                                     {       Report
                         HOUSE OF REPRESENTATIVES
 2d Session       }                                     {      117-668

======================================================================



 
             NTIA POLICY AND CYBERSECURITY COORDINATION ACT

                                _______
                                

 December 30, 2022.--Committed to the Committee of the Whole House on 
            the State of the Union and ordered to be printed

                                _______
                                

 Mr. Pallone, from the Committee on Energy and Commerce, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 4046]

    The Committee on Energy and Commerce, to whom was referred 
the bill (H.R. 4046) to amend the National Telecommunications 
and Information Administration Organization Act to establish 
the Office of Policy Development and Cybersecurity, and for 
other purposes, having considered the same, reports favorably 
thereon with an amendment and recommends that the bill as 
amended do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and Summary..............................................3
 II. Background and Need for the Legislation..........................3
III. Committee Hearings...............................................3
 IV. Committee Consideration..........................................4
  V. Committee Votes..................................................4
 VI. Oversight Findings...............................................4
VII. New Budget Authority, Entitlement Authority, and Tax Expenditures4
VIII.Federal Mandates Statement.......................................5

 IX. Statement of General Performance Goals and Objectives............5
  X. Duplication of Federal Programs..................................5
 XI. Committee Cost Estimate..........................................5
XII. Earmarks, Limited Tax Benefits, and Limited Tariff Benefits......5
XIII.Advisory Committee Statement.....................................5

XIV. Applicability to Legislative Branch..............................5
 XV. Section-by-Section Analysis of the Legislation...................5
XVI. Changes in Existing Law Made by the Bill, as Reported............6

    The amendment is as follows:

  Strike all after the enacting clause and insert the following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``NTIA Policy and Cybersecurity 
Coordination Act''.

SEC. 2. POLICY DEVELOPMENT AND CYBERSECURITY.

  (a) Office of Policy Development and Cybersecurity.--Part A of title 
I of the National Telecommunications and Information Administration 
Organization Act (47 U.S.C. 901 et seq.) is amended by adding at the 
end the following:

``SEC. 106. OFFICE OF POLICY DEVELOPMENT AND CYBERSECURITY.

  ``(a) Establishment.--There shall be within the NTIA an office to be 
known as the Office of Policy Development and Cybersecurity (in this 
section referred to as the `Office').
  ``(b) Associate Administrator.--The head of the Office shall be an 
Associate Administrator for Policy Development and Cybersecurity (in 
this section referred to as the `Associate Administrator'), who shall 
report to the Assistant Secretary.
  ``(c) Duties.--
          ``(1) In general.--The Associate Administrator shall oversee 
        and conduct national communications and information policy 
        analysis and development for the internet and communications 
        technologies.
          ``(2) Particular duties.--In carrying out paragraph (1), the 
        Office shall--
                  ``(A) develop, analyze, and advocate for market-based 
                policies that promote innovation, competition, consumer 
                access, digital inclusion, workforce development, and 
                economic growth in the communications, media, and 
                technology markets;
                  ``(B) issue studies, as delegated by the Assistant 
                Secretary or required by Congress, on how individuals 
                in the United States access and use the internet, 
                wireline and wireless telephony, mass media, other 
                digital services, and video services;
                  ``(C) coordinate transparent, consensus-based, 
                multistakeholder processes to create guidance or to 
                support the development and implementation of 
                cybersecurity and privacy policies with respect to the 
                internet and other communications networks;
                  ``(D) promote increased collaboration between 
                security researchers and providers of communications 
                services and software system developers;
                  ``(E) perform such duties as the Assistant Secretary 
                considers appropriate relating to the program for 
                preventing future vulnerabilities established under 
                section 8(a) of the Secure and Trusted Communications 
                Networks Act of 2019 (47 U.S.C. 1607(a));
                  ``(F) advocate for policies that promote the security 
                and resilience to cybersecurity incidents of 
                communications networks while fostering innovation, 
                including policies that promote secure communications 
                network supply chains;
                  ``(G) at the direction of the Assistant Secretary, 
                present security of the digital economy and 
                infrastructure and cybersecurity policy efforts before 
                the Commission, Congress, and elsewhere;
                  ``(H) provide advice and assistance to the Assistant 
                Secretary in carrying out the policy responsibilities 
                of the NTIA with respect to cybersecurity policy 
                matters, including the evaluation of the impact of 
                cybersecurity matters pending before the Commission, 
                other Federal agencies, and Congress;
                  ``(I) in addition to the duties described in 
                subparagraph (H), perform such other duties regarding 
                the policy responsibilities of the NTIA with respect to 
                cybersecurity policy matters as the Assistant Secretary 
                considers appropriate;
                  ``(J) develop policies to accelerate innovation and 
                commercialization with respect to advances in 
                technological understanding of communications 
                technologies;
                  ``(K) identify barriers to trust, security, 
                innovation, and commercialization with respect to 
                communications technologies, including access to 
                capital and other resources, and ways to overcome such 
                barriers;
                  ``(L) provide public access to relevant data, 
                research, and technical assistance on innovation and 
                commercialization with respect to communications 
                technologies, consistent with the protection of 
                classified information;
                  ``(M) strengthen collaboration on and coordination of 
                policies relating to innovation and commercialization 
                with respect to communications technologies, including 
                policies focused on the needs of small businesses and 
                rural communities--
                          ``(i) within the Department of Commerce;
                          ``(ii) between the Department of Commerce and 
                        State government agencies, as appropriate; and
                          ``(iii) between the Department of Commerce 
                        and the Commission or any other Federal agency 
                        the Assistant Secretary determines to be 
                        necessary; and
                  ``(N) solicit and consider feedback from small and 
                rural communications service providers, as 
                appropriate.''.
  (b) Transitional Rules.--
          (1) Redesignation of associate administrator; continuation of 
        service.--
                  (A) Redesignation.--The position of Associate 
                Administrator for Policy Analysis and Development at 
                the NTIA is hereby redesignated as the position of 
                Associate Administrator for Policy Development and 
                Cybersecurity.
                  (B) Continuation of service.--The individual serving 
                as Associate Administrator for Policy Analysis and 
                Development at the NTIA on the date of the enactment of 
                this Act shall become, as of such date, the Associate 
                Administrator for Policy Development and Cybersecurity.
          (2) NTIA defined.--In this subsection, the term ``NTIA'' 
        means the National Telecommunications and Information 
        Administration.

                         I. Purpose and Summary

    H.R. 4046, the ``NTIA Policy and Cybersecurity Coordination 
Act,'' establishes within the National Telecommunications and 
Information Administration (NTIA) the Office of Policy 
Development and Cybersecurity.

                II. Background and Need for Legislation

    NTIA is statutorily required to provide for the 
coordination of the telecommunications activities of the 
executive branch and assist in the formulation of policies for 
those activities, including security.\1\ Additionally, NTIA has 
the responsibility to ensure that the views of the executive 
branch on telecommunications matters are effectively presented 
to the Federal Communications Commission (FCC).\2\ Given the 
recent cyberattacks on telecommunications networks,\3\ H.R. 
4046 elevates these important policy coordination functions, 
and provides additional clarity in carrying out existing and 
future activities consistent with NTIA's authority.
---------------------------------------------------------------------------
    \1\47 U.S.C. 902(b)(2)(H).
    \2\47 U.S.C. 902(b)(2)(J).
    \3\U.S. Department of Justice, Department of Justice Statement on 
Solarwinds Update (Jan. 6, 2021) (www.justice.gov/opa/pr/department-
justice-statement-solarwinds-update).
---------------------------------------------------------------------------

                        III. Committee Hearings

    For the purposes of clause 3(c) of rule XIII of the Rules 
of the House of Representatives, the following hearings were 
used to develop or consider H.R. 4046:
    The Subcommittee on Communications and Technology held a 
hearing on April 21, 2021, entitled ``Leading the Wireless 
Future: Securing American Network Technology.'' The 
Subcommittee received testimony from the following witnesses:
           John Baker, Senior Vice President, Business 
        Development, Mavenir;
           John Mezzalingua, Chief Executive Officer, 
        JMA Wireless;
           Tim Donovan, SVP, Legislative Affairs, 
        Competitive Carriers Association;
           Tareq Amin, EVP and Group Chief Technology 
        Officer, Rakuten Mobile; and
           Diane Rinaldo, Executive Director, Open RAN 
        Policy Coalition.
    The Subcommittee on Communications and Technology held a 
legislative hearing on June 30, 2021, entitled ``A Safe 
Wireless Future: Securing our Networks and Supply Chains.'' The 
Subcommittee received testimony from the following witnesses:
           Dileep Srihari, Senior Policy Counsel, 
        Access Partnership;
           Dean Brenner, SVP, Spectrum Strategy & Tech 
        Policy, Qualcomm Incorporated;
           Jason Boswell, Head of Security, Network 
        Product Solutions, N.A., Ericsson; and
           Clete Johnson, Senior Fellow, Strategic 
        Technologies Program, Center for Strategic and 
        International Studies.

                      IV. Committee Consideration

    Representatives Jeff Duncan (R-SC), Susan Wild (D-PA), and 
John Curtis (R-UT) introduced H.R. 4046, the ``NTIA Policy and 
Cybersecurity Coordination Act,'' on June 22, 2021, and it was 
referred to the Committee on Energy and Commerce. Subsequently, 
on June 23, 2021, H.R. 4046 was referred to the Subcommittee on 
Communications and Technology. A legislative hearing was held 
on the bill on June 30, 2021. H.R. 4046 was discharged from the 
Subcommittee on Communications and Technology on July 20, 2021.
    On July 21, 2021, the full Committee met in open markup 
session, pursuant to notice, to consider H.R. 4046 and 23 other 
bills. During consideration of the bill, an amendment in the 
nature of a substitute (AINS) offered by Representative Duncan 
was agreed to by a voice vote. Upon conclusion of consideration 
of the bill, the full Committee agreed to a motion on final 
passage offered by Representative Pallone (D-NJ), Chairman of 
the Committee, to order H.R. 4046 reported favorably to the 
House, amended, by a voice vote.

                           V. Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list each record vote 
on the motion to report legislation and amendments thereto. The 
Committee advises that there were no record votes taken on H.R. 
4046, including a motion by Mr. Pallone ordering H.R. 4046 
favorably reported to the House, amended.

                         VI. Oversight Findings

    Pursuant to clause 3(c)(1) of rule XIII and clause 2(b)(1) 
of rule X of the Rules of the House of Representatives, the 
oversight findings and recommendations of the Committee are 
reflected in the descriptive portion of the report.

           VII. New Budget Authority, Entitlement Authority,
                          and Tax Expenditures

    Pursuant to 3(c)(2) of rule XIII of the Rules of the House 
of Representatives, the Committee adopts as its own the 
estimate of new budget authority, entitlement authority, or tax 
expenditures or revenues contained in the cost estimate 
prepared by the Director of the Congressional Budget Office 
pursuant to section 402 of the Congressional Budget Act of 
1974.
    The Committee has requested but not received from the 
Director of the Congressional Budget Office a statement as to 
whether this bill contains any new budget authority, spending 
authority, credit authority, or an increase or decrease in 
revenues or tax expenditures.

                    VIII. Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

       IX. Statement of General Performance Goals and Objectives

    Pursuant to clause 3(c)(4) of rule XIII, the general 
performance goal or objective of this legislation is to 
establish within NTIA the Office of Policy Development and 
Cybersecurity.

                   X. Duplication of Federal Programs

    Pursuant to clause 3(c)(5) of rule XIII, no provision of 
H.R. 4046 is known to be duplicative of another Federal 
program, including any program that was included in a report to 
Congress pursuant to section 21 of Public Law 111-139 or the 
most recent Catalog of Federal Domestic Assistance.

                      XI. Committee Cost Estimate

    Pursuant to clause 3(d)(1) of rule XIII, the Committee 
adopts as its own the cost estimate prepared by the Director of 
the Congressional Budget Office pursuant to section 402 of the 
Congressional Budget Act of 1974.

                XII. Earmarks, Limited Tax Benefits, and
                        Limited Tariff Benefits

    Pursuant to clause 9(e), 9(f), and 9(g) of rule XXI, the 
Committee finds that H.R. 4046 contains no earmarks, limited 
tax benefits, or limited tariff benefits.

                   XIII. Advisory Committee Statement

    No advisory committee within the meaning of section 5(b) of 
the Federal Advisory Committee Act was created by this 
legislation.

                XIV. Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations within the meaning of section 
102(b)(3) of the Congressional Accountability Act.

           XV. Section-by-Section Analysis of the Legislation


Section 1. Short title

    Section 1 designates that the short title may be cited as 
the ``NTIA Policy and Cybersecurity Coordination Act.''

Sec. 2. Policy Development and Cybersecurity

    This section establishes the Office of Policy Development 
and Cybersecurity within the National Telecommunications and 
Information Administration. The Office is headed by an 
Associate Administrator who reports to the Assistant Secretary 
of Commerce for Communications and Information.
    The Office will oversee and conduct national communications 
and information policy analysis and development for the 
Internet and communications technologies. In particular, the 
Office will develop, analyze, and advocate for market-based 
policies that promote innovation and competition, among other 
matters. The Office will also coordinate transparent, 
consensus-based, multistakeholder processes to create guidance 
or support the development and implementation of cybersecurity 
and privacy policies with respect to the Internet and other 
communications networks. Additionally, the Office will be 
responsible for administering the program for preventing future 
vulnerabilities established under section 8(a) of the Secure 
and Trusted Communications Networks Act of 2019.

       XVI. Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (new matter is 
printed in italics and existing law in which no change is 
proposed is shown in roman):

NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION ORGANIZATION 
                                  ACT




           *       *       *       *       *       *       *
  TITLE I--NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION

PART A--ORGANIZATION AND FUNCTIONS

           *       *       *       *       *       *       *


SEC. 106. OFFICE OF POLICY DEVELOPMENT AND CYBERSECURITY.

  (a) Establishment.--There shall be within the NTIA an office 
to be known as the Office of Policy Development and 
Cybersecurity (in this section referred to as the ``Office'').
  (b) Associate Administrator.--The head of the Office shall be 
an Associate Administrator for Policy Development and 
Cybersecurity (in this section referred to as the ``Associate 
Administrator''), who shall report to the Assistant Secretary.
  (c) Duties.--
          (1) In general.--The Associate Administrator shall 
        oversee and conduct national communications and 
        information policy analysis and development for the 
        internet and communications technologies.
          (2) Particular duties.--In carrying out paragraph 
        (1), the Office shall--
                  (A) develop, analyze, and advocate for 
                market-based policies that promote innovation, 
                competition, consumer access, digital 
                inclusion, workforce development, and economic 
                growth in the communications, media, and 
                technology markets;
                  (B) issue studies, as delegated by the 
                Assistant Secretary or required by Congress, on 
                how individuals in the United States access and 
                use the internet, wireline and wireless 
                telephony, mass media, other digital services, 
                and video services;
                  (C) coordinate transparent, consensus-based, 
                multistakeholder processes to create guidance 
                or to support the development and 
                implementation of cybersecurity and privacy 
                policies with respect to the internet and other 
                communications networks;
                  (D) promote increased collaboration between 
                security researchers and providers of 
                communications services and software system 
                developers;
                  (E) perform such duties as the Assistant 
                Secretary considers appropriate relating to the 
                program for preventing future vulnerabilities 
                established under section 8(a) of the Secure 
                and Trusted Communications Networks Act of 2019 
                (47 U.S.C. 1607(a));
                  (F) advocate for policies that promote the 
                security and resilience to cybersecurity 
                incidents of communications networks while 
                fostering innovation, including policies that 
                promote secure communications network supply 
                chains;
                  (G) at the direction of the Assistant 
                Secretary, present security of the digital 
                economy and infrastructure and cybersecurity 
                policy efforts before the Commission, Congress, 
                and elsewhere;
                  (H) provide advice and assistance to the 
                Assistant Secretary in carrying out the policy 
                responsibilities of the NTIA with respect to 
                cybersecurity policy matters, including the 
                evaluation of the impact of cybersecurity 
                matters pending before the Commission, other 
                Federal agencies, and Congress;
                  (I) in addition to the duties described in 
                subparagraph (H), perform such other duties 
                regarding the policy responsibilities of the 
                NTIA with respect to cybersecurity policy 
                matters as the Assistant Secretary considers 
                appropriate;
                  (J) develop policies to accelerate innovation 
                and commercialization with respect to advances 
                in technological understanding of 
                communications technologies;
                  (K) identify barriers to trust, security, 
                innovation, and commercialization with respect 
                to communications technologies, including 
                access to capital and other resources, and ways 
                to overcome such barriers;
                  (L) provide public access to relevant data, 
                research, and technical assistance on 
                innovation and commercialization with respect 
                to communications technologies, consistent with 
                the protection of classified information;
                  (M) strengthen collaboration on and 
                coordination of policies relating to innovation 
                and commercialization with respect to 
                communications technologies, including policies 
                focused on the needs of small businesses and 
                rural communities--
                          (i) within the Department of 
                        Commerce;
                          (ii) between the Department of 
                        Commerce and State government agencies, 
                        as appropriate; and
                          (iii) between the Department of 
                        Commerce and the Commission or any 
                        other Federal agency the Assistant 
                        Secretary determines to be necessary; 
                        and
                  (N) solicit and consider feedback from small 
                and rural communications service providers, as 
                appropriate.S6602

           *       *       *       *       *       *       *


                                  [all]