[House Report 118-887]
[From the U.S. Government Publishing Office]
118th Congress } { Report
HOUSE OF REPRESENTATIVES
2d Session } { 118-887
======================================================================
RESEARCH SECURITY AND ACCOUNTABILITY IN DHS ACT
_______
December 16, 2024.--Committed to the Committee of the Whole House on
the State of the Union and ordered to be printed
_______
Mr. Green of Tennessee, from the Committee on Homeland Security,
submitted the following
R E P O R T
[To accompany H.R. 9748]
[Including cost estimate of the Congressional Budget Office]
The Committee on Homeland Security, to whom was referred
the bill (H.R. 9748) to require the Under Secretary of the
Science and Technology Directorate of the Department of
Homeland Security to develop a Department-wide policy and
process to safeguard research and development from unauthorized
access to or disclosure of sensitive information in research
and development acquisitions, and for other purposes, having
considered the same, reports favorably thereon without
amendment and recommends that the bill do pass.
CONTENTS
Page
Purpose and Summary.............................................. 2
Background and Need for Legislation.............................. 2
Committee Consideration.......................................... 3
Committee Votes.................................................. 3
Committee Oversight Findings..................................... 3
C.B.O. Estimate, New Budget Authority, Entitlement Authority, and
Tax Expenditures............................................... 3
Federal Mandates Statement....................................... 8
Duplicative Federal Programs..................................... 8
Statement of General Performance Goals and Objectives............ 8
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits....................................................... 8
Advisory Committee Statement..................................... 8
Applicability to Legislative Branch.............................. 8
Section-by-Section Analysis of the Legislation................... 8
Purpose and Summary
H.R. 9748, the ``Research Security and Accountability in
DHS Act,'' safeguards research and development (R&D) projects
critical to the United States' national security. By requiring
the U.S. Department of Homeland Security's (DHS) Science and
Technology Directorate (S&T) to develop a process to protect
sensitive information in R&D projects and requiring S&T to
establish special clauses in its project acquisition contracts,
H.R. 9748 strengthens research security and safeguards
sensitive information from unauthorized access or disclosure,
whether by contractors, employees, and bad actors. H.R. 9748
also requires the Government Accountability Office (GAO) to
conduct a report on S&T's compliance with existing federal
guidelines and its intragovernmental coordination on research
security.
Lastly, H.R. 9748 ensures accountability by requiring the
Secretary of Homeland Security to provide a Congressional
briefing to the House Committee on Homeland Security and the
Senate Committee on Homeland Security and Governmental Affairs
on how S&T has incorporated input from the Office of the
Inspector General (OIG) to protect sensitive R&D from
unauthorized access.
Background and Need for Legislation
Since many of S&T's R&D projects are sensitive, addressing
issues such as weapons of mass destruction, border security,
airport security, and maritime safety, Homeland Security
Acquisition Regulations (HSARs) require contracting officers to
include special clauses in R&D contracts to safeguard the
projects' sensitive information. However, a 2022 report by the
OIG found that S&T's contracting officers failed to include
special clauses in S&T's R&D contracts, thereby putting its
sensitive R&D projects at risk of unauthorized access and
foreign malign influence, theft, and control. The OIG found
that only 6 of the 12 ``high-risk'' R&D contracts reviewed in
the report contained special clauses safeguarding sensitive
information.\1\ Therefore, H.R. 9748 seeks to rectify DHS' R&D
vulnerabilities by requiring S&T to develop a process to
safeguard R&D projects across the Department and to establish
relevant special clauses in project acquisition contracts.
Ultimately, these provisions will improve research security
within DHS.
---------------------------------------------------------------------------
\1\OIG-22-30_S&T Needs to Improve Its Management and Oversight of
R&D Projects (dhs.gov) Pg 8.
---------------------------------------------------------------------------
Moreover, in recent years, the federal government has made
federal research security a priority. FBI Director Christopher
Wray has repeatedly warned that espionage by the People's
Republic of China (PRC) threatens the United States' national
security, academic integrity, and competitive advantage in
innovation and technology.\2\ In 2021, the Trump Administration
issued National Security Presidential Memorandum-33 (NSPM-33)
in response to heightened threats against federal R&D projects,
directing the U.S. government to strengthen R&D protections
from foreign interference and exploitation. In 2022, the Biden
Administration released the National Science and Technology
Council's (NSTC) NSPM-33 implementation guidance for federal
partners to uphold high standards of research security, further
requiring coordination with the NSTC, disclosures of potential
conflicts of interest, and consequences for disclosure
requirement violations. As such, H.R. 9748 requires GAO to
submit a report to Congress on how DHS has complied with NSPM-
33 and adopted the NSTC's implementation guidance to safeguard
sensitive R&D projects from foreign interference and control.
---------------------------------------------------------------------------
\2\https://www.nbcnews.com/politics/politics-news/fbi-director-
wray-says-scale-chinese-spying-us-blew-away-rcna14369.
---------------------------------------------------------------------------
Furthermore, H.R. 9748 requires the Secretary of Homeland
Security to provide a Congressional briefing to the House
Committee on Homeland Security and the Senate Committee on
Homeland Security and Governmental Affairs on how the
Department has implemented the OIG's input and to provide a
risk assessment of how certain individuals could gain
unauthorized access to sensitive information in DHS' R&D
projects. This provision will ensure DHS's transparency and
accountability in safeguarding the Department's sensitive R&D
projects.
Committee Consideration
The Committee met on September 25, 2024, a quorum being
present, to consider H.R. 9748 and ordered the measure to be
favorably reported to the House by voice vote.
Committee Votes
Clause 3(b) of rule XIII requires the Committee to list the
recorded votes on the motion to report legislation and
amendments thereto.
No recorded votes were requested during consideration of
H.R. 9748.
Committee Oversight Findings
In compliance with clause 3(c)(1) of rule XIII, the
Committee advises that the findings and recommendations of the
Committee, based on oversight activities under clause 2(b)(1)
of rule X, are incorporated in the descriptive portions of this
report.
Congressional Budget Office Estimate, New Budget Authority, Entitlement
Authority, and Tax Expenditures
With respect to the requirements of clause 3(c)(2) of rule
XIII and section 308(a) of the Congressional Budget Act of
1974, and with respect to the requirements of clause 3(c)(3) of
rule XIII and section 402 of the Congressional Budget Act of
1974, the Committee adopts as its own the estimate of any new
budget authority, spending authority, credit authority, or an
increase or decrease in revenues or tax expenditures contained
in the cost estimate prepared by the Director of the
Congressional Budget Office.
The Congressional Budget Act of 1974 requires the
Congressional Budget Office, to the extent practicable, to
prepare estimates of the budgetary effects of legislation
ordered reported by Congressional authorizing committees. In
order to provide the Congress with as much information as
possible, the attached table summarizes information about the
estimated direct spending and revenue effects of some of the
legislation that has been ordered reported by the House
Committee on Homeland Security during the 118th Congress. The
legislation listed in this table generally would have small
effects, if any, on direct spending or revenues, CBO estimates.
Where possible, the table also provides information about the
legislation's estimated effects on spending subject to
appropriation and on intergovernmental and private-sector
mandates as defined in the Unfunded Mandates Reform Act.
ESTIMATED BUDGETARY EFFECTS AND MANDATE INFORMATION
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Spending
Last Budget Direct Revenues subject to Pay-As-You-Go Budgetary
Bill number Title Status action function spending 2025-2034 appropriations procedures effects Mandates Contact
2025-2034 2025-2029 apply? after 2034
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
H.R. 3169.................... Identifying Ordered reported 09/25/24 050 0 0 Not estimated... No No Yes Aldo Prosperi
Adversarial
Threats at our
Ports Act.
H.R. 3169 would require the Department of Homeland Security to determine whether cybersecurity vulnerabilities exist in the software or hardware of foreign
cranes operating in U.S. ports and to remediate any such vulnerabilities. CBO estimates that enacting H.R. 3169 would not affect direct spending or revenues.
CBO has not estimated the bill's effects on spending subject to appropriation. The bill would impose intergovernmental and private-sector mandates as defined in
the Unfunded Mandates Reform Act (UMRA). Because the cost of the mandates would depend on regulations yet to be published, CBO cannot determine whether the cost
of compliance would exceed the annual threshold for intergovernmental and private-sector mandates ($100 million and $200 million in 2024, respectively, adjusted
annually for inflation).
H.R. 4406.................... DHS Basic Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
Training
Accreditation
Improvement Act
of 2023.
H.R. 4406 would require the Department of Homeland Security (DHS) to report to the Congress annually on whether its basic training programs are accredited by an
independent organization. The bill also would require DHS to carry out research and development to enhance the preparedness of state, local, tribal, and
territorial law enforcement agencies to respond to terrorist threats. CBO estimates that enacting H.R. 4406 would not affect direct spending or revenues. CBO
has not estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the
Unfunded Mandates Reform Act.
H.R. 5729.................... A bill to Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
prohibit the
use of Federal
funds to
establish a
Homeland
Intelligence
Experts Group,
and for other
purposes.
H.R. 5729 would prohibit the use of federal funds to reestablish the Homeland Intelligence Experts Group or any successor program. That group, whose members come
from private-sector entities, advised the Department of Homeland Security on intelligence and counterintelligence activities. The group was disbanded on May 2,
2024. CBO estimates that enacting H.R. 5729 would not affect direct spending or revenues. CBO has not estimated the bill's effects on spending subject to
appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 8119.................... PEARL Act....... Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
H.R. 8119 would require Customs and Border Protection to establish a pilot program to adopt dogs from local animal shelters and train them for its therapy dog
program. Under the bill, the program would terminate three years after enactment. CBO estimates that enacting H.R. 8119 would not affect direct spending or
revenues. CBO has not estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as
defined in the Unfunded Mandates Reform Act.
H.R. 9469.................... Pipeline Ordered reported 09/25/24 400 0 0 Not estimated... No No Yes Emma Uebelhor
Security Act.
H.R. 9469 would codify the Transportation Security Administration's responsibility to protect pipelines from terrorists and cybersecurity threats. The bill would
require that agency to report to the Congress on implementing the bill and would direct the Government Accountability Office to review the implementation within
two years of enactment. CBO estimates that enacting H.R. 9469 would not affect direct spending or revenues. CBO has not estimated the bill's effects on spending
subject to appropriation. The bill would impose a private-sector mandate as defined in the Unfunded Mandates Reform Act (UMRA). Because the cost of the mandate
would depend on regulations yet to be published, CBO cannot determine whether the cost would exceed the threshold established in UMRA for private-sector
mandates ($200 million in 2024, adjusted annually for inflation). The bill contains no intergovernmental mandates as defined in UMRA.
H.R. 9668.................... SHIELD Against Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
CCP Act.
H.R. 9668 would require the Department of Homeland Security (DHS) to establish an interagency working group to assess the department's efforts to combat
terrorist, cybersecurity, border, port, and transportation security threats posed by the government of China. The bill would require DHS to report to the
Congress annually on the working group's activities and require the Government Accountability Office to report to the Congress on the bill's implementation.
H.R. 9668 also would require DHS to enhance its situational awareness concerning threats posed by the government of China. CBO estimates that enacting H.R. 9668
would not affect direct spending or revenues. CBO has not estimated the bill's effects on spending subject to appropriation. The bill contains no
intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9689.................... DHS Ordered reported 09/25/24 050 0 0 Not estimated... No No No Aldo Prosperi
Cybersecurity
Internship
Program Act.
H.R. 9689 would require the Department of Homeland Security to establish a cybersecurity internship program. CBO estimates that enacting H.R. 9689 would not
affect direct spending or revenues. CBO has not estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or
private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9731.................... Special Interest Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
Alien Reporting
Act of 2024.
H.R. 9731 would require the Department of Homeland Security to report to the Congress monthly on the number of aliens (non-U.S. nationals) it encounters who pose
a national security risk. CBO estimates that enacting H.R. 9731 would not affect direct spending or revenues. CBO has not estimated the bill's effects on
spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9748.................... Research Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
Security and
Accountability
in DHS Act.
H.R. 9748 would require the Department of Homeland Security (DHS) to develop a policy to protect its research and development projects from unauthorized access
or disclosure. The bill also would require the Government Accountability Office to report to the Congress within one year of enactment on DHS's compliance with
governmentwide policies to protect research and development. CBO estimates that enacting H.R. 9748 would not affect direct spending or revenues. CBO has not
estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded
Mandates Reform Act.
H.R. 9749.................... A bill to amend Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
the Homeland
Security Act of
2002 to abolish
the
reorganization
authority of
the Department
of Homeland
Security, and
for other
purposes.
H.R. 9749 would prohibit the Department of Homeland Security (DHS) from establishing, consolidating, or discontinuing organizational units and reallocating
functions within component units. Under current law, DHS is authorized to conduct those activities after providing notice to the Congress. CBO estimates that
enacting H.R. 9749 would not affect direct spending or revenues. CBO has not estimated the bill's effects on spending subject to appropriation. The bill
contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9752.................... Tren de Aragua Ordered reported 09/25/24 750 0 0 Not estimated... No No No Jeremy Crimm
Southwest
Border Security
Threat
Assessment Act.
H.R. 9752 would require the Department of Homeland Security to report to the Congress on countering threats on the southwestern U.S. border posed by the Tren de
Aragua organization. CBO estimates that enacting H.R. 9752 would not affect direct spending or revenues. CBO has not estimated the bill's effects on spending
subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9768.................... Joint Cyber Ordered reported 09/25/24 050 0 0 Not estimated... No No No Aldo Prosperi
Defense
Collaborative
Act.
H.R. 9768 would codify the activities of the Cybersecurity and Infrastructure Security Agency related to analyzing and sharing cybersecurity threat information
with federal, state, and private-sector entities. CBO estimates that enacting H.R. 9768 would not affect direct spending or revenues. CBO has not estimated the
bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates
Reform Act.
H.R. 9769.................... Strengthening Ordered reported 09/25/24 050 0 0 Not estimated... No No No Aldo Prosperi
Cyber
Resilience
Against State-
Sponsored
Threats Act.
H.R. 9769 would establish an interagency task force to detect, analyze, and respond to state-sponsored cybersecurity threats. The bill also would require the
task force to report annually to the Congress on the findings and actions of the task force. CBO estimates that enacting H.R. 9769 would not affect direct
spending or revenues. CBO has not estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector
mandates as defined in the Unfunded Mandates Reform Act.
H.R. 9770.................... Cyber PIVOTT Act Ordered reported 09/25/24 050 0 0 Not estimated... No No No Aldo Prosperi
H.R. 9770 would require the Cybersecurity and Infrastructure Security Agency to establish scholarships and training opportunities for students enrolled in
cybersecurity associate's degree or certification programs. The bill also would require students who participate in the scholarship program to serve for two
years in a federal, state, or local government position. CBO estimates that enacting H.R. 9770 would not affect direct spending or revenues. CBO has not
estimated the bill's effects on spending subject to appropriation. The bill contains no intergovernmental or private-sector mandates as defined in the Unfunded
Mandates Reform Act.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Federal Mandates Statement
The Committee adopts as its own the estimate of Federal
mandates prepared by the Director of the Congressional Budget
Office pursuant to section 423 of the Unfunded Mandates Reform
Act of 1995.
Duplicative Federal Programs
Pursuant to clause 3(c) of rule XIII, the Committee finds
that H.R. 9748 does not contain any provision that establishes
or reauthorizes a program known to be duplicative of another
Federal program.
Statement of General Performance Goals and Objectives
Pursuant to clause 3(c)(4) of rule XIII, the objective of
H.R. 9748 is to amend the Homeland Security Act of 2002 to
require S&T to safeguard sensitive R&D projects and improve
research security efforts within the Department.
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits
In compliance with rule XXI, this bill, as reported,
contains no congressional earmarks, limited tax benefits, or
limited tariff benefits as defined in clause 9(d), 9(e), or
9(f) of rule XXI.
Advisory Committee Statement
No advisory committees within the meaning of section 5(b)
of the Federal Advisory Committee Act were created by this
legislation.
Applicability to the Legislative Branch
The Committee finds that H.R. 9748 does not relate to the
terms and conditions of employment or access to public services
or accommodations within the meaning of section 102(b)(3) of
the Congressional Accountability Act.
Section-by-Section Analysis of the Legislation
Section 1. Short title
This section states that the Act may be cited as the
``Research Security and Accountability in DHS Act.''
Section 2. Safeguarding sensitive research in the Department of
Homeland Security
This section amends Section 302 of the Homeland Security
Act of 2002 and requires S&T to develop a process that
safeguards sensitive information in R&D projects across all
components of the Department and to establish special clauses
in acquisition contracts that limit unauthorized access to, and
disclosure of, sensitive information.
Section 2(b) requires GAO to submit a report to Congress on
how the Department has complied with National Security
Presidential Memorandum-33 (NSPM-33) and adopted the National
Science and Technology Council's (NSTC) 2022 implementation
guidance to safeguard sensitive R&D projects from foreign
malign influence, ownership, and control.
Section 2(c) requires the Secretary of Homeland Security to
provide a briefing to the House Committee on Homeland Security
and the Senate Committee on Homeland Security & Governmental
Affairs to address the 2022 OIG Report on S&T's mismanagement
of R&D projects.
Changes in Existing Law Made by the Bill, as Reported
In compliance with clause 3(e) of rule XIII of the Rules of
the House of Representatives, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
matter is printed in italics, and existing law in which no
change is proposed is shown in roman):
HOMELAND SECURITY ACT OF 2002
* * * * * * *
TITLE III--SCIENCE AND TECHNOLOGY IN SUPPORT OF HOMELAND SECURITY
* * * * * * *
SEC. 302. RESPONSIBILITIES AND AUTHORITIES OF THE UNDER SECRETARY FOR
SCIENCE AND TECHNOLOGY.
The Secretary, acting through the Under Secretary for
Science and Technology, shall have the responsibility for--
(1) advising the Secretary regarding research and
development efforts and priorities in support of the
Department's missions;
(2) developing, in consultation with other
appropriate executive agencies, a national policy and
strategic plan for, identifying priorities, goals,
objectives and policies for, and coordinating the
Federal Government's civilian efforts to identify and
develop countermeasures to chemical, biological, and
other emerging terrorist threats, including the
development of comprehensive, research-based definable
goals for such efforts and development of annual
measurable objectives and specific targets to
accomplish and evaluate the goals for such efforts;
(3) supporting the Under Secretary for Intelligence
and Analysis and the Director of the Cybersecurity and
Infrastructure Security Agency, by assessing and
testing homeland security vulnerabilities and possible
threats;
(4) conducting basic and applied research,
development, demonstration, testing, and evaluation
activities that are relevant to any or all elements of
the Department, through both intramural and extramural
programs, except that such responsibility does not
extend to human health-related research and development
activities;
(5) establishing priorities for, directing, funding,
and conducting national research, development, test and
evaluation, and procurement of technology and systems
for--
(A) preventing the importation of chemical,
biological, and related weapons and material;
and
(B) detecting, preventing, protecting
against, and responding to terrorist attacks;
(6) establishing a system for transferring homeland
security developments or technologies to Federal,
State, local government, and private sector entities;
(7) entering into work agreements, joint
sponsorships, contracts, or any other agreements with
the Department of Energy regarding the use of the
national laboratories or sites and support of the
science and technology base at those facilities;
(8) collaborating with the Secretary of Agriculture
and the Attorney General as provided in section 212 of
the Agricultural Bioterrorism Protection Act of 2002 (7
U.S.C. 8401), as amended by section 1709(b);
(9) collaborating with the Secretary of Health and
Human Services and the Attorney General in determining
any new biological agents and toxins that shall be
listed as ``select agents'' in Appendix A of part 72 of
title 42, Code of Federal Regulations, pursuant to
section 351A of the Public Health Service Act (42
U.S.C. 262a);
(10) supporting United States leadership in science
and technology;
(11) establishing and administering the primary
research and development activities of the Department,
including the long-term research and development needs
and capabilities for all elements of the Department;
(12) coordinating and integrating all research,
development, demonstration, testing, and evaluation
activities of the Department;
(13) coordinating with other appropriate executive
agencies in developing and carrying out the science and
technology agenda of the Department to reduce
duplication and identify unmet needs; [and]
(14) developing and overseeing the administration of
guidelines for merit review of research and development
projects throughout the Department, and for the
dissemination of research conducted or sponsored by the
Department[.]; and
(15) developing, in coordination with appropriate
agency officials, a Department-wide policy and process
to safeguard research and development from unauthorized
access to or disclosure of sensitive information in
research and development acquisitions.
* * * * * * *
[all]