Calendar No. 97
116th CONGRESS 1st Session |
To authorize appropriations for fiscal years 2018, 2019, and 2020 for intelligence and intelligence-related activities of the United States Government, the Community Management Account, and the Central Intelligence Agency Retirement and Disability System, and for other purposes.
May 22, 2019
Mr. Burr, from the Select Committee on Intelligence, reported the following original bill; which was read twice and placed on the calendar
To authorize appropriations for fiscal years 2018, 2019, and 2020 for intelligence and intelligence-related activities of the United States Government, the Community Management Account, and the Central Intelligence Agency Retirement and Disability System, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
(a) Short title.—This Act may be cited as the “Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020”.
(a) Divisions.—This Act is organized into two divisions as follows:
(1) Division A—Intelligence Authorizations for Fiscal Year 2020.
(2) Division B—Intelligence Authorizations for Fiscal Years 2018 and 2019.
(b) Table of contents.—The table of contents for this Act is as follows:
Sec. 1. Short title.
Sec. 2. Divisions and table of contents.
Sec. 3. Definitions.
Sec. 101. Authorization of appropriations.
Sec. 102. Classified schedule of authorizations.
Sec. 103. Intelligence community management account.
Sec. 201. Authorization of appropriations.
Sec. 202. Modification of amount of Central Intelligence Agency voluntary separation pay.
Sec. 301. Restriction on conduct of intelligence activities.
Sec. 302. Increase in employee compensation and benefits authorized by law.
Sec. 303. Improving the onboarding methodology for certain intelligence personnel.
Sec. 304. Intelligence community public-private talent exchange.
Sec. 305. Expansion of scope of protections for identities of covert agents.
Sec. 306. Inclusion of security risks in program management plans required for acquisition of major systems in National Intelligence Program.
Sec. 307. Paid parental leave.
Sec. 311. Exclusivity, consistency, and transparency in security clearance procedures and right to appeal.
Sec. 312. Limitation on transfer of National Intelligence University.
Sec. 313. Improving visibility into the security clearance process.
Sec. 314. Making certain policies and execution plans relating to personnel clearances available to industry partners.
Sec. 321. Definitions.
Sec. 322. Inspector General external review panel.
Sec. 323. Harmonization of whistleblower processes and procedures.
Sec. 324. Intelligence community oversight of agency whistleblower actions.
Sec. 325. Report on cleared whistleblower attorneys.
Sec. 401. Study on foreign employment of former personnel of intelligence community.
Sec. 402. Comprehensive economic assessment of investment in key United States technologies by companies or organizations linked to China.
Sec. 403. Analysis of and periodic briefings on major initiatives of intelligence community in artificial intelligence and machine learning.
Sec. 404. Encouraging cooperative actions to detect and counter foreign influence operations.
Sec. 405. Oversight of foreign influence in academia.
Sec. 406. Director of National Intelligence report on fifth-generation wireless network technology.
Sec. 407. Annual report by Comptroller General of the United States on cybersecurity and surveillance threats to Congress.
Sec. 408. Director of National Intelligence assessments of foreign interference in elections.
Sec. 409. Study on feasibility and advisability of establishing Geospatial-Intelligence Museum and learning center.
Sec. 410. Report on death of Jamal Khashoggi.
Sec. 101. Authorization of appropriations.
Sec. 102. Classified Schedule of Authorizations.
Sec. 103. Intelligence Community Management Account.
Sec. 201. Authorization of appropriations.
Sec. 202. Computation of annuities for employees of the Central Intelligence Agency.
Sec. 301. Restriction on conduct of intelligence activities.
Sec. 302. Increase in employee compensation and benefits authorized by law.
Sec. 303. Modification of special pay authority for science, technology, engineering, or mathematics positions and addition of special pay authority for cyber positions.
Sec. 304. Modification of appointment of Chief Information Officer of the Intelligence Community.
Sec. 305. Director of National Intelligence review of placement of positions within the intelligence community on the Executive Schedule.
Sec. 306. Supply Chain and Counterintelligence Risk Management Task Force.
Sec. 307. Consideration of adversarial telecommunications and cybersecurity infrastructure when sharing intelligence with foreign governments and entities.
Sec. 308. Cyber protection support for the personnel of the intelligence community in positions highly vulnerable to cyber attack.
Sec. 309. Modification of authority relating to management of supply-chain risk.
Sec. 310. Limitations on determinations regarding certain security classifications.
Sec. 311. Joint Intelligence Community Council.
Sec. 312. Intelligence community information technology environment.
Sec. 313. Report on development of secure mobile voice solution for intelligence community.
Sec. 314. Policy on minimum insider threat standards.
Sec. 315. Submission of intelligence community policies.
Sec. 316. Expansion of intelligence community recruitment efforts.
Sec. 401. Authority for protection of current and former employees of the Office of the Director of National Intelligence.
Sec. 402. Designation of the program manager-information sharing environment.
Sec. 403. Technical modification to the executive schedule.
Sec. 404. Chief Financial Officer of the Intelligence Community.
Sec. 405. Chief Information Officer of the Intelligence Community.
Sec. 411. Central Intelligence Agency subsistence for personnel assigned to austere locations.
Sec. 412. Expansion of security protective service jurisdiction of the Central Intelligence Agency.
Sec. 413. Repeal of foreign language proficiency requirement for certain senior level positions in the Central Intelligence Agency.
Sec. 421. Consolidation of Department of Energy Offices of Intelligence and Counterintelligence.
Sec. 422. Establishment of Energy Infrastructure Security Center.
Sec. 423. Repeal of Department of Energy Intelligence Executive Committee and budget reporting requirement.
Sec. 431. Plan for designation of counterintelligence component of Defense Security Service as an element of intelligence community.
Sec. 432. Notice not required for private entities.
Sec. 433. Framework for roles, missions, and functions of Defense Intelligence Agency.
Sec. 434. Establishment of advisory board for National Reconnaissance Office.
Sec. 435. Collocation of certain Department of Homeland Security personnel at field locations.
Sec. 501. Report on cyber attacks by foreign governments against United States election infrastructure.
Sec. 502. Review of intelligence community's posture to collect against and analyze Russian efforts to influence the Presidential election.
Sec. 503. Assessment of foreign intelligence threats to Federal elections.
Sec. 504. Strategy for countering Russian cyber threats to United States elections.
Sec. 505. Assessment of significant Russian influence campaigns directed at foreign elections and referenda.
Sec. 506. Foreign counterintelligence and cybersecurity threats to Federal election campaigns.
Sec. 507. Information sharing with State election officials.
Sec. 508. Notification of significant foreign cyber intrusions and active measures campaigns directed at elections for Federal offices.
Sec. 509. Designation of counterintelligence officer to lead election security matters.
Sec. 601. Definitions.
Sec. 602. Reports and plans relating to security clearances and background investigations.
Sec. 603. Improving the process for security clearances.
Sec. 604. Goals for promptness of determinations regarding security clearances.
Sec. 605. Security Executive Agent.
Sec. 606. Report on unified, simplified, Governmentwide standards for positions of trust and security clearances.
Sec. 607. Report on clearance in person concept.
Sec. 608. Budget request documentation on funding for background investigations.
Sec. 609. Reports on reciprocity for security clearances inside of departments and agencies.
Sec. 610. Intelligence community reports on security clearances.
Sec. 611. Periodic report on positions in the intelligence community that can be conducted without access to classified information, networks, or facilities.
Sec. 612. Information sharing program for positions of trust and security clearances.
Sec. 613. Report on protections for confidentiality of whistleblower-related communications.
Sec. 701. Limitation relating to establishment or support of cybersecurity unit with the Russian Federation.
Sec. 702. Report on returning Russian compounds.
Sec. 703. Assessment of threat finance relating to Russia.
Sec. 704. Notification of an active measures campaign.
Sec. 705. Notification of travel by accredited diplomatic and consular personnel of the Russian Federation in the United States.
Sec. 706. Report on outreach strategy addressing threats from United States adversaries to the United States technology sector.
Sec. 707. Report on Iranian support of proxy forces in Syria and Lebanon.
Sec. 708. Annual report on Iranian expenditures supporting foreign military and terrorist activities.
Sec. 709. Expansion of scope of committee to counter active measures and report on establishment of Foreign Malign Influence Center.
Sec. 711. Technical correction to Inspector General study.
Sec. 712. Reports on authorities of the Chief Intelligence Officer of the Department of Homeland Security.
Sec. 713. Report on cyber exchange program.
Sec. 714. Review of intelligence community whistleblower matters.
Sec. 715. Report on role of Director of National Intelligence with respect to certain foreign investments.
Sec. 716. Report on surveillance by foreign governments against United States telecommunications networks.
Sec. 717. Biennial report on foreign investment risks.
Sec. 718. Modification of certain reporting requirement on travel of foreign diplomats.
Sec. 719. Semiannual reports on investigations of unauthorized disclosures of classified information.
Sec. 720. Congressional notification of designation of covered intelligence officer as persona non grata.
Sec. 721. Reports on intelligence community participation in vulnerabilities equities process of Federal Government.
Sec. 722. Inspectors General reports on classification.
Sec. 723. Reports on global water insecurity and national security implications and briefing on emerging infectious disease and pandemics.
Sec. 724. Annual report on memoranda of understanding between elements of intelligence community and other entities of the United States Government regarding significant operational activities or policy.
Sec. 725. Study on the feasibility of encrypting unclassified wireline and wireless telephone calls.
Sec. 726. Modification of requirement for annual report on hiring and retention of minority employees.
Sec. 727. Reports on intelligence community loan repayment and related programs.
Sec. 728. Repeal of certain reporting requirements.
Sec. 729. Inspector General of the Intelligence Community report on senior executives of the Office of the Director of National Intelligence.
Sec. 730. Briefing on Federal Bureau of Investigation offering permanent residence to sources and cooperators.
Sec. 731. Intelligence assessment of North Korea revenue sources.
Sec. 732. Report on possible exploitation of virtual currencies by terrorist actors.
Sec. 741. Public Interest Declassification Board.
Sec. 742. Securing energy infrastructure.
Sec. 743. Bug bounty programs.
Sec. 744. Modification of authorities relating to the National Intelligence University.
Sec. 745. Technical and clerical amendments to the National Security Act of 1947.
Sec. 746. Technical amendments related to the Department of Energy.
Sec. 747. Sense of Congress on notification of certain disclosures of classified information.
Sec. 748. Sense of Congress on consideration of espionage activities when considering whether or not to provide visas to foreign individuals to be accredited to a United Nations mission in the United States.
Sec. 749. Sense of Congress on WikiLeaks.
In this Act:
(1) CONGRESSIONAL INTELLIGENCE COMMITTEES.—The term “congressional intelligence committees” has the meaning given such term in section 3 of the National Security Act of 1947 (50 U.S.C. 3003).
(2) INTELLIGENCE COMMUNITY.—The term “intelligence community” has the meaning given such term in such section.
Funds are hereby authorized to be appropriated for fiscal year 2020 for the conduct of the intelligence and intelligence-related activities of the following elements of the United States Government:
(1) The Office of the Director of National Intelligence.
(2) The Central Intelligence Agency.
(3) The Department of Defense.
(4) The Defense Intelligence Agency.
(5) The National Security Agency.
(6) The Department of the Army, the Department of the Navy, and the Department of the Air Force.
(7) The Coast Guard.
(8) The Department of State.
(9) The Department of the Treasury.
(10) The Department of Energy.
(11) The Department of Justice.
(12) The Federal Bureau of Investigation.
(13) The Drug Enforcement Administration.
(14) The National Reconnaissance Office.
(15) The National Geospatial-Intelligence Agency.
(16) The Department of Homeland Security.
(a) Specifications of amounts.—The amounts authorized to be appropriated under section 101 for the conduct of the intelligence activities of the elements listed in paragraphs (1) through (16) of section 101, are those specified in the classified Schedule of Authorizations prepared to accompany this division.
(b) Availability of classified schedule of authorizations.—
(1) AVAILABILITY.—The classified Schedule of Authorizations referred to in subsection (a) shall be made available to the Committee on Appropriations of the Senate, the Committee on Appropriations of the House of Representatives, and to the President.
(2) DISTRIBUTION BY THE PRESIDENT.—Subject to paragraph (3), the President shall provide for suitable distribution of the classified Schedule of Authorizations referred to in subsection (a), or of appropriate portions of such Schedule, within the executive branch.
(3) LIMITS ON DISCLOSURE.—The President shall not publicly disclose the classified Schedule of Authorizations or any portion of such Schedule except—
(A) as provided in section 601(a) of the Implementing Recommendations of the 9/11 Commission Act of 2007 (50 U.S.C. 3306(a));
(B) to the extent necessary to implement the budget; or
(C) as otherwise required by law.
(a) Authorization of appropriations.—There is authorized to be appropriated for the Intelligence Community Management Account of the Director of National Intelligence for fiscal year 2020 the sum of $558,000,000.
(b) Classified authorization of appropriations.—In addition to amounts authorized to be appropriated for the Intelligence Community Management Account by subsection (a), there are authorized to be appropriated for the Intelligence Community Management Account for fiscal year 2020 such additional amounts as are specified in the classified Schedule of Authorizations referred to in section 102(a).
There is authorized to be appropriated for the Central Intelligence Agency Retirement and Disability Fund $514,000,000 for fiscal year 2020.
Section 2 of the Central Intelligence Agency Voluntary Separation Pay Act (50 U.S.C. 3519a(e)(2)) is amended—
(1) in subsection (e)(2)(B), by striking “$25,000” and inserting “$40,000 (as adjusted from time to time under subsection (f))”;
(2) by redesignating subsections (f) and (g) as subsections (g) and (h), respectively; and
(3) by inserting after subsection (e) the following:
“(1) IN GENERAL.—On March 1 of each year, the Director shall provide a percentage increase (rounded in accordance with paragraph (2)) in the amount specified in subsection (e)(2)(B), equal to the percentage by which—
“(A) the Consumer Price Index (all items, United States city average) for the 12-month period ending on the December 31 immediately preceding the date on which the increase is made, exceeds
“(B) the Consumer Price Index for the 12-month period preceding the 12-month period described in subparagraph (A).
“(2) ROUNDING.—A percentage increase under paragraph (1) shall be adjusted to the nearest one-tenth of one percent, and an amount determined under paragraph (1) shall be rounded to the nearest multiple of $1,000 (or, if midway between multiples of $1,000, to the next higher multiple of $1,000).”.
The authorization of appropriations by this division shall not be deemed to constitute authority for the conduct of any intelligence activity which is not otherwise authorized by the Constitution or the laws of the United States.
Appropriations authorized by this division for salary, pay, retirement, and other benefits for Federal employees may be increased by such additional or supplemental amounts as may be necessary for increases in such compensation or benefits authorized by law.
(a) Definitions.—In this section:
(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—
(A) the Select Committee on Intelligence and the Committee on Armed Services of the Senate; and
(B) the Permanent Select Committee on Intelligence and the Committee on Armed Services of the House of Representatives.
(2) COVERED ELEMENTS OF THE INTELLIGENCE COMMUNITY.—The term “covered elements of the intelligence community” means the elements of the intelligence community that are within the following:
(A) The Department of Energy.
(B) The Department of Homeland Security.
(C) The Department of Justice.
(D) The Department of State.
(E) The Department of the Treasury.
(b) In general.—The Secretary of Defense and the Director of National Intelligence shall, consistent with Department of Defense Instruction 1400.25, as in effect on the day before the date of the enactment of this Act—
(1) not later than 180 days after the date of the enactment of this Act, submit to the appropriate committees of Congress a report that outlines a common methodology for measuring onboarding in covered elements of the intelligence community, including human resources and security processes;
(2) not later than 1 year after the date of the enactment of this Act, issue metrics for assessing key phases in the onboarding described in paragraph (1) for which results will be reported by the date that is 90 days after the date of such issuance;
(3) not later than 180 days after the date of the enactment of this Act, submit to the appropriate committees of Congress a report on collaboration among covered elements of the intelligence community on their onboarding processes;
(4) not later than 180 days after the date of the enactment of this Act, submit to the appropriate committees of Congress a report on employment of automated mechanisms in covered elements of the intelligence community, including for tracking personnel as they pass through each phase of the onboarding process; and
(5) not later than December 31, 2020, distribute surveys to human resources offices and applicants about their experiences with the onboarding process in covered elements of the intelligence community.
(a) Policies, processes, and procedures required.—Not later than 270 days after the date of the enactment of this Act, the Director of National Intelligence shall develop policies, processes, and procedures to facilitate the rotation of personnel of the intelligence community to the private sector, and personnel from the private sector to the intelligence community.
(b) Detail authority.—Under policies developed by the Director pursuant to subsection (a), with the agreement of a private-sector organization, and with the consent of the employee, a head of an element of the intelligence community may arrange for the temporary detail of an employee of such element to such private-sector organization, or from such private-sector organization to such element under this section.
(1) IN GENERAL.—A head of an element of the intelligence community exercising the authority of the head under subsection (a) shall provide for a written agreement among the element of the intelligence community, the private-sector organization, and the employee concerned regarding the terms and conditions of the employee’s detail under this section. The agreement—
(A) shall require that the employee of the element, upon completion of the detail, serve in the element, or elsewhere in the civil service if approved by the head of the element, for a period of at least equal to the length of the detail;
(B) shall provide that if the employee of the element fails to carry out the agreement, such employee shall be liable to the United States for payment of all non-salary and benefit expenses of the detail, unless that failure was for good and sufficient reason, as determined by the head of the element;
(C) shall contain language informing such employee of the prohibition on improperly sharing or using non-public information that such employee may be privy to or aware of related to element programming, budgeting, resourcing, acquisition, or procurement for the benefit or advantage of the private-sector organization; and
(D) shall contain language requiring the employee to acknowledge the obligations of the employee under section 1905 of title 18, United States Code (relating to trade secrets).
(2) AMOUNT OF LIABILITY.—An amount for which an employee is liable under paragraph (1) shall be treated as a debt due the United States.
(3) WAIVER.—The head of an element of the intelligence community may waive, in whole or in part, collection of a debt described in paragraph (2) based on a determination that the collection would be against equity and good conscience and not in the best interests of the United States, after taking into account any indication of fraud, misrepresentation, fault, or lack of good faith on the part of the employee.
(d) Termination.—A detail under this section may, at any time and for any reason, be terminated by the head of the element of the intelligence community concerned or the private-sector organization concerned.
(1) IN GENERAL.—A detail under this section shall be for a period of not less than 3 months and not more than 2 years, renewable up to a total of 3 years.
(2) LONGER PERIODS.—A detail under this section may be for a period in excess of 2 years, but not more than 3 years, if the head of the element making the detail determines that such detail is necessary to meet critical mission or program requirements.
(3) LIMITATION.—No employee of an element of the intelligence community may be detailed under this section for more than a total of 5 years, inclusive of all such details.
(f) Status of Federal employees detailed to private-sector organizations.—
(1) IN GENERAL.—An employee of an element of the intelligence community who is detailed to a private-sector organization under this section shall be considered, during the period of detail, to be on a regular work assignment in the element for all purposes. The written agreement established under subsection (c)(1) shall address the specific terms and conditions related to the employee’s continued status as a Federal employee.
(2) REQUIREMENTS.—In establishing a temporary detail of an employee of an element of the intelligence community to a private-sector organization, the head of the element shall—
(A) certify that the temporary detail of such employee shall not have an adverse or negative impact on mission attainment or organizational capabilities associated with the detail; and
(B) in the case of an element of the intelligence community in the Department of Defense, ensure that the normal duties and functions of such employees are not, as a result of and during the course of such temporary detail, performed or augmented by contractor personnel in violation of the provisions of section 2461 of title 10, United States Code.
(g) Terms and conditions for private-sector employees.—An employee of a private-sector organization who is detailed to an element of the intelligence community under this section—
(1) shall continue to receive pay and benefits from the private-sector organization from which such employee is detailed and shall not receive pay or benefits from the element, except as provided in paragraph (2);
(2) is deemed to be an employee of the element for the purposes of—
(A) chapters 73 and 81 of title 5, United States Code;
(B) sections 201, 203, 205, 207, 208, 209, 603, 606, 607, 643, 654, 1905, and 1913 of title 18, United States Code;
(C) sections 1343, 1344, and 1349(b) of title 31, United States Code;
(D) chapter 171 of title 28, United States Code (commonly known as the “Federal Tort Claims Act”) and any other Federal tort liability statute;
(E) the Ethics in Government Act of 1978 (5 U.S.C. App.); and
(F) chapter 21 of title 41, United States Code;
(3) may perform work that is considered inherently governmental in nature only when requested in writing by the head of the element;
(4) may not be used to circumvent any limitation or restriction on the size of the workforce of the element;
(5) shall be subject to the same requirements applicable to an employee performing the same functions and duties proposed for performance by the private sector employee; and
(6) in the case of an element of the intelligence community in the Department of Defense, may not be used to circumvent the provisions of section 2461 of title 10, United States Code.
(h) Prohibition against charging certain costs to the Federal Government.—A private-sector organization may not charge an element of the intelligence community or any other agency of the Federal Government, as direct costs under a Federal contract, the costs of pay or benefits paid by the organization to an employee detailed to an element of the intelligence community under this section for the period of the detail and any subsequent renewal periods.
(i) Additional administrative matters.—In carrying out this section, the Director, pursuant to procedures developed under subsection (a)—
(1) shall, to the degree practicable, ensure that small business concerns are represented with respect to details authorized by this section;
(2) may, notwithstanding any other provision of law, establish criteria for elements of the intelligence community to use appropriated funds to reimburse small business concerns for the salaries and benefits of its employees during the periods when the small business concern agrees to detail its employees to the intelligence community under this section;
(3) shall take into consideration the question of how details under this section might best be used to help meet the needs of the intelligence community, including with respect to the training of employees;
(4) shall take into consideration areas of private-sector expertise that are critical to the intelligence community; and
(5) shall establish oversight mechanisms to determine whether the public-private exchange authorized by this section improves the efficiency and effectiveness of the intelligence community.
(j) Definitions.—In this section:
(1) DETAIL.—The term “detail” means, as appropriate in the context in which such term is used—
(A) the assignment or loan of an employee of an element of the intelligence community to a private-sector organization without a change of position from the intelligence community element that employs the individual; or
(B) the assignment or loan of an employee of a private-sector organization to an element of the intelligence community without a change of position from the private-sector organization that employs the individual.
(2) PRIVATE-SECTOR ORGANIZATION.—The term “private-sector organization” means—
(A) a for-profit organization; or
(B) a not-for-profit organization.
(3) SMALL BUSINESS CONCERN.—The term “small business concern” has the meaning given such term in section 3703(e)(2) of title 5, United States Code.
Section 605(4) of the National Security Act of 1947 (50 U.S.C. 3126(4)) is amended—
(A) by striking clause (ii);
(B) in clause (i), by striking “, and” and inserting “; or”; and
(C) by striking “agency—” and all that follows through “whose identity” and inserting “agency whose identity”; and
(2) in subparagraph (B)(i), by striking “resides and acts outside the United States” and inserting “acts”.
Section 102A(q)(1)(A) of the National Security Act of 1947 (50 U.S.C. 3024(q)(1)(A)) is amended by inserting “security risks,” after “schedule,”.
(a) Purpose.—The purpose of this section is to—
(1) help the intelligence community recruit and retain a dynamic, multi-talented, and diverse workforce capable of meeting the security goals of the United States; and
(2) establish best practices and processes for other elements of the Federal Government seeking to pursue similar policies.
(b) Authorization of paid parental leave for intelligence community employees.—
(1) IN GENERAL.—Title III of the National Security Act of 1947 (50 U.S.C. 3071 et seq.) is amended by inserting after section 304 the following:
“SEC. 305. Paid parental leave.
“(a) Paid parental leave.—Notwithstanding any other provision of law, a civilian employee of an element of the intelligence community shall have available a total of 12 administrative workweeks of paid parental leave in the event of the birth of a son or daughter to the employee, or placement of a son or daughter with the employee for adoption or foster care, and in order to care for such son or daughter, to be used during the 12-month period beginning on the date of the birth or placement.
“(b) Treatment of parental leave request.—Notwithstanding any other provision of law—
“(1) an element of the intelligence community shall accommodate an employee’s leave schedule request under subsection (a), including a request to use such leave intermittently or on a reduced leave schedule, to the extent that the requested leave schedule does not unduly disrupt agency operations; and
“(2) to the extent that an employee’s requested leave schedule as described in paragraph (1) is based on medical necessity related to a serious health condition connected to the birth of a son or daughter, the employing element shall handle the scheduling consistent with the treatment of employees who are using leave under subparagraph (C) or (D) of section 6382(a)(1) of title 5, United States Code.
“(c) Rules relating to paid leave.—Notwithstanding any other provision of law—
“(1) an employee may not be required to first use all or any portion of any unpaid leave available to the employee before being allowed to use the paid parental leave described in subsection (a); and
“(2) paid parental leave under subsection (a)—
“(A) shall be payable from any appropriation or fund available for salaries or expenses for positions within the employing element;
“(B) may not be considered to be annual or vacation leave for purposes of section 5551 or 5552 of title 5, United States Code, or for any other purpose;
“(C) if not used by the employee before the end of the 12-month period described in subsection (a) to which the leave relates, may not be available for any subsequent use and may not be converted into a cash payment;
“(D) may be granted only to the extent that the employee does not receive a total of more than 12 weeks of paid parental leave in any 12-month period beginning on the date of a birth or placement;
“(i) in excess of a lifetime aggregate total of 30 administrative workweeks based on placements of a foster child for any individual employee; or
“(ii) in connection with temporary foster care placements expected to last less than 1 year;
“(F) may not be granted for a child being placed for foster care or adoption if such leave was previously granted to the same employee when the same child was placed with the employee for foster care in the past;
“(G) shall be used in increments of hours (or fractions thereof), with 12 administrative workweeks equal to 480 hours for employees with a regular full-time work schedule and converted to a proportional number of hours for employees with part-time, seasonal, or uncommon tours of duty; and
“(H) may not be used during off-season (nonpay status) periods for employees with seasonal work schedules.
“(d) Implementation plan.—Not later than 1 year after the date of enactment of this section, the Director of National Intelligence shall provide the congressional intelligence committees with an implementation plan that includes—
“(1) processes and procedures for implementing the paid parental leave policies under subsections (a) through (c);
“(2) an explanation of how the implementation of subsections (a) through (c) will be reconciled with policies of other elements of the Federal Government, including the impact on elements funded by the National Intelligence Program that are housed within agencies outside the intelligence community;
“(3) the projected impact of the implementation of subsections (a) through (c) on the workforce of the intelligence community, including take rates, retention, recruiting, and morale, broken down by each element of the intelligence community; and
“(4) all costs or operational expenses associated with the implementation of subsections (a) through (c).
“(e) Directive.—Not later than 90 days after the Director of National Intelligence submits the implementation plan under subsection (d), the Director of National Intelligence shall issue a written directive to implement this section, which directive shall take effect on the date of issuance.
“(f) Annual report.—The Director of National Intelligence shall submit to the congressional intelligence committees an annual report that—
“(1) details the number of employees of each element of the intelligence community who applied for and took paid parental leave under subsection (a) during the year covered by the report; and
“(2) includes updates on major implementation challenges or costs associated with paid parental leave.
“(g) Definition of son or daughter.—For purposes of this section, the term ‘son or daughter’ has the meaning given the term in section 6381 of title 5, United States Code.”.
(2) CLERICAL AMENDMENT.—The table of contents in the matter preceding section 2 of the National Security Act of 1947 (50 U.S.C. 3002) is amended by inserting after the item relating to section 304 the following:
“Sec. 305. Paid parental leave.”.
(c) Applicability.—Section 305 of the National Security Act of 1947, as added by subsection (b), shall apply with respect to leave taken in connection with the birth or placement of a son or daughter that occurs on or after the date on which the Director of National Intelligence issues the written directive under subsection (e) of such section 305.
(a) Exclusivity of procedures.—Section 801 of the National Security Act of 1947 (50 U.S.C. 3161) is amended by adding at the end the following:
“(c) Exclusivity.—Except as provided in subsection (b) and subject to sections 801A and 801B, the procedures established pursuant to subsection (a) shall be the exclusive procedures by which decisions about eligibility for access to classified information are governed.”.
(b) Transparency.—Such section is further amended by adding at the end the following:
“(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this subsection, the President shall—
“(A) publish in the Federal Register the procedures established pursuant to subsection (a); or
“(B) submit to Congress a certification that the procedures currently in effect that govern access to classified information as described in subsection (a)—
“(i) are published in the Federal Register; and
“(ii) comply with the requirements of subsection (a).
“(2) UPDATES.—Whenever the President makes a revision to a procedure established pursuant to subsection (a), the President shall publish such revision in the Federal Register not later than 30 days before the date on which the revision becomes effective.”.
(1) IN GENERAL.—Title VIII of the National Security Act of 1947 (50 U.S.C. 3161 et seq.) is amended by inserting after section 801 the following:
“SEC. 801A. Decisions relating to access to classified information.
“(a) Definitions.—In this section:
“(1) AGENCY.—The term ‘agency’ has the meaning given the term ‘Executive agency’ in section 105 of title 5, United States Code.
“(2) CLASSIFIED INFORMATION.—The term ‘classified information’ includes sensitive compartmented information, restricted data, restricted handling information, and other compartmented information.
“(3) ELIGIBILITY FOR ACCESS TO CLASSIFIED INFORMATION.—The term ‘eligibility for access to classified information’ has the meaning given such term in the procedures established pursuant to section 801(a).
“(b) In general.—Each head of an agency that makes a determination regarding eligibility for access to classified information shall ensure that in making the determination, the head of the agency or any person acting on behalf of the agency—
“(1) does not violate any right or protection enshrined in the Constitution of the United States, including rights articulated in the First, Fifth, and Fourteenth Amendments;
“(2) does not discriminate for or against an individual on the basis of race, color, religion, sex, national origin, age, or handicap;
“(A) retaliation for political activities or beliefs; or
“(B) a coercion or reprisal described in section 2302(b)(3) of title 5, United States Code; and
“(4) does not violate section 3001(j)(1) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)(1)).”.
(2) CLERICAL AMENDMENT.—The table of contents in the matter preceding section 2 of the National Security Act of 1947 (50 U.S.C. 3002) is amended by inserting after the item relating to section 801 the following:
“Sec. 801A. Decisions relating to access to classified information.”.
(1) IN GENERAL.—Such title, as amended by subsection (c), is further amended by inserting after section 801A the following:
“(a) Definitions.—In this section:
“(1) AGENCY.—The term ‘agency’ has the meaning given the term ‘Executive agency’ in section 105 of title 5, United States Code.
“(2) COVERED PERSON.—The term ‘covered person’ means a person, other than the President and Vice President, currently or formerly employed in, detailed to, assigned to, or issued an authorized conditional offer of employment for a position that requires access to classified information by an agency, including the following:
“(A) A member of the Armed Forces.
“(B) A civilian.
“(C) An expert or consultant with a contractual or personnel obligation to an agency.
“(D) Any other category of person who acts for or on behalf of an agency as determined by the head of the agency.
“(3) ELIGIBILITY FOR ACCESS TO CLASSIFIED INFORMATION.—The term ‘eligibility for access to classified information’ has the meaning given such term in the procedures established pursuant to section 801(a).
“(4) NEED FOR ACCESS.—The term ‘need for access’ has such meaning as the President may define in the procedures established pursuant to section 801(a).
“(5) SECURITY EXECUTIVE AGENT.—The term ‘Security Executive Agent’ means the officer serving as the Security Executive Agent pursuant to section 803.
“(1) IN GENERAL.—Not later than 180 days after the date of the enactment of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020, each head of an agency shall, consistent with the interest of national security, establish and publish in the Federal Register a process by which a covered person to whom eligibility for access to classified information was denied or revoked by the agency can appeal that denial or revocation within the agency.
“(2) ELEMENTS.—The process required by paragraph (1) shall include the following:
“(A) In the case of a covered person to whom eligibility for access to classified information is denied or revoked by an agency, the following:
“(i) The head of the agency shall provide the covered person with a written—
“(I) detailed explanation of the basis for the denial or revocation as the head of the agency determines is consistent with the interests of national security and as permitted by other applicable provisions of law; and
“(II) notice of the right of the covered person to a hearing and appeal under this subsection.
“(ii) Not later than 30 days after receiving a request from the covered person for copies of the documents that formed the basis of the agency's decision to revoke or deny, including the investigative file, the head of the agency shall provide to the covered person copies of such documents as—
“(I) the head of the agency determines is consistent with the interests of national security; and
“(II) permitted by other applicable provisions of law, including—
“(aa) section 552 of title 5, United States Code (commonly known as the ‘Freedom of Information Act’);
“(bb) section 552a of such title (commonly known as the ‘Privacy Act of 1974’); and
“(cc) such other provisions of law relating to the protection of confidential sources and privacy of individuals.
“(iii) (I) The covered person shall have the opportunity to retain counsel or other representation at the covered person’s expense.
“(II) Upon the request of the covered person, and a showing that the ability to review classified information is essential to the resolution of an appeal under this subsection, counsel or other representation retained under this clause shall be considered for access to classified information for the limited purposes of such appeal.
“(iv) (I) The head of the agency shall provide the covered person an opportunity, at a point in the process determined by the agency head—
“(aa) to appear personally before an adjudicative or other authority, other than the investigating entity, and to present to such authority relevant documents, materials, and information, including evidence that past problems relating to the denial or revocation have been overcome or sufficiently mitigated; and
“(bb) to call and cross-examine witnesses before such authority, unless the head of the agency determines that calling and cross-examining witnesses is not consistent with the interests of national security.
“(II) The head of the agency shall make, as part of the security record of the covered person, a written summary, transcript, or recording of any appearance under item (aa) of subclause (I) or calling or cross-examining of witnesses under item (bb) of such subclause.
“(v) On or before the date that is 30 days after the date on which the covered person receives copies of documents under clause (ii), the covered person may request a hearing of the decision to deny or revoke by filing a written appeal with the head of the agency.
“(B) A requirement that each review of a decision under this subsection is completed on average not later than 180 days after the date on which a hearing is requested under subparagraph (A)(v).
“(A) IN GENERAL.—Each head of an agency shall establish a panel to hear and review appeals under this subsection.
“(i) COMPOSITION.—Each panel established by the head of an agency under subparagraph (A) shall be composed of at least three employees of the agency selected by the head, two of whom shall not be members of the security field.
“(ii) TERMS.—A term of service on a panel established by the head of an agency under subparagraph (A) shall not exceed 2 years.
“(i) WRITTEN.—Each decision of a panel established under subparagraph (A) shall be in writing and contain a justification of the decision.
“(ii) CONSISTENCY.—Each head of an agency that establishes a panel under subparagraph (A) shall ensure that each decision of the panel is consistent with the interests of national security and applicable provisions of law.
“(iii) OVERTURN.—The head of an agency may overturn a decision of the panel if, not later than 30 days after the date on which the panel issues the decision, the agency head personally exercises the authority granted by this clause to overturn such decision.
“(iv) FINALITY.—Each decision of a panel established under subparagraph (A) or overturned pursuant to clause (iii) of this subparagraph shall be final but subject to appeal and review under subsection (c).
“(D) ACCESS TO CLASSIFIED INFORMATION.—The head of an agency that establishes a panel under subparagraph (A) shall afford access to classified information to the members of the panel as the head determines—
“(i) necessary for the panel to hear and review an appeal under this subsection; and
“(ii) consistent with the interests of national security.
“(4) REPRESENTATION BY COUNSEL.—
“(A) IN GENERAL.—Each head of an agency shall ensure that, under this subsection, a covered person appealing a decision of the head's agency under this subsection has an opportunity to retain counsel or other representation at the covered person’s expense.
“(B) ACCESS TO CLASSIFIED INFORMATION.—
“(i) IN GENERAL.—Upon the request of a covered person appealing a decision of an agency under this subsection and a showing that the ability to review classified information is essential to the resolution of the appeal under this subsection, the head of the agency shall sponsor an application by the counsel or other representation retained under this paragraph for access to classified information for the limited purposes of such appeal.
“(ii) EXTENT OF ACCESS.—Counsel or another representative who is cleared for access under this subparagraph may be afforded access to relevant classified materials to the extent consistent with the interests of national security.
“(A) IN GENERAL.—If, in the course of proceedings under this subsection, the head of an agency or a panel established by the head under paragraph (3) decides that a covered person's eligibility for access to classified information was improperly denied or revoked by the agency, the agency shall take corrective action to return the covered person, as nearly as practicable and reasonable, to the position such covered person would have held had the improper denial or revocation not occurred.
“(B) COMPENSATION.—Corrective action under subparagraph (A) may include compensation, in an amount not to exceed $300,000, for any loss of wages or benefits suffered, or expenses otherwise incurred, by reason of such improper denial or revocation.
“(6) PUBLICATION OF DECISIONS.—
“(A) IN GENERAL.—Each head of an agency shall publish each final decision on an appeal under this subsection.
“(B) REQUIREMENTS.—In order to ensure transparency, oversight by Congress, and meaningful information for those who need to understand how the clearance process works, each publication under subparagraph (A) shall be—
“(i) made in a manner that is consistent with section 552 of title 5, United States Code, as amended by the Electronic Freedom of Information Act Amendments of 1996 (Public Law 104–231);
“(ii) published to explain the facts of the case, redacting personally identifiable information and sensitive program information; and
“(iii) made available on a website that is searchable by members of the public.
“(A) ESTABLISHMENT.—Not later than 180 days after the date of the enactment of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020, the Security Executive Agent shall establish a panel to review decisions made on appeals pursuant to the processes established under subsection (b).
“(B) SCOPE OF REVIEW AND JURISDICTION.—After initial review to verify grounds for appeal, the panel established under subparagraph (A) shall review such decisions only—
“(i) as they relate to violations of section 801A(b); or
“(ii) to the extent to which an agency properly conducted a review of an appeal under subsection (b).
“(C) COMPOSITION.—The panel established pursuant to subparagraph (A) shall be composed of three individuals selected by the Security Executive Agent for purposes of the panel, of whom at least one shall be an attorney.
“(i) INITIATION.—On or before the date that is 30 days after the date on which a covered person receives a written decision on an appeal under subsection (b), the covered person may initiate oversight of that decision by filing a written appeal with the Security Executive Agent.
“(ii) FILING.—A written appeal filed under clause (i) relating to a decision of an agency shall be filed in such form, in such manner, and containing such information as the Security Executive Agent may require, including—
“(aa) any alleged violations of section 801A(b) relating to the denial or revocation of the covered person's eligibility for access to classified information; and
“(bb) any allegations of how the decision may have been the result of the agency failing to properly conduct a review under subsection (b); and
“(II) supporting materials and information for the allegations described under subclause (I).
“(B) TIMELINESS.—The Security Executive Agent shall ensure that, on average, review of each appeal filed under this subsection is completed not later than 180 days after the date on which the appeal is filed.
“(A) IN GENERAL.—If, in the course of reviewing under this subsection a decision of an agency under subsection (b), the panel established under paragraph (1) decides that there is sufficient evidence of a violation of section 801A(b) to merit a new hearing or decides that the decision of the agency was the result of an improperly conducted review under subsection (b), the panel shall vacate the decision made under subsection (b) and remand to the agency by which the covered person shall be eligible for a new appeal under subsection (b).
“(B) WRITTEN DECISIONS.—Each decision of the panel established under paragraph (1) shall be in writing and contain a justification of the decision.
“(C) CONSISTENCY.—The panel under paragraph (1) shall ensure that each decision of the panel is consistent with the interests of national security and applicable provisions of law.
“(i) IN GENERAL.—Except as provided in clause (ii), each decision of the panel established under paragraph (1) shall be final.
“(ii) OVERTURN.—The Security Executive Agent may overturn a decision of the panel if, not later than 30 days after the date on which the panel issues the decision, the Security Executive Agent personally exercises the authority granted by this clause to overturn such decision.
“(E) NATURE OF REMANDS.—In remanding a decision under subparagraph (A), the panel established under paragraph (1) may not direct the outcome of any further appeal under subsection (b).
“(F) NOTICE OF DECISIONS.—For each decision of the panel established under paragraph (1) regarding a covered person, the Security Executive Agent shall provide the covered person with a written notice of the decision that includes a detailed description of the reasons for the decision, consistent with the interests of national security and applicable provisions of law.
“(4) REPRESENTATION BY COUNSEL.—
“(A) IN GENERAL.—The Security Executive Agent shall ensure that, under this subsection, a covered person appealing a decision under subsection (b) has an opportunity to retain counsel or other representation at the covered person’s expense.
“(B) ACCESS TO CLASSIFIED INFORMATION.—
“(i) IN GENERAL.—Upon the request of the covered person and a showing that the ability to review classified information is essential to the resolution of an appeal under this subsection, the Security Executive Agent shall sponsor an application by the counsel or other representation retained under this paragraph for access to classified information for the limited purposes of such appeal.
“(ii) EXTENT OF ACCESS.—Counsel or another representative who is cleared for access under this subparagraph may be afforded access to relevant classified materials to the extent consistent with the interests of national security.
“(5) ACCESS TO DOCUMENTS AND EMPLOYEES.—
“(A) AFFORDING ACCESS TO MEMBERS OF PANEL.—The Security Executive Agent shall afford access to classified information to the members of the panel established under paragraph (1)(A) as the Security Executive Agent determines—
“(i) necessary for the panel to review a decision described in such paragraph; and
“(ii) consistent with the interests of national security.
“(B) AGENCY COMPLIANCE WITH REQUESTS OF PANEL.—Each head of an agency shall comply with each request by the panel for a document and each request by the panel for access to employees of the agency necessary for the review of an appeal under this subsection, to the degree that doing so is, as determined by the head of the agency and permitted by applicable provisions of law, consistent with the interests of national security.
“(6) PUBLICATION OF DECISIONS.—
“(A) IN GENERAL.—For each final decision on an appeal under this subsection, the head of the agency with respect to which the appeal pertains and the Security Executive Agent shall each publish the decision, consistent with the interests of national security.
“(B) REQUIREMENTS.—In order to ensure transparency, oversight by Congress, and meaningful information for those who need to understand how the clearance process works, each publication under subparagraph (A) shall be—
“(i) made in a manner that is consistent with section 552 of title 5, United States Code, as amended by the Electronic Freedom of Information Act Amendments of 1996 (Public Law 104–231);
“(ii) published to explain the facts of the case, redacting personally identifiable information and sensitive program information; and
“(iii) made available on a website that is searchable by members of the public.
“(d) Period of time for the right to appeal.—
“(1) IN GENERAL.—Except as provided in paragraph (2), any covered person who has been the subject of a decision made by the head of an agency to deny or revoke eligibility for access to classified information shall retain all rights to appeal under this section until the conclusion of the appeal process under this section.
“(A) PERSONS.—Any covered person may voluntarily waive the covered person's right to appeal under this section and such waiver shall be conclusive.
“(B) AGENCIES.—The head of an agency may not require a covered person to waive the covered person's right to appeal under this section for any reason.
“(e) Waiver of availability of procedures for national security interest.—
“(1) IN GENERAL.—If the head of an agency determines that a procedure established under this section cannot be made available to a covered person in an exceptional case without damaging a national security interest of the United States by revealing classified information, such procedure shall not be made available to such covered person.
“(2) FINALITY.—A determination under paragraph (1) shall be final and conclusive and may not be reviewed by any other official or by any court.
“(i) IN GENERAL.—In each case in which the head of an agency determines under paragraph (1) that a procedure established under this section cannot be made available to a covered person, the head shall, not later than 30 days after the date on which the head makes such determination, submit to the Security Executive Agent and to the congressional intelligence committees a report stating the reasons for the determination.
“(ii) FORM.—A report submitted under clause (i) may be submitted in classified form as necessary.
“(i) IN GENERAL.—Not less frequently than once each fiscal year, the Security Executive Agent shall submit to the congressional intelligence committees a report on the determinations made under paragraph (1) during the previous fiscal year.
“(ii) CONTENTS.—Each report submitted under clause (i) shall include, for the period covered by the report, the following:
“(I) The number of cases and reasons for determinations made under paragraph (1), disaggregated by agency.
“(II) Such other matters as the Security Executive Agent considers appropriate.
“(f) Denials and revocations under other provisions of law.—
“(1) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to limit or affect the responsibility and power of the head of an agency to deny or revoke eligibility for access to classified information in the interest of national security.
“(2) DENIALS AND REVOCATION.—The power and responsibility to deny or revoke eligibility for access to classified information pursuant to any other provision of law or Executive order may be exercised only when the head of an agency determines that an applicable process established under this section cannot be invoked in a manner that is consistent with national security.
“(3) FINALITY.—A determination under paragraph (2) shall be final and conclusive and may not be reviewed by any other official or by any court.
“(i) IN GENERAL.—In each case in which the head of an agency determines under paragraph (2) that determination relating to a denial or revocation of eligibility for access to classified information could not be made pursuant to a process established under this section, the head shall, not later than 30 days after the date on which the head makes such determination under paragraph (2), submit to the Security Executive Agent and to the congressional intelligence committees a report stating the reasons for the determination.
“(ii) FORM.—A report submitted under clause (i) may be submitted in classified form as necessary.
“(i) IN GENERAL.—Not less frequently than once each fiscal year, the Security Executive Agent shall submit to the congressional intelligence committees a report on the determinations made under paragraph (2) during the previous fiscal year.
“(ii) CONTENTS.—Each report submitted under clause (i) shall include, for the period covered by the report, the following:
“(I) The number of cases and reasons for determinations made under paragraph (2), disaggregated by agency.
“(II) Such other matters as the Security Executive Agent considers appropriate.
“(g) Relationship to suitability.—No person may use a determination of suitability under part 731 of title 5, Code of Federal Regulations, or successor regulation, for the purpose of denying a covered person the review proceedings of this section where there has been a denial or revocation of eligibility for access to classified information.
“(h) Preservation of roles and responsibilities under Executive Order 10865 and of the Defense Office of Hearings and Appeals.—Nothing in this section shall be construed to diminish or otherwise affect the procedures in effect on the day before the date of the enactment of this Act for denial and revocation procedures provided to individuals by Executive Order 10865 (50 U.S.C. 3161 note; relating to safeguarding classified information within industry), or successor order, including those administered through the Defense Office of Hearings and Appeals of the Department of Defense under Department of Defense Directive 5220.6, or successor directive.
“(i) Rule of construction relating to certain other provisions of law.—This section and the processes and procedures established under this section shall not be construed to apply to paragraphs (6) and (7) of section 3001(j) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)).”.
(2) CLERICAL AMENDMENT.—The table of contents in the matter preceding section 2 of the National Security Act of 1947 (50 U.S.C. 3002), as amended by subsection (c), is further amended by inserting after the item relating to section 801A the following:
“Sec. 801B. Right to appeal.”.
(a) Limitation.—Neither the Secretary of Defense nor the Director of National Intelligence may commence any activity to transfer the National Intelligence University out of the Defense Intelligence Agency until the Secretary and the Director jointly certify each of the following:
(1) The National Intelligence University has positively adjudicated its warning from the Middle States Commission on Higher Education and had its regional accreditation fully restored.
(2) The National Intelligence University will serve as the exclusive means by which advanced intelligence education is provided to personnel of the Department of Defense.
(3) Military personnel will receive joint professional military education from a National Intelligence University location at a non-Department of Defense agency.
(4) The Department of Education will allow the Office of the Director of National Intelligence to grant advanced educational degrees.
(5) A governance model jointly led by the Director and the Secretary of Defense is in place for the National Intelligence University.
(1) DEFINITION OF APPROPRIATE COMMITTEES OF CONGRESS.—In this subsection, the term “appropriate committees of Congress” means—
(A) the congressional intelligence committees;
(B) the Committee on Armed Services of the Senate; and
(C) the Committee on Armed Services of the House of Representatives.
(2) IN GENERAL.—Before commencing any activity to transfer the National Intelligence University out of the Defense Intelligence Agency, the Secretary of Defense and the Director of National Intelligence shall jointly submit to the appropriate committees of Congress an estimate of the direct and indirect costs of operating the National Intelligence University and the costs of transferring the National Intelligence University to another agency.
(3) CONTENTS.—The estimate submitted under paragraph (2) shall include all indirect costs, including with respect to human resources, security, facilities, and information technology.
(a) Definition of Security Executive Agent.—In this section, the term “Security Executive Agent” means the officer serving as the Security Executive Agent pursuant to section 803 of the National Security Act of 1947, as added by section 605 of division B.
(b) Policy required.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent shall issue a policy that requires the head of each Federal agency to create, not later than December 31, 2023, an electronic portal that can be used by human resources personnel and applicants for security clearances to view information about the status of an application for a security clearance and the average time required for each phase of the security clearance process.
(a) Definitions.—In this section:
(1) APPROPRIATE INDUSTRY PARTNER.—The term “appropriate industry partner” means a contractor, licensee, or grantee (as defined in section 101(a) of Executive Order 12829 (50 U.S.C. 3161 note; relating to National Industrial Security Program), as in effect on the day before the date of the enactment of this Act) that is participating in the National Industrial Security Program established by such Executive Order.
(2) SECURITY EXECUTIVE AGENT.—The term “Security Executive Agent” means the officer serving as the Security Executive Agent pursuant to section 803 of the National Security Act of 1947, as added by section 605 of division B.
(b) Sharing of policies and plans required.—Each head of a Federal agency shall share policies and plans relating to security clearances with appropriate industry partners directly affected by such policies and plans in a manner consistent with the protection of national security as well as the goals and objectives of the National Industrial Security Program administered pursuant to Executive Order 12829 (50 U.S.C. 3161 note; relating to the National Industrial Security Program).
(c) Development of policies and procedures required.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Director of the National Industrial Security Program shall jointly develop policies and procedures by which appropriate industry partners with proper security clearances and a need to know can have appropriate access to the policies and plans shared pursuant to subsection (b) that directly affect those industry partners.
In this subtitle:
(1) WHISTLEBLOWER.—The term “whistleblower” means a person who makes a whistleblower disclosure.
(2) WHISTLEBLOWER DISCLOSURE.—The term “whistleblower disclosure” means a disclosure that is protected under section 1104 of the National Security Act of 1947 (50 U.S.C. 3234) or section 3001(j)(1) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)).
(a) Authority to convene external review panels.—
(1) IN GENERAL.—Title XI of the National Security Act of 1947 (50 U.S.C. 3231 et seq.) is amended by adding at the end the following new section:
“SEC. 1105. Inspector General external review panel.
“(a) Request for review.—An individual with a claim described in subsection (b) may submit to the Inspector General of the Intelligence Community a request for a review of such claim by an external review panel convened under subsection (c).
“(b) Claims and individuals described.—A claim described in this subsection is any—
“(A) that the individual has been subjected to a personnel action that is prohibited under section 1104; and
“(B) who has exhausted the applicable review process for the claim pursuant to enforcement of such section; or
“(A) that he or she has been subjected to a reprisal prohibited by paragraph (1) of section 3001(j) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)); and
“(B) who received a decision on an appeal regarding that claim under paragraph (4) of such section.
“(c) External review panel convened.—
“(1) DISCRETION TO CONVENE.—Upon receipt of a request under subsection (a) regarding a claim, the Inspector General of the Intelligence Community may, at the discretion of the Inspector General, convene an external review panel under this subsection to review the claim.
“(A) COMPOSITION.—An external review panel convened under this subsection shall be composed of three members as follows:
“(i) The Inspector General of the Intelligence Community.
“(ii) Except as provided in subparagraph (B), two members selected by the Inspector General as the Inspector General considers appropriate on a case-by-case basis from among inspectors general of the following:
“(I) The Department of Defense.
“(II) The Department of Energy.
“(III) The Department of Homeland Security.
“(IV) The Department of Justice.
“(V) The Department of State.
“(VI) The Department of the Treasury.
“(VII) The Central Intelligence Agency.
“(VIII) The Defense Intelligence Agency.
“(IX) The National Geospatial-Intelligence Agency.
“(X) The National Reconnaissance Office.
“(XI) The National Security Agency.
“(B) LIMITATION.—An inspector general of an agency may not be selected to sit on the panel under subparagraph (A)(ii) to review any matter relating to a decision made by such agency.
“(i) IN GENERAL.—Except as provided in clause (ii), the chairperson of any panel convened under this subsection shall be the Inspector General of the Intelligence Community.
“(ii) CONFLICTS OF INTEREST.—If the Inspector General of the Intelligence Community finds cause to recuse himself or herself from a panel convened under this subsection, the Inspector General of the Intelligence Community shall—
“(I) select a chairperson from inspectors general of the elements listed under subparagraph (A)(ii) whom the Inspector General of the Intelligence Community considers appropriate; and
“(II) notify the congressional intelligence committees of such selection.
“(3) PERIOD OF REVIEW.—Each external review panel convened under this subsection to review a claim shall complete review of the claim no later than 270 days after the date on which the Inspector General convenes the external review panel.
“(1) PANEL RECOMMENDATIONS.—If an external review panel convened under subsection (c) determines, pursuant to a review of a claim submitted by an individual under subsection (a), that the individual was the subject of a personnel action prohibited under section 1104 or was subjected to a reprisal prohibited by section 3001(j)(1) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)(1)), the panel may recommend that the agency head take corrective action—
“(A) in the case of an employee or former employee—
“(i) to return the employee or former employee, as nearly as practicable and reasonable, to the position such employee or former employee would have held had the reprisal not occurred; or
“(ii) reconsider the employee's or former employee's eligibility for access to classified information consistent with national security; or
“(B) in any other case, such other action as the external review panel considers appropriate.
“(A) IN GENERAL.—Not later than 90 days after the date on which the head of an agency receives a recommendation from an external review panel under paragraph (1), the head shall—
“(i) give full consideration to such recommendation; and
“(ii) inform the panel and the Director of National Intelligence of what action the head has taken with respect to the recommendation.
“(B) FAILURE TO INFORM.—The Director shall notify the President of any failures to comply with subparagraph (A)(ii).
“(1) IN GENERAL.—Not less frequently than once each year, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees and the Director of National Intelligence a report on the activities under this section during the previous year.
“(2) CONTENTS.—Subject to such limitations as the Inspector General of the Intelligence Community considers necessary to protect the privacy of an individual who has made a claim described in subsection (b), each report submitted under paragraph (1) shall include, for the period covered by the report, the following:
“(A) The determinations and recommendations made by the external review panels convened under this section.
“(B) The responses of the heads of agencies that received recommendations from the external review panels.”.
(2) TABLE OF CONTENTS AMENDMENT.—The table of contents in the first section of the National Security Act of 1947 is amended by adding at the end the following new item:
“Sec. 1105. Inspector General external review panel.”.
(b) Recommendation on addressing whistleblower appeals relating to reprisal complaints against inspectors general.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a recommendation on how to ensure that—
(A) a whistleblower in the intelligence community who has a complaint against an inspector general in the intelligence community and who alleges a reprisal, has available the agency adjudication and appellate review provided under section 1104 of the National Security Act of 1947 (50 U.S.C. 3234); and
(B) any such whistleblower who has exhausted the applicable review process may request an external review panel and receive one, at the discretion of the Inspector General of the Intelligence Community.
(2) CONTENTS.—The recommendation submitted pursuant to paragraph (1) shall include the following:
(A) A discussion of whether and to what degree section 1105 of the National Security Act of 1947, as added by subsection (a)(1), provides appropriate authorities and mechanisms to provide an external review panel as described in paragraph (1) of this subsection and for the purposes described in such paragraph.
(B) Such recommendations for legislative or administrative action as the Inspector General may have with respect to providing an external review panel as described in paragraph (1) and for the purposes described in such paragraph.
(a) In general.—Not later than 270 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community, in coordination with the Intelligence Community Inspectors General Forum, shall develop recommendations, applicable to all inspectors general of elements of the intelligence community, regarding the harmonization of instructions, policies, and directives relating to processes, procedures, and timelines for claims and appeals relating to allegations of personnel actions prohibited under section 1104 of the National Security Act of 1947 or reprisals prohibited by section 3001(j)(1) of the Intelligence Reform and Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)(1)).
(b) Transparency and protection.—In developing recommendations under subsection (a), the Inspector General of the Intelligence Community shall make efforts to maximize transparency and protect whistleblowers.
(1) IN GENERAL.—Not later than 1 year after the date of the enactment of this Act, the Inspector General of the Intelligence Community, in consultation with the Intelligence Community Inspectors General Forum, shall complete a feasibility study on establishing a hotline whereby all complaints of whistleblowers relating to the intelligence community are automatically referred to the Inspector General of the Intelligence Community.
(2) ELEMENTS.—The feasibility study conducted pursuant to paragraph (1) shall include the following:
(A) The anticipated number of annual whistleblower complaints received by all elements of the intelligence community.
(B) The additional resources required to implement the hotline, including personnel and technology.
(C) The resulting budgetary effects.
(D) Findings from the system established pursuant to subsection (b).
(b) Oversight system required.—Not later than 180 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall establish a system whereby the Inspector General is provided, in near real time, the following:
(1) All information relating to complaints by whistleblowers relating to the programs and activities under the jurisdiction of the Director of National Intelligence.
(2) Any inspector general actions relating to such complaints.
(1) POLICIES AND PROCEDURES REQUIRED.—Before establishing the system required by subsection (b), the Inspector General of the Intelligence Community shall establish policies and procedures to protect the privacy of whistleblowers and protect against further dissemination of whistleblower information without consent of the whistleblower.
(2) CONTROL OF DISTRIBUTION.—The system established under subsection (b) shall provide whistleblowers the option of prohibiting distribution of their complaints to the Inspector General of the Intelligence Community.
(a) Report required.—Not later than 1 year after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a report on access to cleared attorneys by whistleblowers in the intelligence community.
(b) Contents.—The report submitted pursuant to subsection (a) shall include the following:
(1) The number of whistleblowers in the intelligence community who sought to retain a cleared attorney and at what stage they sought such an attorney.
(2) For the 3-year period preceding the report, the following:
(A) The number of limited security agreements (LSAs).
(B) The scope and clearance levels of such limited security agreements.
(C) The number of whistleblowers represented by cleared counsel.
(3) Recommendations for legislative or administrative action to ensure that whistleblowers in the intelligence community have access to cleared attorneys, including improvements to the limited security agreement process and such other options as the Inspector General of the Intelligence Community considers appropriate.
(c) Survey.—The Inspector General of the Intelligence Community shall ensure that the report submitted under subsection (a) is based on—
(1) data from a survey of whistleblowers whose claims are reported to the Inspector General of the Intelligence Community by means of the oversight system established pursuant to section 324;
(2) information obtained from the inspectors general of the intelligence community; or
(3) information from such other sources as may be identified by the Inspector General of the Intelligence Community.
(a) Study.—The Director of National Intelligence, in coordination with the Secretary of Defense and the Secretary of State, shall conduct a study of matters relating to the foreign employment of former personnel of the intelligence community.
(b) Elements.—The study conducted pursuant to subsection (a) shall address the following:
(1) Issues that pertain to former employees of the intelligence community working with, or in support of, foreign governments, and the nature and scope of those concerns.
(2) Such legislative or administrative action as may be necessary for both front-end screening and in-progress oversight by the Director of Defense Trade Controls of licenses issued by the Director for former employees of the intelligence community working for foreign governments.
(3) How increased requirements could be imposed for periodic compliance reporting when licenses are granted for companies or organizations that employ former personnel of the intelligence community to execute contracts with foreign governments.
(1) DEFINITION OF APPROPRIATE COMMITTEES OF CONGRESS.—In this subsection, the term “appropriate committees of Congress” means—
(A) the congressional intelligence committees;
(B) the Committee on Armed Services and the Committee on Foreign Relations of the Senate; and
(C) the Committee on Armed Services and the Committee on Foreign Affairs of the House of Representatives.
(2) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the appropriate committees of Congress—
(A) a report on the findings of the Director with respect to the study conducted pursuant to subsection (a); and
(B) a plan to carry out such administrative actions as the Director considers appropriate pursuant to the findings described in subparagraph (A).
(a) Assessment required.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Director of the National Counterintelligence and Security Center, the Director of the Federal Bureau of Investigation, the Director of the Central Intelligence Agency, the Secretary of the Treasury, and the heads of such other Federal agencies as the Director of National Intelligence considers appropriate, shall submit to the congressional intelligence committees a comprehensive economic assessment of investment in key United States technologies, including emerging technologies, by companies or organizations linked to China, including the implications of these investments for the national security of the United States.
(b) Form of assessment.—The assessment submitted under subsection (a) shall be submitted in unclassified form, but may include a classified annex.
(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall, in coordination with the heads of such elements of the intelligence community as the Director considers appropriate—
(A) complete a comprehensive analysis of the major initiatives of the intelligence community in artificial intelligence and machine learning; and
(B) submit to the congressional intelligence committees a report on the findings of the Director with respect to the analysis conducted pursuant to subparagraph (A).
(2) ELEMENTS.—The analysis conducted under paragraph (1)(A) shall include analyses of how the initiatives described in such paragraph—
(A) correspond with the strategy of the intelligence community entitled “Augmenting Intelligence Using Machines”;
(B) complement each other and avoid unnecessary duplication;
(C) are coordinated with the efforts of the Defense Department on artificial intelligence, including efforts at the Joint Artificial Intelligence Center (JAIC) and Project Maven; and
(D) leverage advances in artificial intelligence and machine learning in the private sector.
(b) Periodic briefings.—Not later than 30 days after the date of the enactment of this Act, not less frequently than twice each year thereafter until the date that is 2 years after the date of the enactment of this Act, and not less frequently than once each year thereafter until the date that is 7 years after the date of the enactment of this Act, the Director and the Chief Information Officer of the Department of Defense shall jointly provide to the congressional intelligence committees and congressional defense committees (as defined in section 101 of title 10, United States Code) briefings with updates on activities relating to, and the progress of, their respective artificial intelligence and machine learning initiatives, particularly the Augmenting Intelligence Using Machines initiative and the Joint Artificial Intelligence Center.
(a) Findings.—Congress makes the following findings:
(1) The Russian Federation, through military intelligence units, also known as the “GRU”, and Kremlin-linked troll organizations often referred to as the “Internet Research Agency”, deploy information warfare operations against the United States, its allies and partners, with the goal of advancing the strategic interests of the Russian Federation.
(2) One line of effort deployed as part of these information warfare operations is the weaponization of social media platforms with the goals of intensifying societal tensions, undermining trust in governmental institutions within the United States, its allies and partners in the West, and generally sowing division, fear, and confusion.
(3) These information warfare operations are a threat to the national security of the United States and that of the allies and partners of the United States. As Director of National Intelligence Dan Coats stated, “These actions are persistent, they are pervasive and they are meant to undermine America’s democracy.”.
(4) These information warfare operations continue to evolve and increase in sophistication.
(5) Other foreign adversaries and hostile non-state actors will increasingly adopt similar tactics of deploying information warfare operations against the West.
(6) Technological advances, including artificial intelligence, will only make it more difficult in the future to detect fraudulent accounts, deceptive material posted on social media, and malign behavior on social media platforms.
(7) Because these information warfare operations are deployed within and across private social media platforms, the companies that own these platforms have a responsibility to detect and remove foreign adversary networks operating clandestinely on their platforms.
(8) The social media companies are inherently technologically sophisticated and adept at rapidly analyzing large amounts of data and developing software-based solutions to diverse and ever-changing challenges on their platforms, which makes them well-equipped to address the threat occurring on their platforms.
(9) Independent analyses confirmed Kremlin-linked threat networks, based on data provided by several social media companies to the Select Committee on Intelligence of the Senate, thereby demonstrating that it is possible to discern both broad patterns of cross-platform information warfare operations and specific fraudulent behavior on social media platforms.
(10) General Paul Nakasone, Director of the National Security Agency, emphasized the importance of these independent analyses to the planning and conduct of military cyber operations to frustrate Kremlin-linked information warfare operations against the 2018 mid-term elections. General Nakasone stated that the reports “were very, very helpful in terms of being able to understand exactly what our adversary was trying to do to build dissent within our nation.”.
(11) Institutionalizing ongoing robust, independent, and vigorous analysis of data related to foreign threat networks within and across social media platforms will help counter ongoing information warfare operations against the United States, its allies, and its partners.
(12) Archiving and disclosing to the public the results of these analyses by the social media companies and trusted third-party experts in a transparent manner will serve to demonstrate that the social media companies are detecting and removing foreign malign activities from their platforms while protecting the privacy of the people of the United States and will build public understanding of the scale and scope of these foreign threats to our democracy, since exposure is one of the most effective means to build resilience.
(b) Sense of the Senate.—It is the sense of the Senate that—
(1) the social media companies should cooperate among themselves and with independent organizations and researchers on a sustained and regular basis to share and analyze data and indicators relevant to foreign information warfare operations within and across their platforms in order to detect and counter foreign information warfare operations that threaten the national security of the United States and its allies and partners;
(2) these analytic efforts should be organized in such a fashion as to meet the highest standards of ethics, confidentiality, and privacy protection of the people of the United States;
(3) these analytic efforts should be undertaken as soon as possible to facilitate countering ongoing Kremlin, Kremlin-linked, and other foreign information warfare operations and to aid in preparations for the United States presidential and congressional elections in 2020 and beyond;
(4) the structure and operations of social media companies make them well positioned to address foreign adversary threat networks within and across their platforms, and these efforts could be conducted without direct Government involvement, direction, or regulation; and
(5) if the social media industry fails to take sufficient action to address foreign adversary threat networks operating within or across their platforms, Congress would have to consider additional safeguards for ensuring that this threat is effectively mitigated.
(c) Authority to facilitate establishment of Social Media Data Analysis Center.—
(1) AUTHORITY.—The Director of National Intelligence, in coordination with the Secretary of Defense, may facilitate, by grant or contract or under an existing authority of the Director, the establishment of a Social Media Data Analysis Center with the functions described in paragraph (2) at an independent, nonprofit organization.
(2) FUNCTIONS.—The functions described in this paragraph are the following:
(A) Acting as a convening and sponsoring authority for cooperative social media data analysis of foreign threat networks involving social media companies and third-party experts, nongovernmental organizations, data journalists, federally funded research and development centers, and academic researchers.
(B) Facilitating analysis within and across the individual social media platforms for the purpose of detecting, exposing, and countering clandestine foreign influence operations and related unlawful activities that fund or subsidize such operations.
(C) Developing processes to share information from government entities on foreign influence operations with the individual social media companies to inform threat analysis, and working with the Office of the Director of National Intelligence as appropriate.
(D) Determining and making public criteria for identifying which companies, organizations, or researchers qualify for inclusion in the activities of the Center, and inviting entities that fit the criteria to join.
(E) Determining jointly with the social media companies what data and metadata related to indicators of foreign adversary threat networks from their platforms and business operations will be made available for access and analysis.
(F) Developing and making public the criteria and standards that must be met for companies, other organizations, and individual researchers to access and analyze data relating to foreign adversary threat networks within and across social media platforms and publish or otherwise use the results.
(G) Developing and making public the ethical standards for investigation of foreign threat networks and use of analytic results and for protection of the privacy of the customers and users of the social media platforms and of the proprietary information of the social media companies.
(H) Developing technical, contractual, and procedural controls to prevent misuse of data, including any necessary auditing procedures, compliance checks, and review mechanisms.
(I) Developing and making public criteria and conditions under which the Center shall share information with the appropriate Government agencies regarding threats to national security from, or violations of the law involving, foreign activities on social media platforms.
(J) Developing a searchable, public archive aggregating information related to foreign influence and disinformation operations to build a collective understanding of the threats and facilitate future examination consistent with privacy protections.
(d) Reporting and notifications.—If the Director of National Intelligence chooses to use funds under subsection (c)(1) to facilitate the establishment of the Center, the Director of the Center shall—
(1) not later than March 1, 2020, submit to Congress a report on—
(A) the estimated funding needs of the Center for fiscal year 2021 and for subsequent years;
(B) such statutory protections from liability as the Director considers necessary for the Center, participating social media companies, and participating third-party analytical participants;
(C) such statutory penalties as the Director considers necessary to ensure against misuse of data by researchers; and
(D) such changes to the Center’s mission to fully capture broader unlawful activities that intersect with, complement, or support information warfare tactics; and
(2) not less frequently than once each year, submit to the Director of National Intelligence, the Secretary of Defense, and the appropriate congressional committees a report—
(i) degree of cooperation and commitment from the social media companies to the mission of the Center; and
(ii) effectiveness of the Center in detecting and removing clandestine foreign information warfare operations from social media platforms; and
(B) includes such recommendations for legislative or administrative action as the Center considers appropriate to carry out the functions of the Center.
(e) Periodic reporting to the public.—The Director of the Center shall—
(1) once each quarter, make available to the public a report on key trends in foreign influence and disinformation operations, including any threats to campaigns and elections, to inform the public of the United States; and
(2) as the Director considers necessary, provide more timely assessments relating to ongoing disinformation campaigns.
(f) Funding.—Of the amounts appropriated or otherwise made available to the National Intelligence Program (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)) in fiscal year 2020 and 2021, the Director of National Intelligence may use up to $30,000,000 to carry out this section.
(g) Definition of appropriate congressional committees.—In this section, the term “appropriate congressional committees” means—
(1) the Committee on Armed Services of the Senate;
(2) the Committee on Homeland Security and Governmental Affairs of the Senate;
(3) the Committee on Foreign Relations of the Senate;
(4) the Committee on the Judiciary of the Senate;
(5) the Select Committee on Intelligence of the Senate;
(6) the Committee on Armed Services of the House of Representatives;
(7) the Committee on Homeland Security of the House of Representatives;
(8) the Committee on Foreign Affairs of the House of Representatives;
(9) the Committee on the Judiciary of the House of Representatives; and
(10) the Permanent Select Committee on Intelligence of the House of Representatives.
(a) Definitions.—In this section:
(1) COVERED INSTITUTION OF HIGHER EDUCATION.—The term “covered institution of higher education” means an institution described in section 102 of the Higher Education Act of 1965 (20 U.S.C. 1002) that receives Federal funds in any amount and for any purpose.
(2) SENSITIVE RESEARCH SUBJECT.—The term “sensitive research subject” means a subject of research that is carried out at a covered institution of higher education that receives funds that were appropriated for—
(A) the National Intelligence Program; or
(B) any Federal agency the Director of National Intelligence deems appropriate.
(b) Report required.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once each year thereafter, the Director of National Intelligence, in consultation with such elements of the intelligence community as the Director considers appropriate and consistent with the privacy protections afforded to United States persons, shall submit to congressional intelligence committees a report on risks to sensitive research subjects posed by foreign entities in order to provide Congress and covered institutions of higher education with more complete information on these risks and to help ensure academic freedom.
(c) Contents.—The report required by subsection (b) shall include the following:
(1) A list of sensitive research subjects that could affect national security.
(2) A list of foreign entities, including governments, corporations, nonprofit organizations and for-profit organizations, and any subsidiary or affiliate of such an entity, that the Director determines pose a counterintelligence, espionage (including economic espionage), or other national security threats with respect to sensitive research subjects.
(3) A list of any known or suspected attempts by foreign entities to exert pressure on covered institutions of higher education, including attempts to limit freedom of speech, propagate misinformation or disinformation, or to influence professors, researchers, or students.
(4) Recommendations for collaboration between covered institutions of higher education and the intelligence community to mitigate threats to sensitive research subjects associated with foreign influence in academia, including any necessary legislative or administrative action.
(d) Congressional notifications required.—Not later than 30 days after the date on which the Director identifies a change to either list described in paragraph (1) or (2) of subsection (c), the Director shall notify the congressional intelligence committees of the change.
(a) Report required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report on—
(1) the threat to United States national security posed by the global and regional adoption of fifth-generation (5G) wireless network technology built by foreign companies; and
(2) the effect of possible efforts to mitigate the threat.
(b) Contents.—The report required by subsection (a) shall include:
(1) The timeline and scale of global and regional adoption of foreign fifth-generation wireless network technology.
(2) The implications of such global and regional adoption on the cyber and espionage threat to the United States and United States interests as well as to United States cyber and collection capabilities.
(3) The effect of possible mitigation efforts, including:
(A) United States Government policy promoting the use of strong, end-to-end encryption for data transmitted over fifth-generation wireless networks.
(B) United States Government policy promoting or funding free, open-source implementation of fifth-generation wireless network technology.
(C) United States Government subsidies or incentives that could be used to promote the adoption of secure fifth-generation wireless network technology developed by companies of the United States or companies of allies of the United States.
(D) United States Government strategy to reduce foreign influence and political pressure in international standard-setting bodies.
(c) Form.—The report submitted under subsection (a) shall be submitted in unclassified form to the greatest extent practicable, but may include a classified appendix if necessary.
(a) Annual report required.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once each year thereafter, the Comptroller General of the United States shall submit to the congressional intelligence committees a report on cybersecurity and surveillance threats to Congress.
(b) Statistics.—Each report submitted under subsection (a) shall include statistics on cyber attacks and other incidents of espionage or surveillance targeted against Senators or the immediate families or staff of the Senators, in which the nonpublic communications and other private information of such targeted individuals were lost, stolen, or otherwise subject to unauthorized access by criminals or a foreign government.
(c) Consultation.—In preparing a report to be submitted under subsection (a), the Comptroller General shall consult with the Director of National Intelligence, the Secretary of Homeland Security, and the Sergeant at Arms and Doorkeeper of the Senate.
(a) Assessments required.—Not later than 45 days after the conclusion of a United States election, the Director of National Intelligence, in consultation with the heads of such other executive departments and agencies as the Director considers appropriate, shall—
(1) conduct an assessment of any information indicating that a foreign government, or any person acting as an agent of or on behalf of a foreign government, has acted with the intent or purpose of interfering in that election; and
(2) transmit the findings of the Director with respect to the assessment conducted under paragraph (1), along with such supporting information as the Director considers appropriate, to the following:
(A) The President.
(B) The Secretary of State.
(C) The Secretary of the Treasury.
(D) The Secretary of Defense.
(E) The Attorney General.
(F) The Secretary of Homeland Security.
(G) Congress.
(b) Elements.—An assessment conducted under subsection (a)(1), with respect to an act described in such subsection, shall identify, to the maximum extent ascertainable, the following:
(1) The nature of any foreign interference and any methods employed to execute the act.
(2) The persons involved.
(3) The foreign government or governments that authorized, directed, sponsored, or supported the act.
(c) Publication.—In a case in which the Director conducts an assessment under subsection (a)(1) with respect to an election, the Director shall, as soon as practicable after the date of the conclusion of such election and not later than 60 days after the date of such conclusion, make available to the public, to the greatest extent possible consistent with the protection of sources and methods, the findings transmitted under subsection (a)(2).
(a) Study required.—Not later than 180 days after the date of the enactment of this Act, the Director of the National Geospatial-Intelligence Agency shall complete a study on the feasibility and advisability of establishing a Geospatial-Intelligence Museum and learning center.
(b) Elements.—The study required by subsection (a) shall include the following:
(1) Identifying the costs, opportunities, and challenges of establishing the museum and learning center as described in such subsection.
(2) Developing recommendations concerning such establishment.
(3) Identifying and reviewing lessons learned from the establishment of the Cyber Center for Education and Innovation-Home of the National Cryptologic Museum under section 7781(a) of title 10, United States Code.
(c) Report.—Not later than 180 days after the date of the enactment of this Act, the Director shall submit to the congressional intelligence committees and the congressional defense committees (as defined in section 101 of title 10, United States Code) a report on the findings of the Director with respect to the study completed under subsection (a).
(a) In general.—Not later than 30 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to Congress a report on the death of Jamal Khashoggi, consistent with protecting sources and methods. Such report shall include identification of those who carried out, participated in, ordered, or were otherwise complicit in or responsible for the death of Jamal Khashoggi.
(b) Form.—The report submitted under subsection (a) shall be submitted in unclassified form.
(a) Fiscal year 2019.—Funds are hereby authorized to be appropriated for fiscal year 2019 for the conduct of the intelligence and intelligence-related activities of the following elements of the United States Government:
(1) The Office of the Director of National Intelligence.
(2) The Central Intelligence Agency.
(3) The Department of Defense.
(4) The Defense Intelligence Agency.
(5) The National Security Agency.
(6) The Department of the Army, the Department of the Navy, and the Department of the Air Force.
(7) The Coast Guard.
(8) The Department of State.
(9) The Department of the Treasury.
(10) The Department of Energy.
(11) The Department of Justice.
(12) The Federal Bureau of Investigation.
(13) The Drug Enforcement Administration.
(14) The National Reconnaissance Office.
(15) The National Geospatial-Intelligence Agency.
(16) The Department of Homeland Security.
(b) Fiscal year 2018.—Funds that were appropriated for fiscal year 2018 for the conduct of the intelligence and intelligence-related activities of the elements of the United States set forth in subsection (a) are hereby authorized.
(a) Specifications of amounts.—The amounts authorized to be appropriated under section 101 for the conduct of the intelligence activities of the elements listed in paragraphs (1) through (16) of section 101, are those specified in the classified Schedule of Authorizations prepared to accompany this division.
(b) Availability of classified schedule of authorizations.—
(1) AVAILABILITY.—The classified Schedule of Authorizations referred to in subsection (a) shall be made available to the Committee on Appropriations of the Senate, the Committee on Appropriations of the House of Representatives, and to the President.
(2) DISTRIBUTION BY THE PRESIDENT.—Subject to paragraph (3), the President shall provide for suitable distribution of the classified Schedule of Authorizations referred to in subsection (a), or of appropriate portions of such Schedule, within the executive branch.
(3) LIMITS ON DISCLOSURE.—The President shall not publicly disclose the classified Schedule of Authorizations or any portion of such Schedule except—
(A) as provided in section 601(a) of the Implementing Recommendations of the 9/11 Commission Act of 2007 (50 U.S.C. 3306(a));
(B) to the extent necessary to implement the budget; or
(C) as otherwise required by law.
(a) Authorization of appropriations.—There is authorized to be appropriated for the Intelligence Community Management Account of the Director of National Intelligence for fiscal year 2019 the sum of $522,424,000.
(b) Classified authorization of appropriations.—In addition to amounts authorized to be appropriated for the Intelligence Community Management Account by subsection (a), there are authorized to be appropriated for the Intelligence Community Management Account for fiscal year 2019 such additional amounts as are specified in the classified Schedule of Authorizations referred to in section 102(a).
There is authorized to be appropriated for the Central Intelligence Agency Retirement and Disability Fund $514,000,000 for fiscal year 2019.
(a) Computation of annuities.—
(1) IN GENERAL.—Section 221 of the Central Intelligence Agency Retirement Act (50 U.S.C. 2031) is amended—
(A) in subsection (a)(3)(B), by striking the period at the end and inserting “, as determined by using the annual rate of basic pay that would be payable for full-time service in that position.”;
(B) in subsection (b)(1)(C)(i), by striking “12-month” and inserting “2-year”;
(C) in subsection (f)(2), by striking “one year” and inserting “two years”;
(D) in subsection (g)(2), by striking “one year” each place such term appears and inserting “two years”;
(E) by redesignating subsections (h), (i), (j), (k), and (l) as subsections (i), (j), (k), (l), and (m), respectively; and
(F) by inserting after subsection (g) the following:
“(h) Conditional election of insurable interest survivor annuity by participants married at the time of retirement.—
“(1) AUTHORITY TO MAKE DESIGNATION.—Subject to the rights of former spouses under subsection (b) and section 222, at the time of retirement a married participant found by the Director to be in good health may elect to receive an annuity reduced in accordance with subsection (f)(1)(B) and designate in writing an individual having an insurable interest in the participant to receive an annuity under the system after the participant's death, except that any such election to provide an insurable interest survivor annuity to the participant's spouse shall only be effective if the participant's spouse waives the spousal right to a survivor annuity under this Act. The amount of the annuity shall be equal to 55 percent of the participant's reduced annuity.
“(2) REDUCTION IN PARTICIPANT'S ANNUITY.—The annuity payable to the participant making such election shall be reduced by 10 percent of an annuity computed under subsection (a) and by an additional 5 percent for each full 5 years the designated individual is younger than the participant. The total reduction under this subparagraph may not exceed 40 percent.
“(3) COMMENCEMENT OF SURVIVOR ANNUITY.—The annuity payable to the designated individual shall begin on the day after the retired participant dies and terminate on the last day of the month before the designated individual dies.
“(4) RECOMPUTATION OF PARTICIPANT'S ANNUITY ON DEATH OF DESIGNATED INDIVIDUAL.—An annuity that is reduced under this subsection shall, effective the first day of the month following the death of the designated individual, be recomputed and paid as if the annuity had not been so reduced.”.
(A) CENTRAL INTELLIGENCE AGENCY RETIREMENT ACT.—The Central Intelligence Agency Retirement Act (50 U.S.C. 2001 et seq.) is amended—
(i) in section 232(b)(1) (50 U.S.C. 2052(b)(1)), by striking “221(h),” and inserting “221(i),”; and
(ii) in section 252(h)(4) (50 U.S.C. 2082(h)(4)), by striking “221(k)” and inserting “221(l)”.
(B) CENTRAL INTELLIGENCE AGENCY ACT OF 1949.—Subsection (a) of section 14 of the Central Intelligence Agency Act of 1949 (50 U.S.C. 3514(a)) is amended by striking “221(h)(2), 221(i), 221(l),” and inserting “221(i)(2), 221(j), 221(m),”.
(b) Annuities for former spouses.—Subparagraph (B) of section 222(b)(5) of the Central Intelligence Agency Retirement Act (50 U.S.C. 2032(b)(5)(B)) is amended by striking “one year” and inserting “two years”.
(c) Prior service credit.—Subparagraph (A) of section 252(b)(3) of the Central Intelligence Agency Retirement Act (50 U.S.C. 2082(b)(3)(A)) is amended by striking “October 1, 1990” both places that term appears and inserting “March 31, 1991”.
(d) Reemployment compensation.—Section 273 of the Central Intelligence Agency Retirement Act (50 U.S.C. 2113) is amended—
(1) by redesignating subsections (b) and (c) as subsections (c) and (d), respectively; and
(2) by inserting after subsection (a) the following:
“(b) Part-Time reemployed annuitants.—The Director shall have the authority to reemploy an annuitant on a part-time basis in accordance with section 8344(l) of title 5, United States Code.”.
(e) Effective date and application.—The amendments made by subsection (a)(1)(A) and subsection (c) shall take effect as if enacted on October 28, 2009, and shall apply to computations or participants, respectively, as of such date.
The authorization of appropriations by this division shall not be deemed to constitute authority for the conduct of any intelligence activity which is not otherwise authorized by the Constitution or the laws of the United States.
Appropriations authorized by this division for salary, pay, retirement, and other benefits for Federal employees may be increased by such additional or supplemental amounts as may be necessary for increases in such compensation or benefits authorized by law.
Section 113B of the National Security Act of 1947 (50 U.S.C. 3049a) is amended—
(1) by amending subsection (a) to read as follows:
“(a) Special rates of pay for positions requiring expertise in science, technology, engineering, or mathematics.—
“(1) IN GENERAL.—Notwithstanding part III of title 5, United States Code, the head of each element of the intelligence community may, for 1 or more categories of positions in such element that require expertise in science, technology, engineering, or mathematics—
“(A) establish higher minimum rates of pay; and
“(B) make corresponding increases in all rates of pay of the pay range for each grade or level, subject to subsection (b) or (c), as applicable.
“(2) TREATMENT.—The special rate supplements resulting from the establishment of higher rates under paragraph (1) shall be basic pay for the same or similar purposes as those specified in section 5305(j) of title 5, United States Code.”;
(2) by redesignating subsections (b) through (f) as subsections (c) through (g), respectively;
(3) by inserting after subsection (a) the following:
“(b) Special rates of pay for cyber positions.—
“(1) IN GENERAL.—Notwithstanding subsection (c), the Director of the National Security Agency may establish a special rate of pay—
“(A) not to exceed the rate of basic pay payable for level II of the Executive Schedule under section 5313 of title 5, United States Code, if the Director certifies to the Under Secretary of Defense for Intelligence, in consultation with the Under Secretary of Defense for Personnel and Readiness, that the rate of pay is for positions that perform functions that execute the cyber mission of the Agency; or
“(B) not to exceed the rate of basic pay payable for the Vice President of the United States under section 104 of title 3, United States Code, if the Director certifies to the Secretary of Defense, by name, individuals that have advanced skills and competencies and that perform critical functions that execute the cyber mission of the Agency.
“(2) PAY LIMITATION.—Employees receiving a special rate under paragraph (1) shall be subject to an aggregate pay limitation that parallels the limitation established in section 5307 of title 5, United States Code, except that—
“(A) any allowance, differential, bonus, award, or other similar cash payment in addition to basic pay that is authorized under title 10, United States Code, (or any other applicable law in addition to title 5 of such Code, excluding the Fair Labor Standards Act of 1938 (29 U.S.C. 201 et seq.)) shall also be counted as part of aggregate compensation; and
“(B) aggregate compensation may not exceed the rate established for the Vice President of the United States under section 104 of title 3, United States Code.
“(3) LIMITATION ON NUMBER OF RECIPIENTS.—The number of individuals who receive basic pay established under paragraph (1)(B) may not exceed 100 at any time.
“(4) LIMITATION ON USE AS COMPARATIVE REFERENCE.—Notwithstanding any other provision of law, special rates of pay and the limitation established under paragraph (1)(B) may not be used as comparative references for the purpose of fixing the rates of basic pay or maximum pay limitations of qualified positions under section 1599f of title 10, United States Code, or section 226 of the Homeland Security Act of 2002 (6 U.S.C. 147).”;
(4) in subsection (c), as redesignated by paragraph (2), by striking “A minimum” and inserting “Except as provided in subsection (b), a minimum”;
(5) in subsection (d), as redesignated by paragraph (2), by inserting “or (b)” after “by subsection (a)”; and
(6) in subsection (g), as redesignated by paragraph (2)—
(A) in paragraph (1), by striking “Not later than 90 days after the date of the enactment of the Intelligence Authorization Act for Fiscal Year 2017” and inserting “Not later than 90 days after the date of the enactment of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020”; and
(B) in paragraph (2)(A), by inserting “or (b)” after “subsection (a)”.
Section 103G(a) of the National Security Act of 1947 (50 U.S.C. 3032(a)) is amended by striking “President” and inserting “Director”.
(a) Review.—The Director of National Intelligence, in coordination with the Director of the Office of Personnel Management, shall conduct a review of positions within the intelligence community regarding the placement of such positions on the Executive Schedule under subchapter II of chapter 53 of title 5, United States Code. In carrying out such review, the Director of National Intelligence, in coordination with the Director of the Office of Personnel Management, shall determine—
(1) the standards under which such review will be conducted;
(2) which positions should or should not be on the Executive Schedule; and
(3) for those positions that should be on the Executive Schedule, the level of the Executive Schedule at which such positions should be placed.
(b) Report.—Not later than 60 days after the date on which the review under subsection (a) is completed, the Director of National Intelligence shall submit to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Oversight and Reform of the House of Representatives an unredacted report describing the standards by which the review was conducted and the outcome of the review.
(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means the following:
(1) The congressional intelligence committees.
(2) The Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate.
(3) The Committee on Armed Services, the Committee on Homeland Security, and the Committee on Oversight and Reform of the House of Representatives.
(b) Requirement to establish.—The Director of National Intelligence shall establish a Supply Chain and Counterintelligence Risk Management Task Force to standardize information sharing between the intelligence community and the acquisition community of the United States Government with respect to the supply chain and counterintelligence risks.
(c) Members.—The Supply Chain and Counterintelligence Risk Management Task Force established under subsection (b) shall be composed of—
(1) a representative of the Defense Security Service of the Department of Defense;
(2) a representative of the General Services Administration;
(3) a representative of the Office of Federal Procurement Policy of the Office of Management and Budget;
(4) a representative of the Department of Homeland Security;
(5) a representative of the Federal Bureau of Investigation;
(6) the Director of the National Counterintelligence and Security Center; and
(7) any other members the Director of National Intelligence determines appropriate.
(d) Security clearances.—Each member of the Supply Chain and Counterintelligence Risk Management Task Force established under subsection (b) shall have a security clearance at the top secret level and be able to access sensitive compartmented information.
(e) Annual report.—The Supply Chain and Counterintelligence Risk Management Task Force established under subsection (b) shall submit to the appropriate congressional committees an annual report that describes the activities of the Task Force during the previous year, including identification of the supply chain and counterintelligence risks shared with the acquisition community of the United States Government by the intelligence community.
Whenever the head of an element of the intelligence community enters into an intelligence sharing agreement with a foreign government or any other foreign entity, the head of the element shall consider the pervasiveness of telecommunications and cybersecurity infrastructure, equipment, and services provided by adversaries of the United States, particularly China and Russia, or entities of such adversaries in the country or region of the foreign government or other foreign entity entering into the agreement.
(a) Definitions.—In this section:
(1) PERSONAL ACCOUNTS.—The term “personal accounts” means accounts for online and telecommunications services, including telephone, residential Internet access, email, text and multimedia messaging, cloud computing, social media, health care, and financial services, used by personnel of the intelligence community outside of the scope of their employment with elements of the intelligence community.
(2) PERSONAL TECHNOLOGY DEVICES.—The term “personal technology devices” means technology devices used by personnel of the intelligence community outside of the scope of their employment with elements of the intelligence community, including networks to which such devices connect.
(b) Authority to provide cyber protection support.—
(1) IN GENERAL.—Subject to a determination by the Director of National Intelligence, the Director may provide cyber protection support for the personal technology devices and personal accounts of the personnel described in paragraph (2).
(2) AT-RISK PERSONNEL.—The personnel described in this paragraph are personnel of the intelligence community—
(A) who the Director determines to be highly vulnerable to cyber attacks and hostile information collection activities because of the positions occupied by such personnel in the intelligence community; and
(B) whose personal technology devices or personal accounts are highly vulnerable to cyber attacks and hostile information collection activities.
(c) Nature of cyber protection support.—Subject to the availability of resources, the cyber protection support provided to personnel under subsection (b) may include training, advice, assistance, and other services relating to cyber attacks and hostile information collection activities.
(d) Limitation on support.—Nothing in this section shall be construed—
(1) to encourage personnel of the intelligence community to use personal technology devices for official business; or
(2) to authorize cyber protection support for senior intelligence community personnel using personal devices, networks, and personal accounts in an official capacity.
(e) Report.—Not later than 180 days after the date of the enactment of this Act, the Director shall submit to the congressional intelligence committees a report on the provision of cyber protection support under subsection (b). The report shall include—
(1) a description of the methodology used to make the determination under subsection (b)(2); and
(2) guidance for the use of cyber protection support and tracking of support requests for personnel receiving cyber protection support under subsection (b).
(a) Modification of effective date.—Subsection (f) of section 309 of the Intelligence Authorization Act for Fiscal Year 2012 (Public Law 112–87; 50 U.S.C. 3329 note) is amended by striking “the date that is 180 days after”.
(b) Repeal of sunset.—Such section is amended by striking subsection (g).
(c) Reports.—Such section, as amended by subsection (b), is further amended—
(1) by redesignating subsection (f), as amended by subsection (a), as subsection (g); and
(2) by inserting after subsection (e) the following:
“(1) IN GENERAL.—Except as provided in paragraph (2), not later than 180 days after the date of the enactment of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020 and not less frequently than once each calendar year thereafter, the Director of National Intelligence shall, in consultation with each head of a covered agency, submit to the congressional intelligence committees (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)), a report that details the determinations and notifications made under subsection (c) during the most recently completed calendar year.
“(2) INITIAL REPORT.—The first report submitted under paragraph (1) shall detail all the determinations and notifications made under subsection (c) before the date of the submittal of the report.”.
(a) Prohibition.—An officer of an element of the intelligence community who has been nominated by the President for a position that requires the advice and consent of the Senate may not make a classification decision with respect to information related to such officer's nomination.
(b) Classification determinations.—
(1) IN GENERAL.—Except as provided in paragraph (2), in a case in which an officer described in subsection (a) has been nominated as described in such subsection and classification authority rests with the officer or another officer who reports directly to such officer, a classification decision with respect to information relating to the officer shall be made by the Director of National Intelligence.
(2) NOMINATIONS OF DIRECTOR OF NATIONAL INTELLIGENCE.—In a case described in paragraph (1) in which the officer nominated is the Director of National Intelligence, the classification decision shall be made by the Principal Deputy Director of National Intelligence.
(c) Reports.—Whenever the Director or the Principal Deputy Director makes a decision under subsection (b), the Director or the Principal Deputy Director, as the case may be, shall submit to the congressional intelligence committees a report detailing the reasons for the decision.
(a) Meetings.—Section 101A(d) of the National Security Act of 1947 (50 U.S.C. 3022(d)) is amended—
(1) by striking “regular”; and
(2) by inserting “as the Director considers appropriate” after “Council”.
(b) Report on function and utility of the Joint Intelligence Community Council.—
(1) IN GENERAL.—No later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Executive Office of the President and members of the Joint Intelligence Community Council, shall submit to the congressional intelligence committees a report on the function and utility of the Joint Intelligence Community Council.
(2) CONTENTS.—The report required by paragraph (1) shall include the following:
(A) The number of physical or virtual meetings held by the Council per year since the Council’s inception.
(B) A description of the effect and accomplishments of the Council.
(C) An explanation of the unique role of the Council relative to other entities, including with respect to the National Security Council and the Executive Committee of the intelligence community.
(D) Recommendations for the future role and operation of the Council.
(E) Such other matters relating to the function and utility of the Council as the Director considers appropriate.
(3) FORM.—The report submitted under paragraph (1) shall be submitted in unclassified form, but may include a classified annex.
(a) Definitions.—In this section:
(1) CORE SERVICE.—The term “core service” means a capability that is available to multiple elements of the intelligence community and required for consistent operation of the intelligence community information technology environment.
(2) INTELLIGENCE COMMUNITY INFORMATION TECHNOLOGY ENVIRONMENT.—The term “intelligence community information technology environment” means all of the information technology services across the intelligence community, including the data sharing and protection environment across multiple classification domains.
(b) Roles and responsibilities.—
(1) DIRECTOR OF NATIONAL INTELLIGENCE.—The Director of National Intelligence shall be responsible for coordinating the performance by elements of the intelligence community of the intelligence community information technology environment, including each of the following:
(A) Ensuring compliance with all applicable environment rules and regulations of such environment.
(B) Ensuring measurable performance goals exist for such environment.
(C) Documenting standards and practices of such environment.
(D) Acting as an arbiter among elements of the intelligence community related to any disagreements arising out of the implementation of such environment.
(E) Delegating responsibilities to the elements of the intelligence community and carrying out such other responsibilities as are necessary for the effective implementation of such environment.
(2) CORE SERVICE PROVIDERS.—Providers of core services shall be responsible for—
(A) providing core services, in coordination with the Director of National Intelligence; and
(B) providing the Director with information requested and required to fulfill the responsibilities of the Director under paragraph (1).
(A) IN GENERAL.—Except as provided in subparagraph (B), each element of the intelligence community shall use core services when such services are available.
(B) EXCEPTION.—The Director of National Intelligence may provide for a written exception to the requirement under subparagraph (A) if the Director determines there is a compelling financial or mission need for such exception.
(c) Management accountability.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall designate and maintain one or more accountable executives of the intelligence community information technology environment to be responsible for—
(1) management, financial control, and integration of such environment;
(2) overseeing the performance of each core service, including establishing measurable service requirements and schedules;
(3) to the degree feasible, ensuring testing of each core service of such environment, including testing by the intended users, to evaluate performance against measurable service requirements and to ensure the capability meets user requirements; and
(4) coordinate transition or restructuring efforts of such environment, including phaseout of legacy systems.
(d) Security plan.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall develop and maintain a security plan for the intelligence community information technology environment.
(e) Long-term roadmap.—Not later than 180 days after the date of the enactment of this Act, and during each of the second and fourth fiscal quarters thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a long-term roadmap that shall include each of the following:
(1) A description of the minimum required and desired core service requirements, including—
(A) key performance parameters; and
(B) an assessment of current, measured performance.
(2) implementation milestones for the intelligence community information technology environment, including each of the following:
(A) A schedule for expected deliveries of core service capabilities during each of the following phases:
(i) Concept refinement and technology maturity demonstration.
(ii) Development, integration, and demonstration.
(iii) Production, deployment, and sustainment.
(iv) System retirement.
(B) Dependencies of such core service capabilities.
(C) Plans for the transition or restructuring necessary to incorporate core service capabilities.
(D) A description of any legacy systems and discontinued capabilities to be phased out.
(3) Such other matters as the Director determines appropriate.
(f) Business plan.—Not later than 180 days after the date of the enactment of this Act, and during each of the second and fourth fiscal quarters thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a business plan that includes each of the following:
(1) A systematic approach to identify core service funding requests for the intelligence community information technology environment within the proposed budget, including multiyear plans to implement the long-term roadmap required by subsection (e).
(2) A uniform approach by which each element of the intelligence community shall identify the cost of legacy information technology or alternative capabilities where services of the intelligence community information technology environment will also be available.
(3) A uniform effort by which each element of the intelligence community shall identify transition and restructuring costs for new, existing, and retiring services of the intelligence community information technology environment, as well as services of such environment that have changed designations as a core service.
(g) Quarterly presentations.—Beginning not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall provide to the congressional intelligence committees quarterly updates regarding ongoing implementation of the intelligence community information technology environment as compared to the requirements in the most recently submitted security plan required by subsection (d), long-term roadmap required by subsection (e), and business plan required by subsection (f).
(h) Additional notifications.—The Director of National Intelligence shall provide timely notification to the congressional intelligence committees regarding any policy changes related to or affecting the intelligence community information technology environment, new initiatives or strategies related to or impacting such environment, and changes or deficiencies in the execution of the security plan required by subsection (d), long-term roadmap required by subsection (e), and business plan required by subsection (f)
(i) Sunset.—The section shall have no effect on or after September 30, 2024.
(a) In general.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Director of the Central Intelligence Agency and the Director of the National Security Agency, shall submit to the congressional intelligence committees a classified report on the feasibility, desirability, cost, and required schedule associated with the implementation of a secure mobile voice solution for the intelligence community.
(b) Contents.—The report required by subsection (a) shall include, at a minimum, the following:
(1) The benefits and disadvantages of a secure mobile voice solution.
(2) Whether the intelligence community could leverage commercially available technology for classified voice communications that operates on commercial mobile networks in a secure manner and identifying the accompanying security risks to such networks.
(3) A description of any policies or community guidance that would be necessary to govern the potential solution, such as a process for determining the appropriate use of a secure mobile telephone and any limitations associated with such use.
(a) Policy required.—Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence shall establish a policy for minimum insider threat standards that is consistent with the National Insider Threat Policy and Minimum Standards for Executive Branch Insider Threat Programs.
(b) Implementation.—Not later than 180 days after the date of the enactment of this Act, the head of each element of the intelligence community shall implement the policy established under subsection (a).
(a) Definitions.—In this section:
(1) ELECTRONIC REPOSITORY.—The term “electronic repository” means the electronic distribution mechanism, in use as of the date of the enactment of this Act, or any successor electronic distribution mechanism, by which the Director of National Intelligence submits to the congressional intelligence committees information.
(2) POLICY.—The term “policy”, with respect to the intelligence community, includes unclassified or classified—
(A) directives, policy guidance, and policy memoranda of the intelligence community;
(B) executive correspondence of the Director of National Intelligence; and
(C) any equivalent successor policy instruments.
(1) CURRENT POLICY.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees using the electronic repository all nonpublicly available policies issued by the Director of National Intelligence for the intelligence community that are in effect as of the date of the submission.
(2) CONTINUOUS UPDATES.—Not later than 15 days after the date on which the Director of National Intelligence issues, modifies, or rescinds a policy of the intelligence community, the Director shall—
(A) notify the congressional intelligence committees of such addition, modification, or removal; and
(B) update the electronic repository with respect to such addition, modification, or removal.
In order to further increase the diversity of the intelligence community workforce, not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence, in consultation with heads of elements of the Intelligence Community, shall create, implement, and submit to the congressional intelligence committees a written plan to ensure that rural and underrepresented regions are more fully and consistently represented in such elements’ employment recruitment efforts. Upon receipt of the plan, the congressional committees shall have 60 days to submit comments to the Director of National Intelligence before such plan shall be implemented.
Section 5(a)(4) of the Central Intelligence Agency Act of 1949 (50 U.S.C. 3506(a)(4)) is amended by striking “such personnel of the Office of the Director of National Intelligence as the Director of National Intelligence may designate;” and inserting “current and former personnel of the Office of the Director of National Intelligence and their immediate families as the Director of National Intelligence may designate;”.
(a) Information sharing environment.—Section 1016(b) of the Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 485(b)) is amended—
(1) in paragraph (1), by striking “President” and inserting “Director of National Intelligence”; and
(2) in paragraph (2), by striking “President” both places that term appears and inserting “Director of National Intelligence”.
(b) Program manager.—Section 1016(f)(1) of the Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 485(f)(1)) is amended by striking “The individual designated as the program manager shall serve as program manager until removed from service or replaced by the President (at the President's sole discretion).” and inserting “Beginning on the date of the enactment of the Damon Paul Nelson and Matthew Young Pollard Intelligence Authorization Act for Fiscal Years 2018, 2019, and 2020, each individual designated as the program manager shall be appointed by the Director of National Intelligence.”.
Section 5315 of title 5, United States Code, is amended by adding at the end the following:
Section 103I(a) of the National Security Act of 1947 (50 U.S.C. 3034(a)) is amended by adding at the end the following new sentence: “The Chief Financial Officer shall report directly to the Director of National Intelligence.”.
Section 103G(a) of the National Security Act of 1947 (50 U.S.C. 3032(a)) is amended by adding at the end the following new sentence: “The Chief Information Officer shall report directly to the Director of National Intelligence.”.
Subsection (a) of section 5 of the Central Intelligence Agency Act of 1949 (50 U.S.C. 3506) is amended—
(1) in paragraph (1), by striking “(50 U.S.C. 403–4a).,” and inserting “(50 U.S.C. 403–4a),”;
(2) in paragraph (6), by striking “and” at the end;
(3) in paragraph (7), by striking the period at the end and inserting “; and”; and
(4) by adding at the end the following new paragraph (8):
“(8) Upon the approval of the Director, provide, during any fiscal year, with or without reimbursement, subsistence to any personnel assigned to an overseas location designated by the Agency as an austere location.”.
Subsection (a) of section 15 of the Central Intelligence Act of 1949 (50 U.S.C. 3515(a)) is amended—
(1) in the subsection heading, by striking “policemen” and inserting “police officers”; and
(A) in subparagraph (B), by striking “500 feet;” and inserting “500 yards;”; and
(B) in subparagraph (D), by striking “500 feet.” and inserting “500 yards.”.
(a) Repeal of foreign language proficiency requirement.—Section 104A of the National Security Act of 1947 (50 U.S.C. 3036) is amended by striking subsection (g).
(b) Conforming repeal of report requirement.—Section 611 of the Intelligence Authorization Act for Fiscal Year 2005 (Public Law 108–487) is amended by striking subsection (c).
(a) In general.—Section 215 of the Department of Energy Organization Act (42 U.S.C. 7144b) is amended to read as follows:
“Office of Intelligence and Counterintelligence
“Sec. 215. (a) Definitions.—In this section, the terms ‘intelligence community’ and ‘National Intelligence Program’ have the meanings given such terms in section 3 of the National Security Act of 1947 (50 U.S.C. 3003).
“(b) In general.—There is in the Department an Office of Intelligence and Counterintelligence. Such office shall be under the National Intelligence Program.
“(c) Director.— (1) The head of the Office shall be the Director of the Office of Intelligence and Counterintelligence, who shall be an employee in the Senior Executive Service, the Senior Intelligence Service, the Senior National Intelligence Service, or any other Service that the Secretary, in coordination with the Director of National Intelligence, considers appropriate. The Director of the Office shall report directly to the Secretary.
“(2) The Secretary shall select an individual to serve as the Director from among individuals who have substantial expertise in matters relating to the intelligence community, including foreign intelligence and counterintelligence.
“(d) Duties.— (1) Subject to the authority, direction, and control of the Secretary, the Director shall perform such duties and exercise such powers as the Secretary may prescribe.
“(2) The Director shall be responsible for establishing policy for intelligence and counterintelligence programs and activities at the Department.”.
(b) Conforming repeal.—Section 216 of the Department of Energy Organization Act (42 U.S.C. 7144c) is hereby repealed.
(c) Clerical amendment.—The table of contents at the beginning of the Department of Energy Organization Act is amended by striking the items relating to sections 215 and 216 and inserting the following new item:
“215. Office of Intelligence and Counterintelligence.”.
Section 215 of the Department of Energy Organization Act (42 U.S.C. 7144b), as amended by section 421, is further amended by adding at the end the following:
“(e) Energy Infrastructure Security Center.— (1) (A) The President shall establish an Energy Infrastructure Security Center, taking into account all appropriate government tools to analyze and disseminate intelligence relating to the security of the energy infrastructure of the United States.
“(B) The Secretary shall appoint the head of the Energy Infrastructure Security Center.
“(C) The Energy Infrastructure Security Center shall be located within the Office of Intelligence and Counterintelligence.
“(2) In establishing the Energy Infrastructure Security Center, the Director of the Office of Intelligence and Counterintelligence shall address the following missions and objectives to coordinate and disseminate intelligence relating to the security of the energy infrastructure of the United States:
“(A) Establishing a primary organization within the United States Government for analyzing and integrating all intelligence possessed or acquired by the United States pertaining to the security of the energy infrastructure of the United States.
“(B) Ensuring that appropriate departments and agencies have full access to and receive intelligence support needed to execute the plans or activities of the agencies, and perform independent, alternative analyses.
“(C) Establishing a central repository on known and suspected foreign threats to the energy infrastructure of the United States, including with respect to any individuals, groups, or entities engaged in activities targeting such infrastructure, and the goals, strategies, capabilities, and networks of such individuals, groups, or entities.
“(D) Disseminating intelligence information relating to the security of the energy infrastructure of the United States, including threats and analyses, to the President, to the appropriate departments and agencies, and to the appropriate committees of Congress.
“(3) The President may waive the requirements of this subsection, and any parts thereof, if the President determines that such requirements do not materially improve the ability of the United States Government to prevent and halt attacks against the energy infrastructure of the United States. Such waiver shall be made in writing to Congress and shall include a description of how the missions and objectives in paragraph (2) are being met.
“(4) If the President decides not to exercise the waiver authority granted by paragraph (3), the President shall submit to Congress from time to time updates and plans regarding the establishment of an Energy Infrastructure Security Center.”.
Section 214 of the Department of Energy Organization Act (42 U.S.C. 7144a) is amended—
(1) by striking “(a) Duty of Secretary.—”; and
(2) by striking subsections (b) and (c).
Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence and Under Secretary of Defense for Intelligence, in coordination with the Director of the National Counterintelligence and Security Center, shall submit to the congressional intelligence committees, the Committee on Armed Services of the Senate, and the Committee on Armed Services of the House of Representatives a plan to designate the counterintelligence component of the Defense Security Service of the Department of Defense as an element of the intelligence community by not later than January 1, 2019. Such plan shall—
(1) address the implications of such designation on the authorities, governance, personnel, resources, information technology, collection, analytic products, information sharing, and business processes of the Defense Security Service and the intelligence community; and
(2) not address the personnel security functions of the Defense Security Service.
Section 3553 of title 44, United States Code, is amended—
(1) by redesignating subsection (j) as subsection (k); and
(2) by inserting after subsection (i) the following:
“(j) Rule of construction.—Nothing in this section shall be construed to require the Secretary to provide notice to any private entity before the Secretary issues a binding operational directive under subsection (b)(2).”.
(a) In general.—The Director of National Intelligence and the Secretary of Defense shall jointly establish a framework to ensure the appropriate balance of resources for the roles, missions, and functions of the Defense Intelligence Agency in its capacity as an element of the intelligence community and as a combat support agency. The framework shall include supporting processes to provide for the consistent and regular reevaluation of the responsibilities and resources of the Defense Intelligence Agency to prevent imbalanced priorities, insufficient or misaligned resources, and the unauthorized expansion of mission parameters.
(b) Matters for inclusion.—The framework required under subsection (a) shall include each of the following:
(1) A lexicon providing for consistent definitions of relevant terms used by both the intelligence community and the Department of Defense, including each of the following:
(A) Defense intelligence enterprise.
(B) Enterprise manager.
(C) Executive agent.
(D) Function.
(E) Functional manager.
(F) Mission.
(G) Mission manager.
(H) Responsibility.
(I) Role.
(J) Service of common concern.
(2) An assessment of the necessity of maintaining separate designations for the intelligence community and the Department of Defense for intelligence functional or enterprise management constructs.
(3) A repeatable process for evaluating the addition, transfer, or elimination of defense intelligence missions, roles, and functions, currently performed or to be performed in the future by the Defense Intelligence Agency, which includes each of the following:
(A) A justification for the addition, transfer, or elimination of a mission, role, or function.
(B) The identification of which, if any, element of the Federal Government performs the considered mission, role, or function.
(C) In the case of any new mission, role, or function—
(i) an assessment of the most appropriate agency or element to perform such mission, role, or function, taking into account the resource profiles, scope of responsibilities, primary customers, and existing infrastructure necessary to support such mission, role, or function; and
(ii) a determination of the appropriate resource profile and an identification of the projected resources needed and the proposed source of such resources over the future-years defense program, to be provided in writing to any elements of the intelligence community or the Department of Defense affected by the assumption, transfer, or elimination of any mission, role, or function.
(D) In the case of any mission, role, or function proposed to be assumed, transferred, or eliminated, an assessment, which shall be completed jointly by the heads of each element affected by such assumption, transfer, or elimination, of the risks that would be assumed by the intelligence community and the Department if such mission, role, or function is assumed, transferred, or eliminated.
(E) A description of how determinations are made regarding the funding of programs and activities under the National Intelligence Program and the Military Intelligence Program, including—
(i) which programs or activities are funded under each such Program;
(ii) which programs or activities should be jointly funded under both such Programs and how determinations are made with respect to funding allocations for such programs and activities; and
(iii) the thresholds and process for changing a program or activity from being funded under one such Program to being funded under the other such Program.
(a) Establishment.—Section 106A of the National Security Act of 1947 (50 U.S.C. 3041a) is amended by adding at the end the following new subsection:
“(1) ESTABLISHMENT.—There is established in the National Reconnaissance Office an advisory board (in this section referred to as the ‘Board’).
“(A) study matters relating to the mission of the National Reconnaissance Office, including with respect to promoting innovation, competition, and resilience in space, overhead reconnaissance, acquisition, and other matters; and
“(B) advise and report directly to the Director with respect to such matters.
“(i) IN GENERAL.—The Board shall be composed of 5 members appointed by the Director from among individuals with demonstrated academic, government, business, or other expertise relevant to the mission and functions of the National Reconnaissance Office.
“(ii) NOTIFICATION.—Not later than 30 days after the date on which the Director appoints a member to the Board, the Director shall notify the congressional intelligence committees and the congressional defense committees (as defined in section 101(a) of title 10, United States Code) of such appointment.
“(B) TERMS.—Each member shall be appointed for a term of 2 years. Except as provided by subparagraph (C), a member may not serve more than 3 terms.
“(C) VACANCY.—Any member appointed to fill a vacancy occurring before the expiration of the term for which the member’s predecessor was appointed shall be appointed only for the remainder of that term. A member may serve after the expiration of that member’s term until a successor has taken office.
“(D) CHAIR.—The Board shall have a Chair, who shall be appointed by the Director from among the members.
“(E) TRAVEL EXPENSES.—Each member shall receive travel expenses, including per diem in lieu of subsistence, in accordance with applicable provisions under subchapter I of chapter 57 of title 5, United States Code.
“(F) EXECUTIVE SECRETARY.—The Director may appoint an executive secretary, who shall be an employee of the National Reconnaissance Office, to support the Board.
“(4) MEETINGS.—The Board shall meet not less than quarterly, but may meet more frequently at the call of the Director.
“(5) REPORTS.—Not later than March 31 of each year, the Board shall submit to the Director and to the congressional intelligence committees a report on the activities and significant findings of the Board during the preceding year.
“(6) NONAPPLICABILITY OF CERTAIN REQUIREMENTS.—The Federal Advisory Committee Act (5 U.S.C. App.) shall not apply to the Board.
“(7) TERMINATION.—The Board shall terminate on the date that is 3 years after the date of the first meeting of the Board.”.
(b) Initial appointments.—Not later than 180 days after the date of the enactment of this Act, the Director of the National Reconnaissance Office shall appoint the initial 5 members to the advisory board under subsection (d) of section 106A of the National Security Act of 1947 (50 U.S.C. 3041a), as added by subsection (a).
(a) Identification of opportunities for collocation.—Not later than 60 days after the date of the enactment of this Act, the Under Secretary of Homeland Security for Intelligence and Analysis shall identify, in consultation with the Commissioner of U.S. Customs and Border Protection, the Administrator of the Transportation Security Administration, the Director of U.S. Immigration and Customs Enforcement, and the heads of such other elements of the Department of Homeland Security as the Under Secretary considers appropriate, opportunities for collocation of officers of the Office of Intelligence and Analysis in the field outside of the greater Washington, District of Columbia, area in order to support operational units from U.S. Customs and Border Protection, the Transportation Security Administration, U.S. Immigration and Customs Enforcement, and other elements of the Department of Homeland Security.
(b) Plan for collocation.—Not later than 120 days after the date of the enactment of this Act, the Under Secretary shall submit to the congressional intelligence committees a report that includes a plan for collocation as described in subsection (a).
(a) Definitions.—In this section:
(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and Governmental Affairs of the Senate;
(C) the Committee on Homeland Security of the House of Representatives;
(D) the Committee on Foreign Relations of the Senate; and
(E) the Committee on Foreign Affairs of the House of Representatives.
(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of Representatives.
(3) STATE.—The term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.
(b) Report required.—Not later than 60 days after the date of the enactment of this Act, the Under Secretary of Homeland Security for Intelligence and Analysis shall submit to congressional leadership and the appropriate congressional committees a report on cyber attacks and attempted cyber attacks by foreign governments on United States election infrastructure in States and localities in connection with the 2016 Presidential election in the United States and such cyber attacks or attempted cyber attacks as the Under Secretary anticipates against such infrastructure. Such report shall identify the States and localities affected and shall include cyber attacks and attempted cyber attacks against voter registration databases, voting machines, voting-related computer networks, and the networks of Secretaries of State and other election officials of the various States.
(c) Form.—The report submitted under subsection (b) shall be submitted in unclassified form, but may include a classified annex.
(a) Review required.—Not later than 1 year after the date of the enactment of this Act, the Director of National Intelligence shall—
(1) complete an after action review of the posture of the intelligence community to collect against and analyze efforts of the Government of Russia to interfere in the 2016 Presidential election in the United States; and
(2) submit to the congressional intelligence committees a report on the findings of the Director with respect to such review.
(b) Elements.—The review required by subsection (a) shall include, with respect to the posture and efforts described in paragraph (1) of such subsection, the following:
(1) An assessment of whether the resources of the intelligence community were properly aligned to detect and respond to the efforts described in subsection (a)(1).
(2) An assessment of the information sharing that occurred within elements of the intelligence community.
(3) An assessment of the information sharing that occurred between elements of the intelligence community.
(4) An assessment of applicable authorities necessary to collect on any such efforts and any deficiencies in those authorities.
(5) A review of the use of open source material to inform analysis and warning of such efforts.
(6) A review of the use of alternative and predictive analysis.
(c) Form of report.—The report required by subsection (a)(2) shall be submitted to the congressional intelligence committees in a classified form.
(a) Definitions.—In this section:
(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and Governmental Affairs of the Senate; and
(C) the Committee on Homeland Security of the House of Representatives.
(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of Representatives.
(3) SECURITY VULNERABILITY.—The term “security vulnerability” has the meaning given such term in section 102 of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1501).
(b) In general.—The Director of National Intelligence, in coordination with the Director of the Central Intelligence Agency, the Director of the National Security Agency, the Director of the Federal Bureau of Investigation, the Secretary of Homeland Security, and the heads of other relevant elements of the intelligence community, shall—
(1) commence not later than 1 year before any regularly scheduled Federal election occurring after December 31, 2018, and complete not later than 180 days before such election, an assessment of security vulnerabilities of State election systems; and
(2) not later than 180 days before any regularly scheduled Federal election occurring after December 31, 2018, submit a report on such security vulnerabilities and an assessment of foreign intelligence threats to the election to—
(A) congressional leadership; and
(B) the appropriate congressional committees.
(c) Update.—Not later than 90 days before any regularly scheduled Federal election occurring after December 31, 2018, the Director of National Intelligence shall—
(1) update the assessment of foreign intelligence threats to that election; and
(2) submit the updated assessment to—
(A) congressional leadership; and
(B) the appropriate congressional committees.
(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means the following:
(1) The congressional intelligence committees.
(2) The Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate.
(3) The Committee on Armed Services and the Committee on Homeland Security of the House of Representatives.
(4) The Committee on Foreign Relations of the Senate.
(5) The Committee on Foreign Affairs of the House of Representatives.
(b) Requirement for a strategy.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Secretary of Homeland Security, the Director of the Federal Bureau of Investigation, the Director of the Central Intelligence Agency, the Secretary of State, the Secretary of Defense, and the Secretary of the Treasury, shall develop a whole-of-government strategy for countering the threat of Russian cyber attacks and attempted cyber attacks against electoral systems and processes in the United States, including Federal, State, and local election systems, voter registration databases, voting tabulation equipment, and equipment and processes for the secure transmission of election results.
(c) Elements of the strategy.—The strategy required by subsection (b) shall include the following elements:
(1) A whole-of-government approach to protecting United States electoral systems and processes that includes the agencies and departments indicated in subsection (b) as well as any other agencies and departments of the United States, as determined appropriate by the Director of National Intelligence and the Secretary of Homeland Security.
(2) Input solicited from Secretaries of State of the various States and the chief election officials of the States.
(3) Technical security measures, including auditable paper trails for voting machines, securing wireless and Internet connections, and other technical safeguards.
(4) Detection of cyber threats, including attacks and attempted attacks by Russian government or nongovernment cyber threat actors.
(5) Improvements in the identification and attribution of Russian government or nongovernment cyber threat actors.
(6) Deterrence, including actions and measures that could or should be undertaken against or communicated to the Government of Russia or other entities to deter attacks against, or interference with, United States election systems and processes.
(7) Improvements in Federal Government communications with State and local election officials.
(8) Public education and communication efforts.
(9) Benchmarks and milestones to enable the measurement of concrete steps taken and progress made in the implementation of the strategy.
(d) Congressional briefing.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence and the Secretary of Homeland Security shall jointly brief the appropriate congressional committees on the strategy developed under subsection (b).
(a) Russian influence campaign defined.—In this section, the term “Russian influence campaign” means any effort, covert or overt, and by any means, attributable to the Russian Federation directed at an election, referendum, or similar process in a country other than the Russian Federation or the United States.
(b) Assessment required.—Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report containing an analytical assessment of the most significant Russian influence campaigns, if any, conducted during the 3-year period preceding the date of the enactment of this Act, as well as the most significant current or planned such Russian influence campaigns, if any. Such assessment shall include—
(1) a summary of such significant Russian influence campaigns, including, at a minimum, the specific means by which such campaigns were conducted, are being conducted, or likely will be conducted, as appropriate, and the specific goal of each such campaign;
(2) a summary of any defenses against or responses to such Russian influence campaigns by the foreign state holding the elections or referenda;
(3) a summary of any relevant activities by elements of the intelligence community undertaken for the purpose of assisting the government of such foreign state in defending against or responding to such Russian influence campaigns; and
(4) an assessment of the effectiveness of such defenses and responses described in paragraphs (2) and (3).
(c) Form.—The report required by subsection (b) may be submitted in classified form, but if so submitted, shall contain an unclassified summary.
(1) IN GENERAL.—As provided in paragraph (2), for each Federal election, the Director of National Intelligence, in coordination with the Under Secretary of Homeland Security for Intelligence and Analysis and the Director of the Federal Bureau of Investigation, shall make publicly available on an Internet website an advisory report on foreign counterintelligence and cybersecurity threats to election campaigns for Federal offices. Each such report shall include, consistent with the protection of sources and methods, each of the following:
(A) A description of foreign counterintelligence and cybersecurity threats to election campaigns for Federal offices.
(B) A summary of best practices that election campaigns for Federal offices can employ in seeking to counter such threats.
(C) An identification of any publicly available resources, including United States Government resources, for countering such threats.
(2) SCHEDULE FOR SUBMITTAL.—A report under this subsection shall be made available as follows:
(A) In the case of a report regarding an election held for the office of Senator or Member of the House of Representatives during 2018, not later than the date that is 60 days after the date of the enactment of this Act.
(B) In the case of a report regarding an election for a Federal office during any subsequent year, not later than the date that is 1 year before the date of the election.
(3) INFORMATION TO BE INCLUDED.—A report under this subsection shall reflect the most current information available to the Director of National Intelligence regarding foreign counterintelligence and cybersecurity threats.
(b) Treatment of campaigns subject to heightened threats.—If the Director of the Federal Bureau of Investigation and the Under Secretary of Homeland Security for Intelligence and Analysis jointly determine that an election campaign for Federal office is subject to a heightened foreign counterintelligence or cybersecurity threat, the Director and the Under Secretary, consistent with the protection of sources and methods, may make available additional information to the appropriate representatives of such campaign.
(a) State defined.—In this section, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.
(1) IN GENERAL.—Not later than 30 days after the date of the enactment of this Act, the Director of National Intelligence shall support the Under Secretary of Homeland Security for Intelligence and Analysis, and any other official of the Department of Homeland Security designated by the Secretary of Homeland Security, in sponsoring a security clearance up to the top secret level for each eligible chief election official of a State or the District of Columbia, and additional eligible designees of such election official as appropriate, at the time that such election official assumes such position.
(2) INTERIM CLEARANCES.—Consistent with applicable policies and directives, the Director of National Intelligence may issue interim clearances, for a period to be determined by the Director, to a chief election official as described in paragraph (1) and up to 1 designee of such official under such paragraph.
(1) IN GENERAL.—The Director of National Intelligence shall assist the Under Secretary of Homeland Security for Intelligence and Analysis and the Under Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and other related programs of the Department (as specified in section 103(a)(1)(H) of the Homeland Security Act of 2002 (6 U.S.C. 113(a)(1)(H))) with sharing any appropriate classified information related to threats to election systems and to the integrity of the election process with chief election officials and such designees who have received a security clearance under subsection (b).
(2) COORDINATION.—The Under Secretary of Homeland Security for Intelligence and Analysis shall coordinate with the Director of National Intelligence and the Under Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and other related programs of the Department (as specified in section 103(a)(1)(H) of the Homeland Security Act of 2002 (6 U.S.C. 113(a)(1)(H))) to facilitate the sharing of information to the affected Secretaries of State or States.
(a) Definitions.—In this section:
(1) ACTIVE MEASURES CAMPAIGN.—The term “active measures campaign” means a foreign semi-covert or covert intelligence operation.
(2) CANDIDATE, ELECTION, AND POLITICAL PARTY.—The terms “candidate”, “election”, and “political party” have the meanings given those terms in section 301 of the Federal Election Campaign Act of 1971 (52 U.S.C. 30101).
(3) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of Representatives.
(4) CYBER INTRUSION.—The term “cyber intrusion” means an electronic occurrence that actually or imminently jeopardizes, without lawful authority, electronic election infrastructure, or the integrity, confidentiality, or availability of information within such infrastructure.
(5) ELECTRONIC ELECTION INFRASTRUCTURE.—The term “electronic election infrastructure” means an electronic information system of any of the following that is related to an election for Federal office:
(A) The Federal Government.
(B) A State or local government.
(C) A political party.
(D) The election campaign of a candidate.
(6) FEDERAL OFFICE.—The term “Federal office” has the meaning given that term in section 301 of the Federal Election Campaign Act of 1971 (52 U.S.C. 30101).
(7) HIGH CONFIDENCE.—The term “high confidence”, with respect to a determination, means that the determination is based on high-quality information from multiple sources.
(8) MODERATE CONFIDENCE.—The term “moderate confidence”, with respect to a determination, means that a determination is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.
(9) OTHER APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “other appropriate congressional committees” means—
(A) the Committee on Armed Services, the Committee on Homeland Security and Governmental Affairs, and the Committee on Appropriations of the Senate; and
(B) the Committee on Armed Services, the Committee on Homeland Security, and the Committee on Appropriations of the House of Representatives.
(b) Determinations of significant foreign cyber intrusions and active measures campaigns.—The Director of National Intelligence, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security shall jointly carry out subsection (c) if such Directors and the Secretary jointly determine—
(1) that on or after the date of the enactment of this Act, a significant foreign cyber intrusion or active measures campaign intended to influence an upcoming election for any Federal office has occurred or is occurring; and
(2) with moderate or high confidence, that such intrusion or campaign can be attributed to a foreign state or to a foreign nonstate person, group, or other entity.
(1) IN GENERAL.—Not later than 14 days after making a determination under subsection (b), the Director of National Intelligence, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security shall jointly provide a briefing to the congressional leadership, the congressional intelligence committees and, consistent with the protection of sources and methods, the other appropriate congressional committees. The briefing shall be classified and address, at a minimum, the following:
(A) A description of the significant foreign cyber intrusion or active measures campaign, as the case may be, covered by the determination.
(B) An identification of the foreign state or foreign nonstate person, group, or other entity, to which such intrusion or campaign has been attributed.
(C) The desirability and feasibility of the public release of information about the cyber intrusion or active measures campaign.
(D) Any other information such Directors and the Secretary jointly determine appropriate.
(2) ELECTRONIC ELECTION INFRASTRUCTURE BRIEFINGS.—With respect to a significant foreign cyber intrusion covered by a determination under subsection (b), the Secretary of Homeland Security, in consultation with the Director of National Intelligence and the Director of the Federal Bureau of Investigation, shall offer to the owner or operator of any electronic election infrastructure directly affected by such intrusion, a briefing on such intrusion, including steps that may be taken to mitigate such intrusion. Such briefing may be classified and made available only to individuals with appropriate security clearances.
(3) PROTECTION OF SOURCES AND METHODS.—This subsection shall be carried out in a manner that is consistent with the protection of sources and methods.
(a) In general.—The Director of National Intelligence shall designate a national counterintelligence officer within the National Counterintelligence and Security Center to lead, manage, and coordinate counterintelligence matters relating to election security.
(b) Additional responsibilities.—The person designated under subsection (a) shall also lead, manage, and coordinate counterintelligence matters relating to risks posed by interference from foreign powers (as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801)) to the following:
(1) The Federal Government election security supply chain.
(2) Election voting systems and software.
(3) Voter registration databases.
(4) Critical infrastructure related to elections.
(5) Such other Government goods and services as the Director of National Intelligence considers appropriate.
In this title:
(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Armed Services of the Senate;
(C) the Committee on Appropriations of the Senate;
(D) the Committee on Homeland Security and Governmental Affairs of the Senate;
(E) the Committee on Armed Services of the House of Representatives;
(F) the Committee on Appropriations of the House of Representatives;
(G) the Committee on Homeland Security of the House of Representatives; and
(H) the Committee on Oversight and Reform of the House of Representatives.
(2) APPROPRIATE INDUSTRY PARTNERS.—The term “appropriate industry partner” means a contractor, licensee, or grantee (as defined in section 101(a) of Executive Order 12829 (50 U.S.C. 3161 note; relating to National Industrial Security Program)) that is participating in the National Industrial Security Program established by such Executive Order.
(3) CONTINUOUS VETTING.—The term “continuous vetting” has the meaning given such term in Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for government employment, fitness for contractor employees, and eligibility for access to classified national security information).
(4) COUNCIL.—The term “Council” means the Security, Suitability, and Credentialing Performance Accountability Council established pursuant to such Executive Order, or any successor entity.
(5) SECURITY EXECUTIVE AGENT.—The term “Security Executive Agent” means the officer serving as the Security Executive Agent pursuant to section 803 of the National Security Act of 1947, as added by section 605.
(6) SUITABILITY AND CREDENTIALING EXECUTIVE AGENT.—The term “Suitability and Credentialing Executive Agent” means the Director of the Office of Personnel Management acting as the Suitability and Credentialing Executive Agent in accordance with Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for government employment, fitness for contractor employees, and eligibility for access to classified national security information), or any successor entity.
(a) Sense of Congress.—It is the sense of Congress that—
(1) ensuring the trustworthiness and security of the workforce, facilities, and information of the Federal Government is of the highest priority to national security and public safety;
(2) the President and Congress should prioritize the modernization of the personnel security framework to improve its efficiency, effectiveness, and accountability;
(3) the current system for security clearance, suitability and fitness for employment, and credentialing lacks efficiencies and capabilities to meet the current threat environment, recruit and retain a trusted workforce, and capitalize on modern technologies; and
(4) changes to policies or processes to improve this system should be vetted through the Council to ensure standardization, portability, and reciprocity in security clearances across the Federal Government.
(b) Accountability plans and reports.—
(1) PLANS.—Not later than 90 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners the following:
(A) A plan, with milestones, to reduce the background investigation inventory to 200,000, or an otherwise sustainable steady-level, by the end of year 2020. Such plan shall include notes of any required changes in investigative and adjudicative standards or resources.
(B) A plan to consolidate the conduct of background investigations associated with the processing for security clearances in the most effective and efficient manner between the National Background Investigation Bureau and the Defense Security Service, or a successor organization. Such plan shall address required funding, personnel, contracts, information technology, field office structure, policy, governance, schedule, transition costs, and effects on stakeholders.
(2) REPORT ON THE FUTURE OF PERSONNEL SECURITY.—
(A) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report on the future of personnel security to reflect changes in threats, the workforce, and technology.
(B) CONTENTS.—The report submitted under subparagraph (A) shall include the following:
(i) A risk framework for granting and renewing access to classified information.
(ii) A discussion of the use of technologies to prevent, detect, and monitor threats.
(iii) A discussion of efforts to address reciprocity and portability.
(iv) A discussion of the characteristics of effective insider threat programs.
(v) An analysis of how to integrate data from continuous evaluation, insider threat programs, and human resources data.
(vi) Recommendations on interagency governance.
(3) PLAN FOR IMPLEMENTATION.—Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to implement the report’s framework and recommendations submitted under paragraph (2)(A).
(4) CONGRESSIONAL NOTIFICATIONS.—Not less frequently than quarterly, the Security Executive Agent shall make available to the public a report regarding the status of the disposition of requests received from departments and agencies of the Federal Government for a change to, or approval under, the Federal investigative standards, the national adjudicative guidelines, continuous evaluation, or other national policy regarding personnel security.
(a) Reviews.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that includes the following:
(1) A review of whether the information requested on the Questionnaire for National Security Positions (Standard Form 86) and by the Federal Investigative Standards prescribed by the Office of Personnel Management and the Office of the Director of National Intelligence appropriately supports the adjudicative guidelines under Security Executive Agent Directive 4 (known as the “National Security Adjudicative Guidelines”). Such review shall include identification of whether any such information currently collected is unnecessary to support the adjudicative guidelines.
(2) An assessment of whether such Questionnaire, Standards, and guidelines should be revised to account for the prospect of a holder of a security clearance becoming an insider threat.
(3) Recommendations to improve the background investigation process by—
(A) simplifying the Questionnaire for National Security Positions (Standard Form 86) and increasing customer support to applicants completing such Questionnaire;
(B) using remote techniques and centralized locations to support or replace field investigation work;
(C) using secure and reliable digitization of information obtained during the clearance process;
(D) building the capacity of the background investigation labor sector; and
(E) replacing periodic reinvestigations with continuous evaluation techniques in all appropriate circumstances.
(b) Policy, strategy, and implementation.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the members of the Council, establish the following:
(1) A policy and implementation plan for the issuance of interim security clearances.
(2) A policy and implementation plan to ensure contractors are treated consistently in the security clearance process across agencies and departments of the United States as compared to employees of such agencies and departments. Such policy shall address—
(A) prioritization of processing security clearances based on the mission the contractors will be performing;
(B) standardization in the forms that agencies issue to initiate the process for a security clearance;
(C) digitization of background investigation-related forms;
(D) use of the polygraph;
(E) the application of the adjudicative guidelines under Security Executive Agent Directive 4 (known as the “National Security Adjudicative Guidelines”);
(F) reciprocal recognition of clearances across agencies and departments of the United States, regardless of status of periodic reinvestigation;
(G) tracking of clearance files as individuals move from employment with an agency or department of the United States to employment in the private sector;
(H) collection of timelines for movement of contractors across agencies and departments;
(I) reporting on security incidents and job performance, consistent with section 552a of title 5, United States Code (commonly known as the “Privacy Act of 1974”), that may affect the ability to hold a security clearance;
(J) any recommended changes to the Federal Acquisition Regulations (FAR) necessary to ensure that information affecting contractor clearances or suitability is appropriately and expeditiously shared between and among agencies and contractors; and
(K) portability of contractor security clearances between or among contracts at the same agency and between or among contracts at different agencies that require the same level of clearance.
(3) A strategy and implementation plan that—
(A) provides for periodic reinvestigations as part of a security clearance determination only on an as-needed, risk-based basis;
(B) includes actions to assess the extent to which automated records checks and other continuous evaluation methods may be used to expedite or focus reinvestigations; and
(C) provides an exception for certain populations if the Security Executive Agent—
(i) determines such populations require reinvestigations at regular intervals; and
(ii) provides written justification to the appropriate congressional committees for any such determination.
(4) A policy and implementation plan for agencies and departments of the United States, as a part of the security clearance process, to accept automated records checks generated pursuant to a security clearance applicant’s employment with a prior employer.
(5) A policy for the use of certain background materials on individuals collected by the private sector for background investigation purposes.
(6) Uniform standards for agency continuous evaluation programs to ensure quality and reciprocity in accepting enrollment in a continuous vetting program as a substitute for a periodic investigation for continued access to classified information.
(a) Reciprocity defined.—In this section, the term “reciprocity” means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.
(b) In general.—The Council shall reform the security clearance process with the objective that, by December 31, 2021, 90 percent of all determinations, other than determinations regarding populations identified under section 603(b)(3)(C), regarding—
(A) at the secret level are issued in 30 days or fewer; and
(B) at the top secret level are issued in 90 days or fewer; and
(2) reciprocity of security clearances at the same level are recognized in 2 weeks or fewer.
(c) Certain reinvestigations.—The Council shall reform the security clearance process with the goal that by December 31, 2021, reinvestigation on a set periodicity is not required for more than 10 percent of the population that holds a security clearance.
(1) IN GENERAL.—If the Council develops a set of performance metrics that it certifies to the appropriate congressional committees should achieve substantially equivalent outcomes as those outlined in subsections (b) and (c), the Council may use those metrics for purposes of compliance within this provision.
(2) NOTICE.—If the Council uses the authority provided by paragraph (1) to use metrics as described in such paragraph, the Council shall, not later than 30 days after communicating such metrics to departments and agencies, notify the appropriate congressional committees that it is using such authority.
(e) Plan.—Not later than 180 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to carry out this section. Such plan shall include recommended interim milestones for the goals set forth in subsections (b) and (c) for 2019, 2020, and 2021.
(a) In general.—Title VIII of the National Security Act of 1947 (50 U.S.C. 3161 et seq.) is amended—
(1) by redesignating sections 803 and 804 as sections 804 and 805, respectively; and
(2) by inserting after section 802 the following:
“SEC. 803. Security Executive Agent.
“(a) In general.—The Director of National Intelligence, or such other officer of the United States as the President may designate, shall serve as the Security Executive Agent for all departments and agencies of the United States.
“(b) Duties.—The duties of the Security Executive Agent are as follows:
“(1) To direct the oversight of investigations, reinvestigations, adjudications, and, as applicable, polygraphs for eligibility for access to classified information or eligibility to hold a sensitive position made by any Federal agency.
“(2) To review the national security background investigation and adjudication programs of Federal agencies to determine whether such programs are being implemented in accordance with this section.
“(3) To develop and issue uniform and consistent policies and procedures to ensure the effective, efficient, timely, and secure completion of investigations, polygraphs, and adjudications relating to determinations of eligibility for access to classified information or eligibility to hold a sensitive position.
“(4) Unless otherwise designated by law, to serve as the final authority to designate a Federal agency or agencies to conduct investigations of persons who are proposed for access to classified information or for eligibility to hold a sensitive position to ascertain whether such persons satisfy the criteria for obtaining and retaining access to classified information or eligibility to hold a sensitive position, as applicable.
“(5) Unless otherwise designated by law, to serve as the final authority to designate a Federal agency or agencies to determine eligibility for access to classified information or eligibility to hold a sensitive position in accordance with Executive Order 12968 (50 U.S.C. 3161 note; relating to access to classified information).
“(6) To ensure reciprocal recognition of eligibility for access to classified information or eligibility to hold a sensitive position among Federal agencies, including acting as the final authority to arbitrate and resolve disputes among such agencies involving the reciprocity of investigations and adjudications of eligibility.
“(7) To execute all other duties assigned to the Security Executive Agent by law.
“(c) Authorities.—The Security Executive Agent shall—
“(1) issue guidelines and instructions to the heads of Federal agencies to ensure appropriate uniformity, centralization, efficiency, effectiveness, timeliness, and security in processes relating to determinations by such agencies of eligibility for access to classified information or eligibility to hold a sensitive position, including such matters as investigations, polygraphs, adjudications, and reciprocity;
“(2) have the authority to grant exceptions to, or waivers of, national security investigative requirements, including issuing implementing or clarifying guidance, as necessary;
“(3) have the authority to assign, in whole or in part, to the head of any Federal agency (solely or jointly) any of the duties of the Security Executive Agent described in subsection (b) or the authorities described in paragraphs (1) and (2), provided that the exercise of such assigned duties or authorities is subject to the oversight of the Security Executive Agent, including such terms and conditions (including approval by the Security Executive Agent) as the Security Executive Agent determines appropriate; and
“(4) define and set standards for continuous evaluation for continued access to classified information and for eligibility to hold a sensitive position.”.
(b) Report on recommendations for revising authorities.—Not later than 30 days after the date on which the Chairman of the Council submits to the appropriate congressional committees the report required by section 602(b)(2)(A), the Chairman shall submit to the appropriate congressional committees such recommendations as the Chairman may have for revising the authorities of the Security Executive Agent.
(c) Conforming amendment.—Section 103H(j)(4)(A) of such Act (50 U.S.C. 3033(j)(4)(A)) is amended by striking “in section 804” and inserting “in section 805”.
(d) Clerical amendment.—The table of contents in the matter preceding section 2 of such Act (50 U.S.C. 3002) is amended by striking the items relating to sections 803 and 804 and inserting the following:
“Sec. 803. Security Executive Agent.
“Sec. 804. Exceptions.
“Sec. 805. Definitions.”.
Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent, in coordination with the other members of the Council, shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a report regarding the advisability and the risks, benefits, and costs to the Government and to industry of consolidating to not more than 3 tiers for positions of trust and security clearances.
(a) Sense of congress.—It is the sense of Congress that to reflect the greater mobility of the modern workforce, alternative methodologies merit analysis to allow greater flexibility for individuals moving in and out of positions that require access to classified information, while still preserving security.
(b) Report required.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that describes the requirements, feasibility, and advisability of implementing a clearance in person concept described in subsection (c).
(c) Clearance in person concept.—The clearance in person concept—
(1) permits an individual who once held a security clearance to maintain his or her eligibility for access to classified information, networks, and facilities for up to 3 years after the individual’s eligibility for access to classified information would otherwise lapse; and
(2) recognizes, unless otherwise directed by the Security Executive Agent, an individual’s security clearance and background investigation as current, regardless of employment status, contingent on enrollment in a continuous vetting program.
(d) Contents.—The report required under subsection (b) shall address—
(1) requirements for an individual to voluntarily remain in a continuous evaluation program validated by the Security Executive Agent even if the individual is not in a position requiring access to classified information;
(2) appropriate safeguards for privacy;
(3) advantages to government and industry;
(4) the costs and savings associated with implementation;
(5) the risks of such implementation, including security and counterintelligence risks;
(6) an appropriate funding model; and
(7) fairness to small companies and independent contractors.
(a) In general.—As part of the fiscal year 2020 budget request submitted to Congress pursuant to section 1105(a) of title 31, United States Code, the President shall include exhibits that identify the resources expended by each agency during the prior fiscal year for processing background investigations and continuous evaluation programs, disaggregated by tier and whether the individual was a Government employee or contractor.
(b) Contents.—Each exhibit submitted under subsection (a) shall include details on—
(1) the costs of background investigations or reinvestigations;
(2) the costs associated with background investigations for Government or contract personnel;
(3) costs associated with continuous evaluation initiatives monitoring for each person for whom a background investigation or reinvestigation was conducted, other than costs associated with adjudication;
(4) the average per person cost for each type of background investigation; and
(5) a summary of transfers and reprogrammings that were executed in the previous year to support the processing of security clearances.
(a) Reciprocally recognized defined.—In this section, the term “reciprocally recognized” means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.
(b) Reports to Security Executive Agent.—The head of each Federal department or agency shall submit an annual report to the Security Executive Agent that—
(1) identifies the number of individuals whose security clearances take more than 2 weeks to be reciprocally recognized after such individuals move to another part of such department or agency; and
(2) breaks out the information described in paragraph (1) by type of clearance and the reasons for any delays.
(c) Annual report.—Not less frequently than once each year, the Security Executive Agent shall submit to the appropriate congressional committees and make available to industry partners an annual report that summarizes the information received pursuant to subsection (b) during the period covered by such report.
Section 506H of the National Security Act of 1947 (50 U.S.C. 3104) is amended—
(A) in subparagraph (A)(ii), by adding “and” at the end;
(B) in subparagraph (B)(ii), by striking “; and” and inserting a period; and
(C) by striking subparagraph (C);
(2) by redesignating subsection (b) as subsection (c);
(3) by inserting after subsection (a) the following:
“(b) Intelligence community reports.— (1) (A) Not later than March 1 of each year, the Director of National Intelligence shall submit a report to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Homeland Security of the House of Representatives, and the Committee on Oversight and Reform of the House of Representatives regarding the security clearances processed by each element of the intelligence community during the preceding fiscal year.
“(B) The Director shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives such portions of the report submitted under subparagraph (A) as the Director determines address elements of the intelligence community that are within the Department of Defense.
“(C) Each report submitted under this paragraph shall separately identify security clearances processed for Federal employees and contractor employees sponsored by each such element.
“(2) Each report submitted under paragraph (1)(A) shall include, for each element of the intelligence community for the fiscal year covered by the report, the following:
“(A) The total number of initial security clearance background investigations sponsored for new applicants.
“(B) The total number of security clearance periodic reinvestigations sponsored for existing employees.
“(C) The total number of initial security clearance background investigations for new applicants that were adjudicated with notice of a determination provided to the prospective applicant, including—
“(i) the total number of such adjudications that were adjudicated favorably and granted access to classified information; and
“(ii) the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.
“(D) The total number of security clearance periodic background investigations that were adjudicated with notice of a determination provided to the existing employee, including—
“(i) the total number of such adjudications that were adjudicated favorably; and
“(ii) the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.
“(E) The total number of pending security clearance background investigations, including initial applicant investigations and periodic reinvestigations, that were not adjudicated as of the last day of such year and that remained pending, categorized as follows:
“(i) For 180 days or shorter.
“(ii) For longer than 180 days, but shorter than 12 months.
“(iii) For 12 months or longer, but shorter than 18 months.
“(iv) For 18 months or longer, but shorter than 24 months.
“(v) For 24 months or longer.
“(F) For any security clearance determinations completed or pending during the year preceding the year for which the report is submitted that have taken longer than 12 months to complete—
“(i) an explanation of the causes for the delays incurred during the period covered by the report; and
“(ii) the number of such delays involving a polygraph requirement.
“(G) The percentage of security clearance investigations, including initial and periodic reinvestigations, that resulted in a denial or revocation of a security clearance.
“(H) The percentage of security clearance investigations that resulted in incomplete information.
“(I) The percentage of security clearance investigations that did not result in enough information to make a decision on potentially adverse information.
“(3) The report required under this subsection shall be submitted in unclassified form, but may include a classified annex.”; and
(4) in subsection (c), as redesignated, by striking “subsection (a)(1)” and inserting “subsections (a)(1) and (b)”.
Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 5 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a report that reviews the intelligence community for which positions can be conducted without access to classified information, networks, or facilities, or may only require a security clearance at the secret level.
(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall establish and implement a program to share between and among agencies of the Federal Government and industry partners of the Federal Government relevant background information regarding individuals applying for and currently occupying national security positions and positions of trust, in order to ensure the Federal Government maintains a trusted workforce.
(2) DESIGNATION.—The program established under paragraph (1) shall be known as the “Trusted Information Provider Program” (in this section referred to as the “Program”).
(b) Privacy safeguards.—The Security Executive Agent and the Suitability and Credentialing Executive Agent shall ensure that the Program includes such safeguards for privacy as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate.
(c) Provision of information to the Federal Government.—The Program shall include requirements that enable investigative service providers and agencies of the Federal Government to leverage certain pre-employment information gathered during the employment or military recruiting process, and other relevant security or human resources information obtained during employment with or for the Federal Government, that satisfy Federal investigative standards, while safeguarding personnel privacy.
(d) Information and records.—The information and records considered under the Program shall include the following:
(1) Date and place of birth.
(2) Citizenship or immigration and naturalization information.
(3) Education records.
(4) Employment records.
(5) Employment or social references.
(6) Military service records.
(7) State and local law enforcement checks.
(8) Criminal history checks.
(9) Financial records or information.
(10) Foreign travel, relatives, or associations.
(11) Social media checks.
(12) Such other information or records as may be relevant to obtaining or maintaining national security, suitability, fitness, or credentialing eligibility.
(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of the Program.
(2) ELEMENTS.—The plan required by paragraph (1) shall include the following:
(A) Mechanisms that address privacy, national security, suitability or fitness, credentialing, and human resources or military recruitment processes.
(B) Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the Program.
(f) Plan for pilot program on two-way information sharing.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of a pilot program to assess the feasibility and advisability of expanding the Program to include the sharing of information held by the Federal Government related to contract personnel with the security office of the employers of those contractor personnel.
(2) ELEMENTS.—The plan required by paragraph (1) shall include the following:
(A) Mechanisms that address privacy, national security, suitability or fitness, credentialing, and human resources or military recruitment processes.
(B) Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the pilot program.
(g) Review.—Not later than 1 year after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a review of the plans submitted under subsections (e)(1) and (f)(1) and utility and effectiveness of the programs described in such plans.
Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the Inspector General of the Intelligence Community, submit to the appropriate congressional committees a report detailing the controls employed by the intelligence community to ensure that continuous vetting programs, including those involving user activity monitoring, protect the confidentiality of whistleblower-related communications.
(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means—
(1) the congressional intelligence committees;
(2) the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and
(3) the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives.
(1) IN GENERAL.—No amount may be expended by the Federal Government, other than the Department of Defense, to enter into or implement any bilateral agreement between the United States and the Russian Federation regarding cybersecurity, including the establishment or support of any cybersecurity unit, unless, at least 30 days prior to the conclusion of any such agreement, the Director of National Intelligence submits to the appropriate congressional committees a report on such agreement that includes the elements required by subsection (c).
(2) DEPARTMENT OF DEFENSE AGREEMENTS.—Any agreement between the Department of Defense and the Russian Federation regarding cybersecurity shall be conducted in accordance with section 1232 of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114–328), as amended by section 1231 of the National Defense Authorization Act for Fiscal Year 2018 (Public Law 115–91).
(c) Elements.—If the Director submits a report under subsection (b) with respect to an agreement, such report shall include a description of each of the following:
(1) The purpose of the agreement.
(2) The nature of any intelligence to be shared pursuant to the agreement.
(3) The expected value to national security resulting from the implementation of the agreement.
(4) Such counterintelligence concerns associated with the agreement as the Director may have and such measures as the Director expects to be taken to mitigate such concerns.
(d) Rule of construction.—This section shall not be construed to affect any existing authority of the Director of National Intelligence, the Director of the Central Intelligence Agency, or another head of an element of the intelligence community, to share or receive foreign intelligence on a case-by-case basis.
(a) Covered compounds defined.—In this section, the term “covered compounds” means the real property in New York, the real property in Maryland, and the real property in San Francisco, California, that were under the control of the Government of Russia in 2016 and were removed from such control in response to various transgressions by the Government of Russia, including the interference by the Government of Russia in the 2016 election in the United States.
(b) Requirement for report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees, and the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives (only with respect to the unclassified report), a report on the intelligence risks of returning the covered compounds to Russian control.
(c) Form of report.—The report required by this section shall be submitted in classified and unclassified forms.
(a) Threat finance defined.—In this section, the term “threat finance” means—
(1) the financing of cyber operations, global influence campaigns, intelligence service activities, proliferation, terrorism, or transnational crime and drug organizations;
(2) the methods and entities used to spend, store, move, raise, conceal, or launder money or value, on behalf of threat actors;
(3) sanctions evasion; and
(4) other forms of threat finance activity domestically or internationally, as defined by the President.
(b) Report required.—Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Assistant Secretary of the Treasury for Intelligence and Analysis, shall submit to the congressional intelligence committees a report containing an assessment of Russian threat finance. The assessment shall be based on intelligence from all sources, including from the Office of Terrorism and Financial Intelligence of the Department of the Treasury.
(c) Elements.—The report required by subsection (b) shall include each of the following:
(1) A summary of leading examples from the 3-year period preceding the date of the submittal of the report of threat finance activities conducted by, for the benefit of, or at the behest of—
(A) officials of the Government of Russia;
(B) persons subject to sanctions under any provision of law imposing sanctions with respect to Russia;
(C) Russian nationals subject to sanctions under any other provision of law; or
(D) Russian oligarchs or organized criminals.
(2) An assessment with respect to any trends or patterns in threat finance activities relating to Russia, including common methods of conducting such activities and global nodes of money laundering used by Russian threat actors described in paragraph (1) and associated entities.
(3) An assessment of any connections between Russian individuals involved in money laundering and the Government of Russia.
(4) A summary of engagement and coordination with international partners on threat finance relating to Russia, especially in Europe, including examples of such engagement and coordination.
(5) An identification of any resource and collection gaps.
(A) entry points of money laundering by Russian and associated entities into the United States;
(B) any vulnerabilities within the United States legal and financial system, including specific sectors, which have been or could be exploited in connection with Russian threat finance activities; and
(C) the counterintelligence threat posed by Russian money laundering and other forms of threat finance, as well as the threat to the United States financial system and United States efforts to enforce sanctions and combat organized crime.
(7) Any other matters the Director determines appropriate.
(d) Form of report.—The report required under subsection (b) may be submitted in classified form.
(a) Definitions.—In this section:
(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and
(C) the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives.
(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of Representatives.
(b) Requirement for notification.—The Director of National Intelligence, in cooperation with the Director of the Federal Bureau of Investigation and the head of any other relevant agency, shall notify the congressional leadership and the Chairman and Vice Chairman or Ranking Member of each of the appropriate congressional committees, and of other relevant committees of jurisdiction, each time the Director of National Intelligence determines there is credible information that a foreign power has, is, or will attempt to employ a covert influence or active measures campaign with regard to the modernization, employment, doctrine, or force posture of the nuclear deterrent or missile defense.
(c) Content of notification.—Each notification required by subsection (b) shall include information concerning actions taken by the United States to expose or halt an attempt referred to in subsection (b).
In carrying out the advance notification requirements set out in section 502 of the Intelligence Authorization Act for Fiscal Year 2017 (division N of Public Law 115–31; 131 Stat. 825; 22 U.S.C. 254a note), the Secretary of State shall—
(1) ensure that the Russian Federation provides notification to the Secretary of State at least 2 business days in advance of all travel that is subject to such requirements by accredited diplomatic and consular personnel of the Russian Federation in the United States, and take necessary action to secure full compliance by Russian personnel and address any noncompliance; and
(2) provide notice of travel described in paragraph (1) to the Director of National Intelligence and the Director of the Federal Bureau of Investigation within 1 hour of receiving notice of such travel.
(a) Appropriate committees of Congress defined.—In this section, the term “appropriate committees of Congress” means—
(1) the congressional intelligence committees;
(2) the Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate; and
(3) the Committee on Armed Services, Committee on Homeland Security, and the Committee on Oversight and Reform of the House of Representatives.
(b) Report required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the appropriate committees of Congress a report detailing outreach by the intelligence community and the Defense Intelligence Enterprise to United States industrial, commercial, scientific, technical, and academic communities on matters relating to the efforts of adversaries of the United States to acquire critical United States technology, intellectual property, and research and development information.
(c) Contents.—The report required by subsection (b) shall include the following:
(1) A review of the current outreach efforts of the intelligence community and the Defense Intelligence Enterprise described in subsection (b), including the type of information conveyed in the outreach.
(2) A determination of the appropriate element of the intelligence community to lead such outreach efforts.
(3) An assessment of potential methods for improving the effectiveness of such outreach, including an assessment of the following:
(A) Those critical technologies, infrastructure, or related supply chains that are at risk from the efforts of adversaries described in subsection (b).
(B) The necessity and advisability of granting security clearances to company or community leadership, when necessary and appropriate, to allow for tailored classified briefings on specific targeted threats.
(C) The advisability of partnering with entities of the Federal Government that are not elements of the intelligence community and relevant regulatory and industry groups described in subsection (b), to convey key messages across sectors targeted by United States adversaries.
(D) Strategies to assist affected elements of the communities described in subparagraph (C) in mitigating, deterring, and protecting against the broad range of threats from the efforts of adversaries described in subsection (b), with focus on producing information that enables private entities to justify business decisions related to national security concerns.
(E) The advisability of the establishment of a United States Government-wide task force to coordinate outreach and activities to combat the threats from efforts of adversaries described in subsection (b).
(F) Such other matters as the Director of National Intelligence may consider necessary.
(d) Consultation encouraged.—In preparing the report required by subsection (b), the Director is encouraged to consult with other government agencies, think tanks, academia, representatives of the financial industry, or such other entities as the Director considers appropriate.
(e) Form.—The report required by subsection (b) shall be submitted in unclassified form, but may include a classified annex as necessary.
(a) Definitions.—In this section:
(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—
(A) the Committee on Armed Services, the Committee on Foreign Relations, and the Select Committee on Intelligence of the Senate; and
(B) the Committee on Armed Services, the Committee on Foreign Affairs, and the Permanent Select Committee on Intelligence of the House of Representatives.
(2) ARMS OR RELATED MATERIAL.—The term “arms or related material” means—
(A) nuclear, biological, chemical, or radiological weapons or materials or components of such weapons;
(B) ballistic or cruise missile weapons or materials or components of such weapons;
(C) destabilizing numbers and types of advanced conventional weapons;
(D) defense articles or defense services, as those terms are defined in paragraphs (3) and (4), respectively, of section 47 of the Arms Export Control Act (22 U.S.C. 2794);
(E) defense information, as that term is defined in section 644 of the Foreign Assistance Act of 1961 (22 U.S.C. 2403); or
(F) items designated by the President for purposes of the United States Munitions List under section 38(a)(1) of the Arms Export Control Act (22 U.S.C. 2778(a)(1)).
(b) Report required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the appropriate committees of Congress a report on Iranian support of proxy forces in Syria and Lebanon and the threat posed to Israel, other United States regional allies, and other specified interests of the United States as a result of such support.
(c) Matters for inclusion.—The report required under subsection (b) shall include information relating to the following matters with respect to both the strategic and tactical implications for the United States and its allies:
(1) A description of arms or related materiel transferred by Iran to Hizballah since March 2011, including the number of such arms or related materiel and whether such transfer was by land, sea, or air, as well as financial and additional technological capabilities transferred by Iran to Hizballah.
(2) A description of Iranian and Iranian-controlled personnel, including Hizballah, Shiite militias, and Iran’s Revolutionary Guard Corps forces, operating within Syria, including the number and geographic distribution of such personnel operating within 30 kilometers of the Israeli borders with Syria and Lebanon.
(3) An assessment of Hizballah’s operational lessons learned based on its recent experiences in Syria.
(4) A description of any rocket-producing facilities in Lebanon for nonstate actors, including whether such facilities were assessed to be built at the direction of Hizballah leadership, Iranian leadership, or in consultation between Iranian leadership and Hizballah leadership.
(5) An analysis of the foreign and domestic supply chains that significantly facilitate, support, or otherwise aid Hizballah’s acquisition or development of missile production facilities, including the geographic distribution of such foreign and domestic supply chains.
(6) An assessment of the provision of goods, services, or technology transferred by Iran or its affiliates to Hizballah to indigenously manufacture or otherwise produce missiles.
(7) An identification of foreign persons that are based on credible information, facilitating the transfer of significant financial support or arms or related materiel to Hizballah.
(8) A description of the threat posed to Israel and other United States allies in the Middle East by the transfer of arms or related material or other support offered to Hizballah and other proxies from Iran.
(d) Form of report.—The report required under subsection (b) shall be submitted in unclassified form, but may include a classified annex.
(a) Annual report required.—Not later than 90 days after the date of the enactment of this Act and not less frequently than once each year thereafter, the Director of National Intelligence shall submit to Congress a report describing Iranian expenditures in the previous calendar year on military and terrorist activities outside the country, including each of the following:
(1) The amount spent in such calendar year on activities by the Islamic Revolutionary Guard Corps, including activities providing support for—
(A) Hizballah;
(B) Houthi rebels in Yemen;
(C) Hamas;
(D) proxy forces in Iraq and Syria; or
(E) any other entity or country the Director determines to be relevant.
(2) The amount spent in such calendar year for ballistic missile research and testing or other activities that the Director determines are destabilizing to the Middle East region.
(b) Form.—The report required under subsection (a) shall be submitted in unclassified form, but may include a classified annex.
(a) Scope of committee to counter active measures.—
(1) IN GENERAL.—Section 501 of the Intelligence Authorization Act for Fiscal Year 2017 (Public Law 115–31; 50 U.S.C. 3001 note) is amended—
(A) in subsections (a) through (h)—
(i) by inserting “, the People's Republic of China, the Islamic Republic of Iran, the Democratic People's Republic of Korea, or other nation state” after “Russian Federation” each place it appears; and
(ii) by inserting “, China, Iran, North Korea, or other nation state” after “Russia” each place it appears; and
(B) in the section heading, by inserting “, the People's Republic of China, the Islamic Republic of Iran, the Democratic People's Republic of Korea, or other nation state” after “Russian Federation”.
(2) CLERICAL AMENDMENT.—The table of contents in section 1(b) of such Act is amended by striking the item relating to section 501 and inserting the following new item:
“Sec. 501. Committee to counter active measures by the Russian Federation, the People's Republic of
China, the Islamic Republic of Iran, the Democratic People's Republic of
Korea, and other nation states to exert covert influence over peoples and
governments.”.
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with such elements of the intelligence community as the Director considers relevant, shall submit to the congressional intelligence committees a report on the feasibility and advisability of establishing a center, to be known as the “Foreign Malign Influence Response Center”, that—
(A) is comprised of analysts from all appropriate elements of the intelligence community, including elements with related diplomatic and law enforcement functions;
(B) has access to all intelligence and other reporting acquired by the United States Government on foreign efforts to influence, through overt and covert malign activities, United States political processes and elections;
(C) provides comprehensive assessment, and indications and warning, of such activities; and
(D) provides for enhanced dissemination of such assessment to United States policy makers.
(2) CONTENTS.—The Report required by paragraph (1) shall include the following:
(A) A discussion of the desirability of the establishment of such center and any barriers to such establishment.
(B) Such recommendations and other matters as the Director considers appropriate.
Section 11001(d) of title 5, United States Code, is amended—
(1) in the subsection heading, by striking “Audit” and inserting “Review”;
(2) in paragraph (1), by striking “audit” and inserting “review”; and
(3) in paragraph (2), by striking “audit” and inserting “review”.
(a) Definitions.—In this section:
(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and Governmental Affairs of the Senate; and
(C) the Committee on Homeland Security of the House of Representatives.
(2) HOMELAND SECURITY INTELLIGENCE ENTERPRISE.—The term “Homeland Security Intelligence Enterprise” has the meaning given such term in Department of Homeland Security Instruction Number 264–01–001, or successor authority.
(b) Report required.—Not later than 120 days after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Under Secretary of Homeland Security for Intelligence and Analysis, shall submit to the appropriate committees of Congress a report on the authorities of the Under Secretary.
(c) Elements.—The report required by subsection (b) shall include each of the following:
(1) An analysis of whether the Under Secretary has the legal and policy authority necessary to organize and lead the Homeland Security Intelligence Enterprise, with respect to intelligence, and, if not, a description of—
(A) the obstacles to exercising the authorities of the Chief Intelligence Officer of the Department and the Homeland Security Intelligence Council, of which the Chief Intelligence Officer is the chair; and
(B) the legal and policy changes necessary to effectively coordinate, organize, and lead intelligence activities of the Department of Homeland Security.
(2) A description of the actions that the Secretary has taken to address the inability of the Under Secretary to require components of the Department, other than the Office of Intelligence and Analysis of the Department to—
(A) coordinate intelligence programs; and
(B) integrate and standardize intelligence products produced by such other components.
(a) Report.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the potential establishment of a fully voluntary exchange program between elements of the intelligence community and private technology companies under which—
(1) an employee of an element of the intelligence community with demonstrated expertise and work experience in cybersecurity or related disciplines may elect to be temporarily detailed to a private technology company that has elected to receive the detailee; and
(2) an employee of a private technology company with demonstrated expertise and work experience in cybersecurity or related disciplines may elect to be temporarily detailed to an element of the intelligence community that has elected to receive the detailee.
(b) Elements.—The report under subsection (a) shall include the following:
(1) An assessment of the feasibility of establishing the exchange program described in such subsection.
(2) Identification of any challenges in establishing the exchange program.
(3) An evaluation of the benefits to the intelligence community that would result from the exchange program.
(a) Review of whistleblower matters.—The Inspector General of the Intelligence Community, in consultation with the inspectors general for the Central Intelligence Agency, the National Security Agency, the National Geospatial-Intelligence Agency, the Defense Intelligence Agency, and the National Reconnaissance Office, shall conduct a review of the authorities, policies, investigatory standards, and other practices and procedures relating to intelligence community whistleblower matters, with respect to such inspectors general.
(b) Objective of review.—The objective of the review required under subsection (a) is to identify any discrepancies, inconsistencies, or other issues, which frustrate the timely and effective reporting of intelligence community whistleblower matters to appropriate inspectors general and to the congressional intelligence committees, and the fair and expeditious investigation and resolution of such matters.
(c) Conduct of review.—The Inspector General of the Intelligence Community shall take such measures as the Inspector General determines necessary in order to ensure that the review required by subsection (a) is conducted in an independent and objective fashion.
(d) Report.—Not later than 270 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a written report containing the results of the review required under subsection (a), along with recommendations to improve the timely and effective reporting of intelligence community whistleblower matters to inspectors general and to the congressional intelligence committees and the fair and expeditious investigation and resolution of such matters.
(a) Report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in consultation with the heads of the elements of the intelligence community determined appropriate by the Director, shall submit to the congressional intelligence committees a report on the role of the Director in preparing analytic materials in connection with the evaluation by the Federal Government of national security risks associated with potential foreign investments into the United States.
(b) Elements.—The report under subsection (a) shall include—
(1) a description of the current process for the provision of the analytic materials described in subsection (a);
(2) an identification of the most significant benefits and drawbacks of such process with respect to the role of the Director, including the sufficiency of resources and personnel to prepare such materials; and
(3) recommendations to improve such process.
(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means the following:
(1) The congressional intelligence committees.
(2) The Committee on the Judiciary and the Committee on Homeland Security and Governmental Affairs of the Senate.
(3) The Committee on the Judiciary and the Committee on Homeland Security of the House of Representatives.
(b) Report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall, in coordination with the Director of the Central Intelligence Agency, the Director of the National Security Agency, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security, submit to the appropriate congressional committees a report describing—
(1) any attempts known to the intelligence community by foreign governments to exploit cybersecurity vulnerabilities in United States telecommunications networks (including Signaling System No. 7) to target for surveillance United States persons, including employees of the Federal Government; and
(2) any actions, as of the date of the enactment of this Act, taken by the intelligence community to protect agencies and personnel of the United States Government from surveillance conducted by foreign governments.
(a) Intelligence community interagency working group.—
(1) REQUIREMENT TO ESTABLISH.—The Director of National Intelligence shall establish an intelligence community interagency working group to prepare the biennial reports required by subsection (b).
(2) CHAIRPERSON.—The Director of National Intelligence shall serve as the chairperson of such interagency working group.
(3) MEMBERSHIP.—Such interagency working group shall be composed of representatives of each element of the intelligence community that the Director of National Intelligence determines appropriate.
(b) Biennial report on foreign investment risks.—
(1) REPORT REQUIRED.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives a report on foreign investment risks prepared by the interagency working group established under subsection (a).
(2) ELEMENTS.—Each report required by paragraph (1) shall include identification, analysis, and explanation of the following:
(A) Any current or projected major threats to the national security of the United States with respect to foreign investment.
(B) Any strategy used by a foreign country that such interagency working group has identified to be a country of special concern to use foreign investment to target the acquisition of critical technologies, critical materials, or critical infrastructure.
(C) Any economic espionage efforts directed at the United States by a foreign country, particularly such a country of special concern.
Section 502(d)(2) of the Intelligence Authorization Act for Fiscal Year 2017 (Public Law 115–31) is amended by striking “the number” and inserting “a best estimate”.
(a) In general.—Title XI of the National Security Act of 1947 (50 U.S.C. 3231 et seq.) is amended by adding at the end the following new section:
“(a) Definitions.—In this section:
“(1) COVERED OFFICIAL.—The term ‘covered official’ means—
“(A) the heads of each element of the intelligence community; and
“(B) the inspectors general with oversight responsibility for an element of the intelligence community.
“(2) INVESTIGATION.—The term ‘investigation’ means any inquiry, whether formal or informal, into the existence of an unauthorized public disclosure of classified information.
“(3) UNAUTHORIZED DISCLOSURE OF CLASSIFIED INFORMATION.—The term ‘unauthorized disclosure of classified information’ means any unauthorized disclosure of classified information to any recipient.
“(4) UNAUTHORIZED PUBLIC DISCLOSURE OF CLASSIFIED INFORMATION.—The term ‘unauthorized public disclosure of classified information’ means the unauthorized disclosure of classified information to a journalist or media organization.
“(b) Intelligence community reporting.—
“(1) IN GENERAL.—Not less frequently than once every 6 months, each covered official shall submit to the congressional intelligence committees a report on investigations of unauthorized public disclosures of classified information.
“(2) ELEMENTS.—Each report submitted under paragraph (1) shall include, with respect to the preceding 6-month period, the following:
“(A) The number of investigations opened by the covered official regarding an unauthorized public disclosure of classified information.
“(B) The number of investigations completed by the covered official regarding an unauthorized public disclosure of classified information.
“(C) Of the number of such completed investigations identified under subparagraph (B), the number referred to the Attorney General for criminal investigation.
“(c) Department of Justice reporting.—
“(1) IN GENERAL.—Not less frequently than once every 6 months, the Assistant Attorney General for National Security of the Department of Justice, in consultation with the Director of the Federal Bureau of Investigation, shall submit to the congressional intelligence committees, the Committee on the Judiciary of the Senate, and the Committee on the Judiciary of the House of Representatives a report on the status of each referral made to the Department of Justice from any element of the intelligence community regarding an unauthorized disclosure of classified information made during the most recent 365-day period or any referral that has not yet been closed, regardless of the date the referral was made.
“(2) CONTENTS.—Each report submitted under paragraph (1) shall include, for each referral covered by the report, at a minimum, the following:
“(A) The date the referral was received.
“(B) A statement indicating whether the alleged unauthorized disclosure described in the referral was substantiated by the Department of Justice.
“(C) A statement indicating the highest level of classification of the information that was revealed in the unauthorized disclosure.
“(D) A statement indicating whether an open criminal investigation related to the referral is active.
“(E) A statement indicating whether any criminal charges have been filed related to the referral.
“(F) A statement indicating whether the Department of Justice has been able to attribute the unauthorized disclosure to a particular entity or individual.
“(d) Form of reports.—Each report submitted under this section shall be submitted in unclassified form, but may have a classified annex.”.
(b) Clerical amendment.—The table of contents in the first section of the National Security Act of 1947 is amended by inserting after the item relating to section 1104 the following new item:
(a) Covered intelligence officer defined.—In this section, the term “covered intelligence officer” means—
(1) a United States intelligence officer serving in a post in a foreign country; or
(2) a known or suspected foreign intelligence officer serving in a United States post.
(b) Requirement for reports.—Not later than 72 hours after a covered intelligence officer is designated as a persona non grata, the Director of National Intelligence, in consultation with the Secretary of State, shall submit to the congressional intelligence committees, the Committee on Foreign Relations of the Senate, and the Committee on Foreign Affairs of the House of Representatives a notification of that designation. Each such notification shall include—
(1) the date of the designation;
(2) the basis for the designation; and
(3) a justification for the expulsion.
(a) Definitions.—In this section:
(1) VULNERABILITIES EQUITIES POLICY AND PROCESS DOCUMENT.—The term “Vulnerabilities Equities Policy and Process document” means the executive branch document entitled “Vulnerabilities Equities Policy and Process” dated November 15, 2017.
(2) VULNERABILITIES EQUITIES PROCESS.—The term “Vulnerabilities Equities Process” means the interagency review of vulnerabilities, pursuant to the Vulnerabilities Equities Policy and Process document or any successor document.
(3) VULNERABILITY.—The term “vulnerability” means a weakness in an information system or its components (for example, system security procedures, hardware design, and internal controls) that could be exploited or could affect confidentiality, integrity, or availability of information.
(b) Reports on process and criteria under Vulnerabilities Equities Policy and Process.—
(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a written report describing—
(A) with respect to each element of the intelligence community—
(i) the title of the official or officials responsible for determining whether, pursuant to criteria contained in the Vulnerabilities Equities Policy and Process document or any successor document, a vulnerability must be submitted for review under the Vulnerabilities Equities Process; and
(ii) the process used by such element to make such determination; and
(B) the roles or responsibilities of that element during a review of a vulnerability submitted to the Vulnerabilities Equities Process.
(2) CHANGES TO PROCESS OR CRITERIA.—Not later than 30 days after any significant change is made to the process and criteria used by any element of the intelligence community for determining whether to submit a vulnerability for review under the Vulnerabilities Equities Process, such element shall submit to the congressional intelligence committees a report describing such change.
(3) FORM OF REPORTS.—Each report submitted under this subsection shall be submitted in unclassified form, but may include a classified annex.
(1) IN GENERAL.—Not less frequently than once each calendar year, the Director of National Intelligence shall submit to the congressional intelligence committees a classified report containing, with respect to the previous year—
(A) the number of vulnerabilities submitted for review under the Vulnerabilities Equities Process;
(B) the number of vulnerabilities described in subparagraph (A) disclosed to each vendor responsible for correcting the vulnerability, or to the public, pursuant to the Vulnerabilities Equities Process; and
(C) the aggregate number, by category, of the vulnerabilities excluded from review under the Vulnerabilities Equities Process, as described in paragraph 5.4 of the Vulnerabilities Equities Policy and Process document.
(2) UNCLASSIFIED INFORMATION.—Each report submitted under paragraph (1) shall include an unclassified appendix that contains—
(A) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process; and
(B) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process known to have been patched.
(3) NON-DUPLICATION.—The Director of National Intelligence may forgo submission of an annual report required under this subsection for a calendar year, if the Director notifies the intelligence committees in writing that, with respect to the same calendar year, an annual report required by paragraph 4.3 of the Vulnerabilities Equities Policy and Process document already has been submitted to Congress, and such annual report contains the information that would otherwise be required to be included in an annual report under this subsection.
(a) Reports required.—Not later than October 1, 2019, each Inspector General listed in subsection (b) shall submit to the congressional intelligence committees a report that includes, with respect to the department or agency of the Inspector General, analyses of the following:
(1) The accuracy of the application of classification and handling markers on a representative sample of finished reports, including such reports that are compartmented.
(2) Compliance with declassification procedures.
(3) The effectiveness of processes for identifying topics of public or historical importance that merit prioritization for a declassification review.
(b) Inspectors General listed.—The Inspectors General listed in this subsection are as follows:
(1) The Inspector General of the Intelligence Community.
(2) The Inspector General of the Central Intelligence Agency.
(3) The Inspector General of the National Security Agency.
(4) The Inspector General of the Defense Intelligence Agency.
(5) The Inspector General of the National Reconnaissance Office.
(6) The Inspector General of the National Geospatial-Intelligence Agency.
(a) Reports on global water insecurity and national security implications.—
(1) REPORTS REQUIRED.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 5 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the implications of water insecurity on the national security interest of the United States, including consideration of social, economic, agricultural, and environmental factors.
(2) ASSESSMENT SCOPE AND FOCUS.—Each report submitted under paragraph (1) shall include an assessment of water insecurity described in such subsection with a global scope, but focus on areas of the world—
(A) of strategic, economic, or humanitarian interest to the United States—
(i) that are, as of the date of the report, at the greatest risk of instability, conflict, human insecurity, or mass displacement; or
(ii) where challenges relating to water insecurity are likely to emerge and become significant during the 5-year or the 20-year period beginning on the date of the report; and
(B) where challenges relating to water insecurity are likely to imperil the national security interests of the United States or allies of the United States.
(3) CONSULTATION.—In researching a report required by paragraph (1), the Director shall consult with—
(A) such stakeholders within the intelligence community, the Department of Defense, and the Department of State as the Director considers appropriate; and
(B) such additional Federal agencies and persons in the private sector as the Director considers appropriate.
(4) FORM.—Each report submitted under paragraph (1) shall be submitted in unclassified form, but may include a classified annex.
(b) Briefing on emerging infectious disease and pandemics.—
(1) APPROPRIATE CONGRESSIONAL COMMITTEES DEFINED.—In this subsection, the term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Foreign Affairs, the Committee on Armed Services, and the Committee on Appropriations of the House of Representatives; and
(C) the Committee on Foreign Relations, the Committee on Armed Services, and the Committee on Appropriations of the Senate.
(2) BRIEFING.—Not later than 120 days after the date of the enactment of this Act, the Director of National Intelligence shall provide to the appropriate congressional committees a briefing on the anticipated geopolitical effects of emerging infectious disease (including deliberate, accidental, and naturally occurring infectious disease threats) and pandemics, and their implications on the national security of the United States.
(3) CONTENT.—The briefing under paragraph (2) shall include an assessment of—
(A) the economic, social, political, and security risks, costs, and impacts of emerging infectious diseases on the United States and the international political and economic system;
(B) the economic, social, political, and security risks, costs, and impacts of a major transnational pandemic on the United States and the international political and economic system; and
(C) contributing trends and factors to the matters assessed under subparagraphs (A) and (B).
(4) EXAMINATION OF RESPONSE CAPACITY.—In examining the risks, costs, and impacts of emerging infectious disease and a possible transnational pandemic under paragraph (3), the Director of National Intelligence shall also examine in the briefing under paragraph (2) the response capacity within affected countries and the international system. In considering response capacity, the Director shall include—
(A) the ability of affected nations to effectively detect and manage emerging infectious diseases and a possible transnational pandemic;
(B) the role and capacity of international organizations and nongovernmental organizations to respond to emerging infectious disease and a possible pandemic, and their ability to coordinate with affected and donor nations; and
(C) the effectiveness of current international frameworks, agreements, and health systems to respond to emerging infectious diseases and a possible transnational pandemic.
(5) FORM.—The briefing under paragraph (2) may be classified.
Section 311 of the Intelligence Authorization Act for Fiscal Year 2017 (50 U.S.C. 3313) is amended—
(1) by redesignating subsection (b) as subsection (c); and
(2) by striking subsection (a) and inserting the following:
“(a) In general.—Each year, concurrent with the annual budget request submitted by the President to Congress under section 1105 of title 31, United States Code, each head of an element of the intelligence community shall submit to the congressional intelligence committees a report that lists each memorandum of understanding or other agreement regarding significant operational activities or policy entered into during the most recently completed fiscal year between or among such element and any other entity of the United States Government.
“(b) Provision of documents.—Each head of an element of an intelligence community who receives a request from the Select Committee on Intelligence of the Senate or the Permanent Select Committee on Intelligence of the House of Representatives for a copy of a memorandum of understanding or other document listed in a report submitted by the head under subsection (a) shall submit to such committee the requested copy as soon as practicable after receiving such request.”.
(a) Study required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall complete a study on the feasibility of encrypting unclassified wireline and wireless telephone calls between personnel in the intelligence community.
(b) Report.—Not later than 90 days after the date on which the Director completes the study required by subsection (a), the Director shall submit to the congressional intelligence committees a report on the Director's findings with respect to such study.
(a) Expansion of period of report.—Subsection (a) of section 114 of the National Security Act of 1947 (50 U.S.C. 3050) is amended by inserting “and the preceding 5 fiscal years” after “fiscal year”.
(b) Clarification on disaggregation of data.—Subsection (b) of such section is amended, in the matter before paragraph (1), by striking “disaggregated data by category of covered person from each element of the intelligence community” and inserting “data, disaggregated by category of covered person and by element of the intelligence community,”.
(a) Sense of Congress.—It is the sense of Congress that—
(1) there should be established, through the issuing of an Intelligence Community Directive or otherwise, an intelligence community-wide program for student loan repayment, student loan forgiveness, financial counseling, and related matters, for employees of the intelligence community;
(2) creating such a program would enhance the ability of the elements of the intelligence community to recruit, hire, and retain highly qualified personnel, including with respect to mission-critical and hard-to-fill positions;
(3) such a program, including with respect to eligibility requirements, should be designed so as to maximize the ability of the elements of the intelligence community to recruit, hire, and retain highly qualified personnel, including with respect to mission-critical and hard-to-fill positions; and
(4) to the extent possible, such a program should be uniform throughout the intelligence community and publicly promoted by each element of the intelligence community to both current employees of the element as well as to prospective employees of the element.
(b) Report on potential intelligence community-wide program.—
(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in cooperation with the heads of the elements of the intelligence community and the heads of any other appropriate department or agency of the Federal Government, shall submit to the congressional intelligence committees a report on potentially establishing and carrying out an intelligence community-wide program for student loan repayment, student loan forgiveness, financial counseling, and related matters, as described in subsection (a).
(2) MATTERS INCLUDED.—The report under paragraph (1) shall include, at a minimum, the following:
(A) A description of the financial resources that the elements of the intelligence community would require to establish and initially carry out the program specified in paragraph (1).
(B) A description of the practical steps to establish and carry out such a program.
(C) The identification of any legislative action the Director determines necessary to establish and carry out such a program.
(c) Annual reports on established programs.—
(1) COVERED PROGRAMS DEFINED.—In this subsection, the term “covered programs” means any loan repayment program, loan forgiveness program, financial counseling program, or similar program, established pursuant to title X of the National Security Act of 1947 (50 U.S.C. 3191 et seq.) or any other provision of law that may be administered or used by an element of the intelligence community.
(2) ANNUAL REPORTS REQUIRED.—Not less frequently than once each year, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the covered programs. Each such report shall include, with respect to the period covered by the report, the following:
(A) The number of personnel from each element of the intelligence community who used each covered program.
(B) The total amount of funds each element expended for each such program.
(C) A description of the efforts made by each element to promote each covered program pursuant to both the personnel of the element of the intelligence community and to prospective personnel.
(a) Correcting long-standing material weaknesses.—Section 368 of the Intelligence Authorization Act for Fiscal Year 2010 (Public Law 110–259; 50 U.S.C. 3051 note) is hereby repealed.
(b) Interagency threat assessment and coordination group.—Section 210D of the Homeland Security Act of 2002 (6 U.S.C. 124k) is amended—
(1) by striking subsection (c); and
(2) by redesignating subsections (d) through (i) as subsections (c) through (h), respectively; and
(3) in subsection (c), as so redesignated—
(A) in paragraph (8), by striking “; and” and inserting a period; and
(B) by striking paragraph (9).
(c) Inspector General report.—Section 8H of the Inspector General Act of 1978 (5 U.S.C. App.) is amended—
(1) by striking subsection (g); and
(2) by redesignating subsections (h) and (i) as subsections (g) and (h), respectively.
(a) Senior Executive Service position defined.—In this section, the term “Senior Executive Service position” has the meaning given that term in section 3132(a)(2) of title 5, United States Code, and includes any position above the GS–15, step 10, level of the General Schedule under section 5332 of such title.
(b) Report.—Not later than 90 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a report on the number of Senior Executive Service positions in the Office of the Director of National Intelligence.
(c) Matters included.—The report under subsection (b) shall include the following:
(1) The number of required Senior Executive Service positions for the Office of the Director of National Intelligence.
(2) Whether such requirements are reasonably based on the mission of the Office.
(3) A discussion of how the number of the Senior Executive Service positions in the Office compare to the number of senior positions at comparable organizations.
(d) Cooperation.—The Director of National Intelligence shall provide to the Inspector General of the Intelligence Community any information requested by the Inspector General of the Intelligence Community that is necessary to carry out this section by not later than 14 calendar days after the date on which the Inspector General of the Intelligence Community makes such request.
Not later than 30 days after the date of the enactment of this Act, the Director of the Federal Bureau of Investigation shall provide to the congressional intelligence committees a briefing on the ability of the Federal Bureau of Investigation to offer, as an inducement to assisting the Bureau, permanent residence within the United States to foreign individuals who are sources or cooperators in counterintelligence or other national security-related investigations. The briefing shall address the following:
(1) The extent to which the Bureau may make such offers, whether independently or in conjunction with other agencies and departments of the United States Government, including a discussion of the authorities provided by section 101(a)(15)(S) of the Immigration and Nationality Act (8 U.S.C. 1101(a)(15)(S)), section 7 of the Central Intelligence Agency Act (50 U.S.C. 3508), and any other provision of law under which the Bureau may make such offers.
(2) An overview of the policies and operational practices of the Bureau with respect to making such offers.
(3) The sufficiency of such policies and practices with respect to inducing individuals to cooperate with, serve as sources for such investigations, or both.
(4) Whether the Director recommends any legislative actions to improve such policies and practices, particularly with respect to the counterintelligence efforts of the Bureau.
(a) Assessment required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Assistant Secretary of State for Intelligence and Research and the Assistant Secretary of the Treasury for Intelligence and Analysis, shall produce an intelligence assessment of the revenue sources of the North Korean regime. Such assessment shall include revenue from the following sources:
(1) Trade in coal, iron, and iron ore.
(2) The provision of fishing rights to North Korean territorial waters.
(3) Trade in gold, titanium ore, vanadium ore, copper, silver, nickel, zinc, or rare earth minerals, and other stores of value.
(4) Trade in textiles.
(5) Sales of conventional defense articles and services.
(6) Sales of controlled goods, ballistic missiles, and other associated items.
(7) Other types of manufacturing for export, as the Director of National Intelligence considers appropriate.
(8) The exportation of workers from North Korea in a manner intended to generate significant revenue, directly or indirectly, for use by the government of North Korea.
(9) The provision of nonhumanitarian goods (such as food, medicine, and medical devices) and services by other countries.
(10) The provision of services, including banking and other support, including by entities located in the Russian Federation, China, and Iran.
(11) Online commercial activities of the Government of North Korea, including online gambling.
(12) Criminal activities, including cyber-enabled crime and counterfeit goods.
(b) Elements.—The assessment required under subsection (a) shall include an identification of each of the following:
(1) The sources of North Korea’s funding.
(2) Financial and non-financial networks, including supply chain management, transportation, and facilitation, through which North Korea accesses the United States and international financial systems and repatriates and exports capital, goods, and services; and
(3) the global financial institutions, money services business, and payment systems that assist North Korea with financial transactions.
(c) Submittal to congress.—Upon completion of the assessment required under subsection (a), the Director of National Intelligence shall submit to the congressional intelligence committees a copy of such assessment.
(a) Short title.—This section may be cited as the “Stop Terrorist Use of Virtual Currencies Act”.
(b) Report.—Not later than 1 year after the date of the enactment of this Act, the Director of National Intelligence, in consultation with the Secretary of the Treasury, shall submit to Congress a report on the possible exploitation of virtual currencies by terrorist actors. Such report shall include the following elements:
(1) An assessment of the means and methods by which international terrorist organizations and State sponsors of terrorism use virtual currencies.
(2) An assessment of the use by terrorist organizations and State sponsors of terrorism of virtual currencies compared to the use by such organizations and States of other forms of financing to support operations, including an assessment of the collection posture of the intelligence community on the use of virtual currencies by such organizations and States.
(3) A description of any existing legal impediments that inhibit or prevent the intelligence community from collecting information on or helping prevent the use of virtual currencies by international terrorist organizations and State sponsors of terrorism and an identification of any gaps in existing law that could be exploited for illicit funding by such organizations and States.
(c) Form of report.—The report required by subsection (b) shall be submitted in unclassified form, but may include a classified annex.
Section 710(b) of the Public Interest Declassification Act of 2000 (Public Law 106–567; 50 U.S.C. 3161 note) is amended by striking “December 31, 2018” and inserting “December 31, 2028”.
(a) Definitions.—In this section:
(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and Governmental Affairs and the Committee on Energy and Natural Resources of the Senate; and
(C) the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives.
(2) COVERED ENTITY.—The term “covered entity” means an entity identified pursuant to section 9(a) of Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11742), relating to identification of critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.
(3) EXPLOIT.—The term “exploit” means a software tool designed to take advantage of a security vulnerability.
(4) INDUSTRIAL CONTROL SYSTEM.—The term “industrial control system” means an operational technology used to measure, control, or manage industrial functions, and includes supervisory control and data acquisition systems, distributed control systems, and programmable logic or embedded controllers.
(5) NATIONAL LABORATORY.—The term “National Laboratory” has the meaning given the term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801).
(6) PROGRAM.—The term “Program” means the pilot program established under subsection (b).
(7) SECRETARY.—Except as otherwise specifically provided, the term “Secretary” means the Secretary of Energy.
(8) SECURITY VULNERABILITY.—The term “security vulnerability” means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.
(b) Pilot program for securing energy infrastructure.—Not later than 180 days after the date of the enactment of this Act, the Secretary shall establish a 2-year control systems implementation pilot program within the National Laboratories for the purposes of—
(1) partnering with covered entities in the energy sector (including critical component manufacturers in the supply chain) that voluntarily participate in the Program to identify new classes of security vulnerabilities of the covered entities; and
(2) evaluating technology and standards, in partnership with covered entities, to isolate and defend industrial control systems of covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities, including—
(A) analog and nondigital control systems;
(B) purpose-built control systems; and
(C) physical controls.
(c) Working group to evaluate program standards and develop strategy.—
(1) ESTABLISHMENT.—The Secretary shall establish a working group—
(A) to evaluate the technology and standards used in the Program under subsection (b)(2); and
(B) to develop a national cyber-informed engineering strategy to isolate and defend covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities.
(2) MEMBERSHIP.—The working group established under paragraph (1) shall be composed of not fewer than 10 members, to be appointed by the Secretary, at least 1 member of which shall represent each of the following:
(A) The Department of Energy.
(B) The energy industry, including electric utilities and manufacturers recommended by the Energy Sector coordinating councils.
(C) (i) The Department of Homeland Security; or
(ii) the Industrial Control Systems Cyber Emergency Response Team.
(D) The North American Electric Reliability Corporation.
(E) The Nuclear Regulatory Commission.
(F) (i) The Office of the Director of National Intelligence; or
(ii) the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)).
(G) (i) The Department of Defense; or
(ii) the Assistant Secretary of Defense for Homeland Security and America's Security Affairs.
(H) A State or regional energy agency.
(I) A national research body or academic institution.
(J) The National Laboratories.
(1) INTERIM REPORT.—Not later than 180 days after the date on which funds are first disbursed under the Program, the Secretary shall submit to the appropriate congressional committees an interim report that—
(A) describes the results of the Program;
(B) includes an analysis of the feasibility of each method studied under the Program; and
(C) describes the results of the evaluations conducted by the working group established under subsection (c)(1).
(2) FINAL REPORT.—Not later than 2 years after the date on which funds are first disbursed under the Program, the Secretary shall submit to the appropriate congressional committees a final report that—
(A) describes the results of the Program;
(B) includes an analysis of the feasibility of each method studied under the Program; and
(C) describes the results of the evaluations conducted by the working group established under subsection (c)(1).
(e) Exemption from disclosure.—Information shared by or with the Federal Government or a State, Tribal, or local government under this section—
(1) shall be deemed to be voluntarily shared information;
(2) shall be exempt from disclosure under section 552 of title 5, United States Code, or any provision of any State, Tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring the disclosure of information or records; and
(3) shall be withheld from the public, without discretion, under section 552(b)(3) of title 5, United States Code, and any provision of any State, Tribal, or local law requiring the disclosure of information or records.
(f) Protection from liability.—
(1) IN GENERAL.—A cause of action against a covered entity for engaging in the voluntary activities authorized under subsection (b)—
(A) shall not lie or be maintained in any court; and
(B) shall be promptly dismissed by the applicable court.
(2) VOLUNTARY ACTIVITIES.—Nothing in this section subjects any covered entity to liability for not engaging in the voluntary activities authorized under subsection (b).
(g) No new regulatory authority for Federal agencies.—Nothing in this section authorizes the Secretary or the head of any other department or agency of the Federal Government to issue new regulations.
(h) Authorization of appropriations.—
(1) PILOT PROGRAM.—There is authorized to be appropriated $10,000,000 to carry out subsection (b).
(2) WORKING GROUP AND REPORT.—There is authorized to be appropriated $1,500,000 to carry out subsections (c) and (d).
(3) AVAILABILITY.—Amounts made available under paragraphs (1) and (2) shall remain available until expended.
(a) Definitions.—In this section:
(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—
(A) the congressional intelligence committees;
(B) the Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate; and
(C) the Committee on Armed Services and the Committee on Homeland Security of the House of Representatives.
(2) BUG BOUNTY PROGRAM.—The term “bug bounty program” means a program under which an approved computer security specialist or security researcher is temporarily authorized to identify and report vulnerabilities within the information system of an agency or department of the United States in exchange for compensation.
(3) INFORMATION SYSTEM.—The term “information system” has the meaning given that term in section 3502 of title 44, United States Code.
(1) REQUIREMENT.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Secretary of Defense, shall submit to appropriate committees of Congress a strategic plan for appropriate agencies and departments of the United States to implement bug bounty programs.
(2) CONTENTS.—The plan required by paragraph (1) shall include—
(i) the “Hack the Pentagon” pilot program carried out by the Department of Defense in 2016 and subsequent bug bounty programs in identifying and reporting vulnerabilities within the information systems of the Department of Defense; and
(ii) private sector bug bounty programs, including such programs implemented by leading technology companies in the United States; and
(B) recommendations on the feasibility of initiating bug bounty programs at appropriate agencies and departments of the United States.
(a) Civilian faculty members; employment and compensation.—
(1) IN GENERAL.—Section 1595(c) of title 10, United States Code, is amended by adding at the end the following:
“(5) The National Intelligence University.”.
(2) COMPENSATION PLAN.—The Secretary of Defense shall provide each person employed as a full-time professor, instructor, or lecturer at the National Intelligence University on the date of the enactment of this Act an opportunity to elect to be paid under the compensation plan in effect on the day before the date of the enactment of this Act (with no reduction in pay) or under the authority of section 1595 of title 10, United States Code, as amended by paragraph (1).
(b) Acceptance of faculty research grants.—Section 2161 of such title is amended by adding at the end the following:
“(d) Acceptance of faculty research grants.—The Secretary of Defense may authorize the President of the National Intelligence University to accept qualifying research grants in the same manner and to the same degree as the President of the National Defense University under section 2165(e) of this title.”.
(c) Pilot program on admission of private sector civilians to receive instruction.—
(A) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall commence carrying out a pilot program to assess the feasability and advisability of permitting eligible private sector employees who work in organizations relevant to national security to receive instruction at the National Intelligence University.
(B) DURATION.—The Secretary shall carry out the pilot program during the 3-year period beginning on the date of the commencement of the pilot program.
(C) EXISTING PROGRAM.—The Secretary shall carry out the pilot program in a manner that is consistent with section 2167 of title 10, United States Code.
(D) NUMBER OF PARTICIPANTS.—No more than the equivalent of 35 full-time student positions may be filled at any one time by private sector employees enrolled under the pilot program.
(E) DIPLOMAS AND DEGREES.—Upon successful completion of the course of instruction in which enrolled, any such private sector employee may be awarded an appropriate diploma or degree under section 2161 of title 10, United States Code.
(2) ELIGIBLE PRIVATE SECTOR EMPLOYEES.—
(A) IN GENERAL.—For purposes of this subsection, an eligible private sector employee is an individual employed by a private firm that is engaged in providing to the Department of Defense, the intelligence community, or other Government departments or agencies significant and substantial intelligence or defense-related systems, products, or services or whose work product is relevant to national security policy or strategy.
(B) LIMITATION.—Under this subsection, a private sector employee admitted for instruction at the National Intelligence University remains eligible for such instruction only so long as that person remains employed by the same firm, holds appropriate security clearances, and complies with any other applicable security protocols.
(3) ANNUAL CERTIFICATION BY SECRETARY OF DEFENSE.—Under the pilot program, private sector employees may receive instruction at the National Intelligence University during any academic year only if, before the start of that academic year, the Secretary of Defense determines, and certifies to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives, that providing instruction to private sector employees under this section during that year will further the national security interests of the United States.
(4) PILOT PROGRAM REQUIREMENTS.—The Secretary of Defense shall ensure that—
(A) the curriculum in which private sector employees may be enrolled under the pilot program is not readily available through other schools and concentrates on national security-relevant issues; and
(B) the course offerings at the National Intelligence University are determined by the needs of the Department of Defense and the intelligence community.
(5) TUITION.—The President of the National Intelligence University shall charge students enrolled under the pilot program a rate that—
(A) is at least the rate charged for employees of the United States outside the Department of Defense, less infrastructure costs; and
(B) considers the value to the school and course of the private sector student.
(6) STANDARDS OF CONDUCT.—While receiving instruction at the National Intelligence University, students enrolled under the pilot program, to the extent practicable, are subject to the same regulations governing academic performance, attendance, norms of behavior, and enrollment as apply to Government civilian employees receiving instruction at the university.
(A) IN GENERAL.—Amounts received by the National Intelligence University for instruction of students enrolled under the pilot program shall be retained by the university to defray the costs of such instruction.
(B) RECORDS.—The source, and the disposition, of such funds shall be specifically identified in records of the university.
(A) ANNUAL REPORTS.—Each academic year in which the pilot program is carried out, the Secretary shall submit to the congressional intelligence committees, the Committee on Armed Services of the Senate, and the Committee on Armed Services of the House of Representatives a report on the number of eligible private sector employees participating in the pilot program.
(B) FINAL REPORT.—Not later than 90 days after the date of the conclusion of the pilot program, the Secretary shall submit to the congressional intelligence committees, the Committee on Armed Services of the Senate, and the Committee on Armed Services of the House of Representatives a report on the findings of the Secretary with respect to the pilot program. Such report shall include—
(i) the findings of the Secretary with respect to the feasability and advisability of permitting eligible private sector employees who work in organizations relevant to national security to receive instruction at the National Intelligence University; and
(ii) a recommendation as to whether the pilot program should be extended.
(a) Table of contents.—The table of contents at the beginning of the National Security Act of 1947 (50 U.S.C. 3001 et seq.) is amended—
(1) by inserting after the item relating to section 2 the following new item:
“Sec. 3. Definitions.”;
(2) by striking the item relating to section 107;
(3) by striking the item relating to section 113B and inserting the following new item:
“Sec. 113B. Special pay authority for science, technology, engineering, or mathematics positions.”;
(4) by striking the items relating to sections 202, 203, 204, 208, 209, 210, 211, 212, 213, and 214; and
(5) by inserting after the item relating to section 311 the following new item:
“Sec. 312. Repealing and saving provisions.”.
(b) Other technical corrections.—Such Act is further amended—
(A) in subparagraph (G) of paragraph (1) of subsection (g), by moving the margins of such subparagraph 2 ems to the left; and
(B) in paragraph (3) of subsection (v), by moving the margins of such paragraph 2 ems to the left;
(A) by inserting “Sec. 106” before “(a)”; and
(B) in subparagraph (I) of paragraph (2) of subsection (b), by moving the margins of such subparagraph 2 ems to the left;
(3) by striking section 107;
(4) in section 108(c), by striking “in both a classified and an unclassified form” and inserting “to Congress in classified form, but may include an unclassified summary”;
(5) in section 112(c)(1), by striking “section 103(c)(7)” and inserting “section 102A(i)”;
(6) by amending section 201 to read as follows:
“SEC. 201. Department of Defense.
“Except to the extent inconsistent with the provisions of this Act or other provisions of law, the provisions of title 5, United States Code, shall be applicable to the Department of Defense.”;
(7) in section 205, by redesignating subsections (b) and (c) as subsections (a) and (b), respectively;
(8) in section 206, by striking “(a)”;
(9) in section 207, by striking “(c)”;
(10) in section 308(a), by striking “this Act” and inserting “sections 2, 101, 102, 103, and 303 of this Act”;
(11) by redesignating section 411 as section 312;
(A) in paragraph (5) of subsection (c)—
(i) by moving the margins of such paragraph 2 ems to the left; and
(ii) by moving the margins of subparagraph (B) of such paragraph 2 ems to the left; and
(B) in paragraph (2) of subsection (d), by moving the margins of such paragraph 2 ems to the left; and
(13) in subparagraph (B) of paragraph (3) of subsection (a) of section 504, by moving the margins of such subparagraph 2 ems to the right.
(a) National Nuclear Security Administration Act.—
(1) CLARIFICATION OF FUNCTIONS OF THE ADMINISTRATOR FOR NUCLEAR SECURITY.—Subsection (b) of section 3212 of the National Nuclear Security Administration Act (50 U.S.C. 2402(b)) is amended—
(A) by striking paragraphs (11) and (12); and
(B) by redesignating paragraphs (13) through (19) as paragraphs (11) through (17), respectively.
(2) COUNTERINTELLIGENCE PROGRAMS.—Section 3233(b) of the National Nuclear Security Administration Act (50 U.S.C. 2423(b)) is amended—
(A) by striking “Administration” and inserting “Department”; and
(B) by inserting “Intelligence and” after “the Office of”.
(b) Atomic Energy Defense Act.—Section 4524(b)(2) of the Atomic Energy Defense Act (50 U.S.C. 2674(b)(2)) is amended by inserting “Intelligence and” after “The Director of”.
(c) National Security Act of 1947.—Paragraph (2) of section 106(b) of the National Security Act of 1947 (50 U.S.C. 3041(b)(2)) is amended—
(1) in subparagraph (E), by inserting “and Counterintelligence” after “Office of Intelligence”;
(2) by striking subparagraph (F);
(3) by redesignating subparagraphs (G), (H), and (I) as subparagraphs (F), (G), and (H), respectively; and
(4) in subparagraph (H), as so redesignated, by realigning the margin of such subparagraph 2 ems to the left.
(a) Definitions.—In this section:
(1) ADVERSARY FOREIGN GOVERNMENT.—The term “adversary foreign government” means the government of any of the following foreign countries:
(A) North Korea.
(B) Iran.
(C) China.
(D) Russia.
(E) Cuba.
(2) COVERED CLASSIFIED INFORMATION.—The term “covered classified information” means classified information that was—
(A) collected by an element of the intelligence community; or
(B) provided by the intelligence service or military of a foreign country to an element of the intelligence community.
(3) ESTABLISHED INTELLIGENCE CHANNELS.—The term “established intelligence channels” means methods to exchange intelligence to coordinate foreign intelligence relationships, as established pursuant to law by the Director of National Intelligence, the Director of the Central Intelligence Agency, the Director of the National Security Agency, or other head of an element of the intelligence community.
(4) INDIVIDUAL IN THE EXECUTIVE BRANCH.—The term “individual in the executive branch” means any officer or employee of the executive branch, including individuals—
(A) occupying a position specified in article II of the Constitution;
(B) appointed to a position by an individual described in subparagraph (A); or
(C) serving in the civil service or the Senior Executive Service (or similar service for senior executives of particular departments or agencies).
(b) Findings.—Congress finds that section 502 of the National Security Act of 1947 (50 U.S.C. 3092) requires elements of the intelligence community to keep the congressional intelligence committees “fully and currently informed” about all “intelligence activities” of the United States, and to “furnish to the congressional intelligence committees any information or material concerning intelligence activities * * * which is requested by either of the congressional intelligence committees in order to carry out its authorized responsibilities.”.
(c) Sense of Congress.—It is the sense of Congress that—
(1) section 502 of the National Security Act of 1947 (50 U.S.C. 3092), together with other intelligence community authorities, obligates an element of the intelligence community to submit to the congressional intelligence committees written notification, by not later than 7 days after becoming aware, that an individual in the executive branch has disclosed covered classified information to an official of an adversary foreign government using methods other than established intelligence channels; and
(2) each such notification should include—
(A) the date and place of the disclosure of classified information covered by the notification;
(B) a description of such classified information;
(C) identification of the individual who made such disclosure and the individual to whom such disclosure was made; and
(D) a summary of the circumstances of such disclosure.
It is the sense of the Congress that the Secretary of State, in considering whether or not to provide a visa to a foreign individual to be accredited to a United Nations mission in the United States, should consider—
(1) known and suspected intelligence activities, espionage activities, including activities constituting precursors to espionage, carried out by the individual against the United States, foreign allies of the United States, or foreign partners of the United States; and
(2) the status of an individual as a known or suspected intelligence officer for a foreign adversary.
It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.
Calendar No. 97 | |||||
| |||||
A BILL | |||||
To authorize appropriations for fiscal years 2018, 2019, and 2020 for intelligence and
intelligence-related activities of the United States Government, the
Community Management Account, and the Central Intelligence Agency
Retirement and Disability System, and for other purposes. | |||||
May 22, 2019 | |||||
Read twice and placed on the calendar |