Calendar No. 679
117th CONGRESS 2d Session |
[Report No. 117–280]
To authorize the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to hold an annual cybersecurity competition relating to offensive and defensive cybersecurity disciplines, and for other purposes.
May 17, 2022
Received; read twice and referred to the Committee on Homeland Security and Governmental Affairs
December 19, 2022
Reported by Mr. Peters, with an amendment
[Strike out all after the enacting clause and insert the part printed in italic]
To authorize the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to hold an annual cybersecurity competition relating to offensive and defensive cybersecurity disciplines, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “President’s Cup Cybersecurity Competition Act”.
SEC. 2. President’s cup cybersecurity competition.
(a) In general.—The Director of the Cybersecurity and Infrastructure Security Agency (in this section referred to as the “Director”) of the Department of Homeland Security is authorized to hold an annual cybersecurity competition to be known as the “Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s President’s Cup Cybersecurity Competition” (in this section referred to as the “competition”) for the purpose of identifying, challenging, and competitively awarding prizes, including cash prizes, to the United States Government’s best cybersecurity practitioners and teams across offensive and defensive cybersecurity disciplines.
(1) IN GENERAL.—Notwithstanding section 1342 of title 31, United States Code, the Director, in carrying out the competition, may consult with, and consider advice from, any person who has experience or expertise in the development, design, or execution of cybersecurity competitions.
(2) LIMITATION.—The Federal Advisory Committee Act (5 U.S.C. App.) shall not apply to consultations pursuant to this section.
(3) PROHIBITION.—A person with whom the Director consults under paragraph (1) may not—
(A) receive pay by reason of being so consulted; or
(B) be considered an employee of the Federal Government by reason of so consulting.
(c) Eligibility.—To be eligible to participate in the competition, an individual shall be a Federal civilian employee or member of the uniformed services (as such term is defined in section 2101(3) of title 5, United States Code) and shall comply with any rules promulgated by the Director regarding the competition.
(d) Competition administration.—The Director may enter into a grant, contract, cooperative agreement, or other agreement with a private sector for-profit or nonprofit entity or State or local government agency to administer the competition.
(e) Competition parameters.—Each competition shall incorporate the following elements:
(1) Cybersecurity skills outlined in the National Initiative for Cybersecurity Education Framework, or any successor framework.
(2) Individual and team events.
(3) Categories demonstrating offensive and defensive cyber operations, such as software reverse engineering and exploitation, network operations, forensics, big data analysis, cyber analysis, cyber defense, cyber exploitation, secure programming, obfuscated coding, or cyber-physical systems.
(4) Any other elements related to paragraphs (1), (2), or (3) as determined necessary by the Director.
(1) IN GENERAL.—Notwithstanding any other provision of law, the Director may use amounts made available to the Director for the competition for the following:
(A) Advertising, marketing, and promoting the competition.
(B) Meals for participants and organizers of the competition if attendance at the meal during the competition is necessary to maintain the integrity of the competition.
(C) Promotional items, including merchandise and apparel.
(D) Monetary and nonmonetary awards for competition participants, including members of the uniformed services.
(E) Necessary expenses for the honorary recognition of competition participants, including members of the uniformed services.
(F) Any other appropriate activity necessary to carry out the competition, as determined by the Director.
(2) APPLICATION.—This subsection shall apply to amounts appropriated on or after the date of the enactment of this Act.
(g) Prize limitation.—The Director may make one or more awards per competition, except that the amount or value of each shall not exceed $10,000. The Secretary of Homeland Security may make one or more awards per competition, except the amount or the value of each shall not to exceed $25,000. A monetary award under this section shall be in addition to the regular pay of the recipient.
(h) Reporting requirements.—The Director shall annually provide to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report that includes the following:
(1) A description of available funds under subsection (f) for each competition conducted in the preceding year.
(2) A description of expenditures authorized in subsection (g) for each competition.
(3) Information relating to the participation of each competition.
(4) Information relating to lessons learned from each competition and how such lessons may be applied to improve cybersecurity operations and recruitment of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.
This Act may be cited as the “President’s Cup Cybersecurity Competition Act”.
SEC. 2. President’s cup cybersecurity competition.
(a) In general.—The Director of the Cybersecurity and Infrastructure Security Agency (in this section referred to as the “Director”) of the Department of Homeland Security is authorized to hold an annual cybersecurity competition to be known as the “Department of Homeland Security Cybersecurity and Infrastructure Security Agency’s President’s Cup Cybersecurity Competition” (in this section referred to as the “competition”) for the purpose of identifying, challenging, and competitively awarding prizes, including cash prizes, to the best cybersecurity practitioners and teams of the United States Government across offensive and defensive cybersecurity disciplines.
(b) Eligibility.—To be eligible to participate in the competition, an individual shall be a Federal employee in a position of civil service or a member of the uniformed services (as such terms are defined in section 2101 of title 5, United States Code) and shall comply with any rules promulgated by the Director regarding the competition.
(c) Competition administration.—The Director may award a grant to, or enter into a contract, cooperative agreement, or other agreement with a private sector for-profit or nonprofit entity or State or local government agency to administer the competition.
(d) Competition parameters.—Each competition shall incorporate the following elements:
(1) Cybersecurity skills outlined in the National Initiative for Cybersecurity Education Framework, or any successor framework.
(e) Use of funds.—
(1) IN GENERAL.—In order to further the goals and objectives of the competition, the Director may use amounts made available to the Director for the competition for reasonable expenses for—
(B) meals for participants in and organizers of the competition if attendance at the meal during the competition is necessary to maintain the integrity of the competition;
(f) Prize limitation.—
(1) AWARDS BY THE DIRECTOR.—The Director may make 1 or more awards per competition in an amount or value not to exceed $10,000 per award.
(2) AWARDS BY THE SECRETARY OF HOMELAND SECURITY.—The Secretary of Homeland Security may make 1 or more awards per competition in an amount or value not to exceed $25,000 per award.
(g) Reporting requirements.—The Director shall annually provide to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report that includes the following:
Calendar No. 679 | |||||
| |||||
[Report No. 117–280] | |||||
AN ACT | |||||
To authorize the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to hold an annual cybersecurity competition relating to offensive and defensive cybersecurity disciplines, and for other purposes. | |||||
December 19, 2022 | |||||
Reported with an amendment |