Bill Sponsor
House Bill 7265
116th Congress(2019-2020)
Small Manufacturer Cybersecurity Enhancement Act
Introduced
Introduced
Introduced in House on Jun 18, 2020
Overview
Text
Introduced in House 
Jun 18, 2020
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in House(Jun 18, 2020)
Jun 18, 2020
Not Scanned for Linkage
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
H. R. 7265 (Introduced-in-House)


116th CONGRESS
2d Session
H. R. 7265


To improve assistance provided by the Hollings Manufacturing Extension Partnership to small manufacturers in the defense industrial supply chain on matters relating to cybersecurity, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

June 18, 2020

Mr. Panetta (for himself, Mr. Wilson of South Carolina, Ms. Slotkin, Mr. Mitchell, Mr. Ruppersberger, Mr. Reschenthaler, Ms. Stevens, Mr. Carbajal, and Mr. Suozzi) introduced the following bill; which was referred to the Committee on Armed Services


A BILL

To improve assistance provided by the Hollings Manufacturing Extension Partnership to small manufacturers in the defense industrial supply chain on matters relating to cybersecurity, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Small Manufacturer Cybersecurity Enhancement Act”.

SEC. 2. Findings.

Congress finds the following:

(1) The Office of the Director of National Intelligence stated in its 2019 Worldwide Threat Assessment that United States adversaries and strategic competitors will increasingly use cyber capabilities—including cyber espionage, attack, and influence—to seek political, economic, and military advantage over the United States and its allies.

(2) The Department of Defense recognizes that small manufacturers operating in the defense supply chain are particularly vulnerable to cyber attacks because they frequently lack the necessary human and financial resources to protect themselves.

(3) The Department of Defense is implementing its Cybersecurity Maturity Model Certification (CMMC) to protect Controlled Unclassified Information and critical United States technology and information from cyber theft and hacking. All defense contractors will need to comply with CMMC.

(4) The Undersecretary of Defense for Acquisition and Sustainment has stated that smaller companies in the defense supply chain might not be able to afford the Department of Defense’s increasingly demanding cybersecurity requirements, but that the Department is committed to ensuring that such companies get the resources they need to comply.

(5) According to the Bureau of Labor Statistics, there are more than 347,000 manufacturing establishments in the United States, of which 72 percent have fewer than 20 employees and 99 percent have fewer than 500 employees.

(6) During the past 7 years the Hollings Manufacturing Extension Partnership (MEP) Centers have worked closely with the Department of Defense to bolster the resilience of the defense industrial base supply chain by providing cybersecurity services to small manufacturers. The MEP Centers have worked with more than 26,000 small- and medium-sized manufacturers nationwide in fiscal year 2019 alone.

(7) Hollings Manufacturing Extension Partnership Centers are located in all 50 States and provide a nationwide network that is—

(A) raising the awareness of small manufacturers to cyber threats;

(B) helping small manufacturers comply with new Department of Defense cybersecurity requirements; and

(C) helping small manufacturers understand that if they do not comply with new Department of Defense cybersecurity requirements, then they risk losing their defense contracts.

(8) The Hollings Manufacturing Extension Partnership Centers are well-positioned to aid small manufacturing companies in the defense supply chain in complying with cybersecurity requirements to protect controlled unclassified information relevant to defense manufacturing supply chains.

SEC. 3. Assistance for small manufacturers in the defense industrial supply chain on matters relating to cybersecurity.

(a) In general.—Subject to the availability of appropriations, the Secretary of Defense, acting through the Office of Economic Adjustment and in consultation with the Director of the National Institute of Standards and Technology, may make grants to a Center established under the Hollings Manufacturing Extension Partnership for the purpose of providing cybersecurity services to small manufacturers.

(b) Criteria.—The Secretary shall establish and publish in the Federal Register criteria for selecting grant recipients under this section.

(c) Use of funds.—Grant funds under this section—

(1) shall be used by a Center to provide small manufacturers with cybersecurity services related to—

(A) compliance with the cybersecurity requirements of the Department of Defense Supplement to the Federal Acquisition Regulation, including awareness, assessment, evaluation, preparation, and implementation of cybersecurity services; and

(B) achieving compliance with the Cybersecurity Maturity Model Certification framework of the Department of Defense; and

(2) may be used by a Center to employ trained personnel to deliver cybersecurity services to small manufacturers.

(d) Reports.—The Secretary shall submit to the congressional defense committees a biennial report on grants awarded under this section. To the extent practicable, each such report shall include the following with respect to the years covered by the report:

(1) The number of small manufacturing companies assisted.

(2) A description of the cybersecurity services provided.

(3) A description of the cybersecurity matters addressed.

(4) An analysis of the operational effectiveness and cost-effectiveness of the cybersecurity services provided.

(e) Termination.—The authority of the Secretary of Defense to make grants under this section shall terminate on the date that is five years after the date of the enactment of this Act.

(f) Definitions.—In this section:

(1) CENTER.—The term “Center” has the meaning given that term in section 25(a) of the National Institute of Standards and Technology Act (15 U.S.C. 278k(a)).

(2) CONGRESSIONAL DEFENSE COMMITTEES.—The term “congressional defense committees” has the meaning given that term in section 101(a)(16) of title 10, United States Code.

(3) SMALL MANUFACTURER.—The term “small manufacturer” has the meaning given that term in section 1644(g) of the John S. McCain National Defense Authorization Act for Fiscal Year 2019 (Public Law 115–232; 10 U.S.C. 2224 note).