Bill Sponsor
Senate Bill 4024
116th Congress(2019-2020)
Cybersecurity Advisory Committee Authorization Act of 2020
Introduced
Introduced
Introduced in Senate on Jun 22, 2020
Overview
Text
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
S. 4024 (Reported-in-Senate)

Calendar No. 528

116th CONGRESS
2d Session
S. 4024

[Report No. 116–265]


To establish in the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security a Cybersecurity Advisory Committee.


IN THE SENATE OF THE UNITED STATES

June 22, 2020

Mr. Perdue (for himself and Ms. Sinema) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

September 9, 2020

Reported by Mr. Johnson, with an amendment

[Strike out all after the enacting clause and insert the part printed in italic]


A BILL

To establish in the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security a Cybersecurity Advisory Committee.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Cybersecurity Advisory Committee Authorization Act of 2020”.

SEC. 2. Cybersecurity Advisory Committee.

(a) In general.—Subtitle A of title XXII of the Homeland Security Act of 2002 (6 U.S.C. 651 et seq.) is amended by adding at the end the following:

2215. Cybersecurity Advisory Committee.

“(a) Establishment.—The Secretary shall establish within the Agency a Cybersecurity Advisory Committee (referred to in this section as the ‘Advisory Committee’).

“(b) Duties.—

“(1) IN GENERAL.—The Advisory Committee may advise, consult with, report to, and make recommendations to the Director, as appropriate, on the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency.

“(2) RECOMMENDATIONS.—

“(A) IN GENERAL.—The Advisory Committee shall develop, at the request of the Director, recommendations for improvements to advance the cybersecurity mission of the Agency and strengthen the cybersecurity of the United States.

“(B) RECOMMENDATIONS OF SUBCOMMITTEES.—Recommendations agreed upon by subcommittees established under subsection (d) for any year shall be approved by the Advisory Committee before the Advisory Committee submits to the Director the annual report under paragraph (4) for that year.

“(3) PERIODIC REPORTS.—The Advisory Committee shall periodically submit to the Director—

“(A) reports on matters identified by the Director; and

“(B) reports on other matters identified by a majority of the members of the Advisory Committee.

“(4) ANNUAL REPORT.—

“(A) IN GENERAL.—The Advisory Committee shall submit to the Director an annual report providing information on the activities, findings, and recommendations of the Advisory Committee, including its subcommittees, for the preceding year.

“(B) PUBLICATION.—Not later than 180 days after the date on which the Director receives an annual report for a year under subparagraph (A), the Director shall publish a public version of the report describing the activities of the Advisory Committee and such related matters as would be informative to the public during that year, consistent with section 552(b) of title 5, United States Code.

“(5) FEEDBACK.—Not later than 90 days after receiving any recommendation submitted by the Advisory Committee under paragraph (2), (3), or (4), the Director shall respond in writing to the Advisory Committee with feedback on the recommendation. Such a response shall include—

“(A) with respect to any recommendation with which the Director concurs, an action plan to implement the recommendation; and

“(B) with respect to any recommendation with which the Director does not concur, a justification for why the Director does not plan to implement the recommendation.

“(6) CONGRESSIONAL NOTIFICATION.—Not less frequently than once per year after the date of enactment of this section, the Director shall provide to the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate and the Committee on Homeland Security and the Committee on Appropriations of the House of Representatives a briefing on feedback from the Advisory Committee.

“(c) Membership.—

“(1) APPOINTMENT.—

“(A) IN GENERAL.—Not later than 180 days after the date of enactment of the Cybersecurity Advisory Committee Authorization Act of 2020, the Director shall appoint the members of the Advisory Committee.

“(B) COMPOSITION.—The membership of the Advisory Committee shall consist of not more than 35 individuals.

“(C) REPRESENTATION.—

(i) IN GENERAL.—The membership of the Advisory Committee shall be geographically balanced and shall include representatives of State and local governments and of a broad range of industries, which may include the following:

(I) Defense.

(II) Education.

(III) Financial services and insurance.

(IV) Healthcare.

(V) Manufacturing.

(VI) Media and entertainment.

(VII) Chemicals.

(VIII) Retail.

(IX) Transportation.

(X) Energy.

(XI) Information Technology.

(XII) Communications.

(XIII) Other relevant fields identified by the Director.

(ii) PROHIBITION.—Not more than 3 members may represent any 1 category under clause (i).

“(2) TERM OF OFFICE.—

“(A) TERMS.—The term of each member of the Advisory Committee shall be 2 years, except that a member may continue to serve until a successor is appointed.

“(B) REMOVAL.—The Director may review the participation of a member of the Advisory Committee and remove such member any time at the discretion of the Director.

“(C) REAPPOINTMENT.—A member of the Advisory Committee may be reappointed for an unlimited number of terms.

“(3) PROHIBITION ON COMPENSATION.—The members of the Advisory Committee may not receive pay or benefits from the United States Government by reason of their service on the Advisory Committee.

“(4) MEETINGS.—

“(A) IN GENERAL.—The Director shall require the Advisory Committee to meet not less frequently than semiannually, and may convene additional meetings as necessary.

“(B) PUBLIC MEETINGS.—At least one of the meetings referred to in subparagraph (A) shall be open to the public.

“(C) ATTENDANCE.—The Advisory Committee shall maintain a record of the persons present at each meeting.

“(5) MEMBER ACCESS TO CLASSIFIED INFORMATION.—

“(A) IN GENERAL.—Not later than 60 days after the date on which a member is first appointed to the Advisory Committee and before the member is granted access to any classified information, the Director shall determine if the member should be restricted from reviewing, discussing, or possessing classified information.

“(B) ACCESS.—Access to classified materials shall be managed in accordance with Executive Order No. 13526 of December 29, 2009 (75 Fed. Reg 707), or any subsequent corresponding Executive Order.

“(C) PROTECTIONS.—A member of the Advisory Committee shall protect all classified information in accordance with the applicable requirements for the particular level of classification of such information.

“(6) CHAIRPERSON.—The Advisory Committee shall select, from among the members of the Advisory Committee—

“(A) a member to serve as chairperson of the Advisory Committee; and

“(B) a member to serve as chairperson of each subcommittee of the Advisory Committee established under subsection (d).

“(d) Subcommittees.—

“(1) IN GENERAL.—The Director shall establish subcommittees within the Advisory Committee to address cybersecurity issues, which may include the following:

“(A) Information exchange.

“(B) Critical infrastructure.

“(C) Risk management.

“(D) Public and private partnerships.

“(2) MEETINGS AND REPORTING.—Each subcommittee shall meet not less frequently than semiannually, and submit to the Advisory Committee for inclusion in the annual report required under subsection (b)(4) information, including activities, findings, and recommendations, regarding subject matter considered by the subcommittee.

“(3) SUBJECT MATTER EXPERTS.—The chair of the Advisory Committee shall appoint members to subcommittees and shall ensure that each member appointed to a subcommittee has subject matter expertise relevant to the subject matter of the subcommittee.

“(e) Nonapplicability of FACA.—The Federal Advisory Committee Act (5 U.S.C. App.) shall not apply to the Advisory Committee and its subcommittees.”.

(b) Clerical amendment.—The table of contents in section 1(b) of the Homeland Security Act of 2002 (Public Law 107–296; 116 Stat. 2135) is amended by inserting after the item relating to section 2214 the following:


“2215. Cybersecurity Advisory Committee.”.

SECTION 1. Short title.

This Act may be cited as the “Cybersecurity Advisory Committee Authorization Act of 2020”.

SEC. 2. Cybersecurity Advisory Committee.

(a) In general.—Subtitle A of title XXII of the Homeland Security Act of 2002 (6 U.S.C. 651 et seq.) is amended by adding at the end the following:

2215. Cybersecurity Advisory Committee.

“(a) Establishment.—The Secretary shall establish within the Agency a Cybersecurity Advisory Committee (referred to in this section as the ‘Advisory Committee’).

“(b) Duties.—

“(1) IN GENERAL.—The Advisory Committee shall advise, consult with, report to, and make recommendations to the Director, as appropriate, on the development, refinement, and implementation of policies, programs, planning, and training pertaining to the cybersecurity mission of the Agency.

“(2) RECOMMENDATIONS.—

“(A) IN GENERAL.—The Advisory Committee shall develop, at the request of the Director, recommendations for improvements to advance the cybersecurity mission of the Agency and strengthen the cybersecurity of the United States.

“(B) RECOMMENDATIONS OF SUBCOMMITTEES.—Recommendations agreed upon by subcommittees established under subsection (d) for any year shall be approved by the Advisory Committee before the Advisory Committee submits to the Director the annual report under paragraph (4) for that year.

“(3) PERIODIC REPORTS.—The Advisory Committee shall periodically submit to the Director—

“(A) reports on matters identified by the Director; and

“(B) reports on other matters identified by a majority of the members of the Advisory Committee.

“(4) ANNUAL REPORT.—

“(A) IN GENERAL.—The Advisory Committee shall submit to the Director an annual report providing information on the activities, findings, and recommendations of the Advisory Committee, including its subcommittees, for the preceding year.

“(B) PUBLICATION.—Not later than 180 days after the date on which the Director receives an annual report for a year under subparagraph (A), the Director shall publish a public version of the report describing the activities of the Advisory Committee and such related matters as would be informative to the public during that year, consistent with section 552(b) of title 5, United States Code.

“(5) FEEDBACK.—Not later than 90 days after receiving any recommendation submitted by the Advisory Committee under paragraph (2), (3), or (4), the Director shall respond in writing to the Advisory Committee with feedback on the recommendation. Such a response shall include—

“(A) with respect to any recommendation with which the Director concurs, an action plan to implement the recommendation; and

“(B) with respect to any recommendation with which the Director does not concur, a justification for why the Director does not plan to implement the recommendation.

“(6) CONGRESSIONAL NOTIFICATION.—Not less frequently than once per year after the date of enactment of this section, the Director shall provide to the Committee on Homeland Security and Governmental Affairs and the Committee on Appropriations of the Senate and the Committee on Homeland Security and the Committee on Appropriations of the House of Representatives a briefing on feedback from the Advisory Committee.

“(7) GOVERNANCE RULES.—The Director shall establish rules for the structure and governance of the Advisory Committee and all subcommittees established under subsection (d).

“(c) Membership.—

“(1) APPOINTMENT.—

“(A) IN GENERAL.—Not later than 180 days after the date of enactment of the Cybersecurity Advisory Committee Authorization Act of 2020, the Director shall appoint the members of the Advisory Committee.

“(B) COMPOSITION.—The membership of the Advisory Committee shall consist of not more than 35 individuals.

“(C) REPRESENTATION.—

“(i) IN GENERAL.—The membership of the Advisory Committee shall—

“(I) consist of subject matter experts;

“(II) be geographically balanced; and

“(III) include representatives of State, local, and Tribal governments and of a broad range of industries, which may include the following:

“(aa) Defense.

“(bb) Education.

“(cc) Financial services and insurance.

“(dd) Healthcare.

“(ee) Manufacturing.

“(ff) Media and entertainment.

“(gg) Chemicals.

“(hh) Retail.

“(ii) Transportation.

“(jj) Energy.

“(kk) Information Technology.

“(ll) Communications.

“(mm) Other relevant fields identified by the Director.

“(ii) PROHIBITION.—Not less than 1 member nor more than 3 members may represent any 1 category under clause (i)(III).

“(iii) PUBLICATION OF MEMBERSHIP LIST.—The Advisory Committee shall publish its membership list on a publicly available website not less than once per fiscal year and shall update the membership list as changes occur.

“(2) TERM OF OFFICE.—

“(A) TERMS.—The term of each member of the Advisory Committee shall be 2 years, except that a member may continue to serve until a successor is appointed.

“(B) REMOVAL.—The Director may review the participation of a member of the Advisory Committee and remove such member any time at the discretion of the Director.

“(C) REAPPOINTMENT.—A member of the Advisory Committee may be reappointed for an unlimited number of terms.

“(3) PROHIBITION ON COMPENSATION.—The members of the Advisory Committee may not receive pay or benefits from the United States Government by reason of their service on the Advisory Committee.

“(4) MEETINGS.—

“(A) IN GENERAL.—The Director shall require the Advisory Committee to meet not less frequently than semiannually, and may convene additional meetings as necessary.

“(B) PUBLIC MEETINGS.—At least one of the meetings referred to in subparagraph (A) shall be open to the public.

“(C) ATTENDANCE.—The Advisory Committee shall maintain a record of the persons present at each meeting.

“(5) MEMBER ACCESS TO CLASSIFIED INFORMATION.—

“(A) IN GENERAL.—Not later than 60 days after the date on which a member is first appointed to the Advisory Committee and before the member is granted access to any classified information, the Director shall determine, for the purposes of the Advisory Committee, if the member should be restricted from reviewing, discussing, or possessing classified information.

“(B) ACCESS.—Access to classified materials shall be managed in accordance with Executive Order No. 13526 of December 29, 2009 (75 Fed. Reg. 707), or any subsequent corresponding Executive Order.

“(C) PROTECTIONS.—A member of the Advisory Committee shall protect all classified information in accordance with the applicable requirements for the particular level of classification of such information.

“(D) RULE OF CONSTRUCTION.—Nothing in this paragraph shall be construed to affect the security clearance of a member of the Advisory Committee or the authority of a Federal agency to provide a member of the Advisory Committee access to classified information.

“(6) CHAIRPERSON.—The Advisory Committee shall select, from among the members of the Advisory Committee—

“(A) a member to serve as chairperson of the Advisory Committee; and

“(B) a member to serve as chairperson of each subcommittee of the Advisory Committee established under subsection (d).

“(d) Subcommittees.—

“(1) IN GENERAL.—The Director shall establish subcommittees within the Advisory Committee to address cybersecurity issues, which may include the following:

“(A) Information exchange.

“(B) Critical infrastructure.

“(C) Risk management.

“(D) Public and private partnerships.

“(2) MEETINGS AND REPORTING.—Each subcommittee shall meet not less frequently than semiannually, and submit to the Advisory Committee for inclusion in the annual report required under subsection (b)(4) information, including activities, findings, and recommendations, regarding subject matter considered by the subcommittee.

“(3) SUBJECT MATTER EXPERTS.—The chairperson of the Advisory Committee shall appoint members to subcommittees and shall ensure that each member appointed to a subcommittee has subject matter expertise relevant to the subject matter of the subcommittee.”.

(b) Clerical amendment.—The table of contents in section 1(b) of the Homeland Security Act of 2002 (Public Law 107–296; 116 Stat. 2135) is amended by inserting after the item relating to section 2214 the following:


“Sec. 2215. Cybersecurity Advisory Committee.”.


Calendar No. 528

116th CONGRESS
     2d Session
S. 4024
[Report No. 116–265]

A BILL
To establish in the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security a Cybersecurity Advisory Committee.

September 9, 2020
Reported with an amendment