116th CONGRESS 2d Session |
To require the Secretary of Homeland Security to conduct a review of the ability of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to fulfill its current mission requirements, and for other purposes.
July 13, 2020
Mr. Katko (for himself, Mr. Ruppersberger, and Mr. Gallagher) introduced the following bill; which was referred to the Committee on Homeland Security, and in addition to the Committees on Oversight and Reform, Energy and Commerce, and Transportation and Infrastructure, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned
To require the Secretary of Homeland Security to conduct a review of the ability of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security to fulfill its current mission requirements, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “Strengthening the Cybersecurity and Infrastructure Security Agency Act of 2020”.
SEC. 2. Cybersecurity and Infrastructure Security Agency review.
(a) In general.—The Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall conduct a review of the ability of the Cybersecurity and Infrastructure Security Agency to carry out its mission requirements, as well as the recommendations detailed in the U.S. Cyberspace Solarium Commission’s Report regarding the Agency.
(b) Elements of review.—The review conducted in accordance with subsection (a) shall include the following elements:
(1) An assessment of how additional budget resources could be used by the Cybersecurity and Infrastructure Security Agency for projects and programs that—
(A) support the national risk management mission;
(B) support public and private-sector cybersecurity;
(C) promote public-private integration; and
(D) provide situational awareness of cybersecurity threats.
(2) A force structure assessment of the Cybersecurity and Infrastructure Security Agency, including—
(A) a determination of the appropriate size and composition of personnel to carry out the mission requirements of the Agency, as well as the recommendations detailed in the U.S. Cyberspace Solarium Commission’s Report regarding the Agency;
(B) as assessment of whether existing personnel are appropriately matched to the prioritization of threats in the cyber domain and risks to critical infrastructure;
(C) an assessment of whether the Agency has the appropriate personnel and resources to—
(i) perform risk assessments, threat hunting, and incident response to support both private and public cybersecurity;
(ii) carry out its responsibilities related to the security of Federal information and Federal information systems (as such term is defined in section 3502 of title 44, United States Code); and
(iii) carry out its critical infrastructure responsibilities, including national risk management;
(D) an assessment of whether current structure, personnel, and resources of regional field offices are sufficient to carry out Agency responsibilities and mission requirements; and
(E) an assessment of current Cybersecurity and Infrastructure Security Agency facilities, including a review of the suitability of such facilities to fully support current and projected mission requirements nationally and regionally, and recommendations regarding future facility requirements.
(c) Submission of review.—Not later than one year after the date of the enactment of this Act, the Secretary of Homeland Security shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report detailing the result of the review conducted in accordance with subsection (a), including recommendations to address any identified gaps.
SEC. 3. General Services Administration review.
(a) Submission of assessment.—Upon submission to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate of the report required under section 2(c), the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall submit to the Administrator of the General Services Administration the results of the assessment required under section (b)(2)(E).
(b) Review.—The Administrator of the General Services Administration shall—
(1) conduct a review of Cybersecurity and Infrastructure Security Agency assessment required under section 2(b)(2)(E); and
(2) make recommendations regarding resources needed to procure or build a new facility or augment existing facilities to ensure sufficient size and accommodations to fully support current and projected mission requirements, including the integration of personnel from the private sector and other Federal departments and agencies.
(c) Submission of review.—Not later than 30 days after receipt of the assessment under subsection (a), the Administrator of the General Services Administration shall submit to the President, the Secretary of Homeland Security, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives the review required under subsection (b).