Bill Sponsor
BILLSPONSOR
Bill Sponsor
Politicians
Bills
Senate Bill 1324
117th Congress(2021-2022)
Civilian Cybersecurity Reserve Act
Active
Active
Passed Senate on Dec 20, 2022
Overview
Text
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Jump To
S. 1324 (Reported-in-Senate)

Calendar No. 348

117th CONGRESS
2d Session
S. 1324

[Report No. 117–97]


To establish a Civilian Cyber Security Reserve as a pilot project to address the cyber security needs of the United States with respect to national security, and for other purposes.

IN THE SENATE OF THE UNITED STATES

April 22, 2021

Ms. Rosen (for herself and Mrs. Blackburn) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

April 27, 2022

Reported by Mr. Peters, with an amendment

[Strike out all after the enacting clause and insert the part printed in italic]

A BILL

To establish a Civilian Cyber Security Reserve as a pilot project to address the cyber security needs of the United States with respect to national security, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Civilian Cyber Security Reserve Act”.

SEC. 2. Civilian Cyber Security Reserve pilot project.

(a) Definitions.—In this section:

(1) APPROPRIATE AGENCY HEAD.—The term “appropriate agency head” means—

(A) in the case of the Department of Homeland Security, the Secretary of Homeland Security; and

(B) in the case of the Department of Defense, the Secretary of Defense.

(2) COMPETITIVE SERVICE.—The term “competitive service” has the meaning given the term in section 2102 of title 5, United States Code.

(3) COVERED AGENCY.—The term “covered agency” means the Department of Homeland Security or the Department of Defense.

(4) EXCEPTED SERVICE.—The term “excepted service” has the meaning given the term in section 2103 of title 5, United States Code.

(5) TEMPORARY.—The term “temporary” means a period of not more than 6 months.

(6) UNIFORMED SERVICES.—The term “uniformed services” has the meaning given the term in section 2101 of title 5, United States Code.

(b) Pilot project.—

(1) IN GENERAL.—Each appropriate agency head may carry out a pilot project to establish a Civilian Cyber Security Reserve at the covered agency to address the cyber security needs of the United States with respect to national security.

(2) APPOINTMENTS.—Under a pilot project authorized under paragraph (1), the appropriate agency head may noncompetitively appoint members of the Civilian Cyber Security Reserve to temporary positions in the competitive or excepted service.

(3) STATUS AS EMPLOYEES.—An individual appointed under paragraph (2) shall be considered a Federal civil service employee under section 2105 of title 5, United States Code.

(4) ADDITIONAL EMPLOYEES.—Individuals appointed under paragraph (2) shall be in addition to any employees of the covered agency who provide cyber security services.

(5) EMPLOYMENT PROTECTIONS.—The Secretary of Labor shall prescribe such regulations as necessary to ensure the reemployment, continuation of benefits, and non-discrimination in reemployment of individuals appointed under paragraph (2), provided that such regulations shall include, at a minimum, those rights and obligations set forth under chapter 43 of title 38, United States Code.

(c) Eligibility; application and selection.—

(1) IN GENERAL.—Under a pilot project authorized under subsection (b), the appropriate agency head shall establish criteria for—

(A) individuals to be eligible for the Civilian Cyber Security Reserve in the covered agency; and

(B) the application and selection processes for the Reserve.

(2) REQUIREMENTS FOR INDIVIDUALS.—The criteria established under paragraph (1)(A) with respect to an individual shall include—

(A) previous employment by the Federal Government or within the uniformed services; and

(B) cyber security expertise.

(3) AGREEMENT REQUIRED.—An individual may become a member of the Civilian Cyber Security Reserve only if the individual enters into an agreement with the appropriate agency head to become such a member, which shall set forth the rights and obligations of the individual and the covered agency.

(4) EXCEPTION FOR CONTINUING MILITARY SERVICE COMMITMENTS.—A member of the Selected Reserve under section 10143 of title 10, United States Code, may not be a member of the Civilian Cyber Security Reserve.

(d) Components of the Civilian Cyber Security Reserve.—The appropriate agency head may consider, in carrying out a pilot project authorized under subsection (b), developing different components of the Civilian Cyber Security Reserve in the covered agency, one with an obligation to respond when called into activation at the direction of the appropriate agency head and one that is not compelled to so respond, with appropriate corresponding differing benefits for each such component.

(e) Security clearances.—

(1) IN GENERAL.—The appropriate agency head shall ensure that all members of the Civilian Cyber Security Reserve in the covered agency undergo the appropriate personnel vetting and adjudication commensurate with the duties of the position, including a determination of eligibility for access to classified information where a security clearance is necessary, in accordance with Executive Order 12968 (50 U.S.C. 3161 note; relating to access to classified information) and Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for Government employment, fitness for contractor employees, and eligibility for access to classified national security information).

(2) COST OF MAINTAINING CLEARANCES.—The original sponsor of a security clearance of a member of a Civilian Cyber Security Reserve at a covered agency shall be responsible for the cost of maintaining that security clearance.

(f) Project guidance.—

(1) IN GENERAL.—Not later than 180 days after the date of enactment of this Act, each appropriate agency head may issue guidance establishing and implementing a pilot project authorized under subsection (b) at the covered agency.

(2) PENALTIES.—

(A) IN GENERAL.—In developing guidance under paragraph (1), an appropriate agency head may provide for penalties for individuals who do not respond to activation when called, such as recoupment of pay or benefits earned as a member of the Civilian Cyber Security Reserve or recoupment of civilian service creditable under section 8411 of title 5, United States Code.

(B) PROCEDURES.—In the case of a proposed penalty or action under this paragraph, the individual shall be entitled to the applicable procedures set forth in title 5, Code of Federal Regulations, or as otherwise specified in applicable guidance.

(g) Evaluation.—Not later than 5 years after the pilot project authorized under subsection (b) is established in each covered agency, the Comptroller General of the United States shall—

(1) conduct a study evaluating the pilot project at the covered agency; and

(2) submit to Congress—

(A) a report on the results of the study; and

(B) a recommendation with respect to whether the pilot project should be modified, extended in duration, or established as a permanent program.

(h) Report.—Not later than 5 years after the pilot project authorized under subsection (b) is established in a covered agency, the appropriate agency head shall submit to the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services of the Senate and the Committee on Homeland Security and the Committee on Armed Services of the House of Representatives a report—

(1) on the activities carried out under the pilot project; and

(2) that includes a recommendation with respect to whether the pilot project should be modified, extended in duration, or established as a permanent program.

(i) Sunset.—A pilot project authorized under this section shall terminate on the date that is 6 years after the date on which the pilot project is established.

(j) Authorization of appropriations.—There are authorized to be appropriated to each appropriate agency head such sums as may be necessary to carry out this section.

SECTION 1. Short title.

This Act may be cited as the “Civilian Cybersecurity Reserve Act”.

SEC. 2. Civilian Cybersecurity Reserve pilot project.

(a) Definitions.—In this section:

(1) AGENCY.—The term “Agency” means the Cybersecurity and Infrastructure Security Agency.

(2) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the Committee on Homeland Security and Governmental Affairs of the Senate;

(B) the Committee on Appropriations of the Senate;

(C) the Committee on Homeland Security of the House of Representatives;

(D) the Committee on Oversight and Reform of the House of Representatives; and

(E) the Committee on Appropriations of the House of Representatives.

(3) COMPETITIVE SERVICE.—The term “competitive service” has the meaning given the term in section 2102 of title 5, United States Code.

(4) DIRECTOR.—The term “Director” means the Director of the Agency.

(5) EXCEPTED SERVICE.—The term “excepted service” has the meaning given the term in section 2103 of title 5, United States Code.

(6) SIGNIFICANT INCIDENT.—The term “significant incident”—

(A) means an incident or a group of related incidents that results, or is likely to result, in demonstrable harm to—

(i) the national security interests, foreign relations, or economy of the United States; or

(ii) the public confidence, civil liberties, or public health and safety of the people of the United States; and

(B) does not include an incident or a portion of a group of related incidents that occurs on—

(i) a national security system, as defined in section 3552 of title 44, United States Code; or

(ii) an information system described in paragraph (2) or (3) of section 3553(e) of title 44, United States Code.

(7) TEMPORARY POSITION.—The term “temporary position” means a position in the competitive or excepted service for a period of 6 months or less.

(8) UNIFORMED SERVICES.—The term “uniformed services” has the meaning given the term in section 2101 of title 5, United States Code.

(b) Pilot project.—

(1) IN GENERAL.—The Director may carry out a pilot project to establish a Civilian Cybersecurity Reserve at the Agency.

(2) PURPOSE.—The purpose of a Civilian Cybersecurity Reserve is to enable the Agency to effectively respond to significant incidents.

(3) ALTERNATIVE METHODS.—Consistent with section 4703 of title 5, United States Code, in carrying out a pilot project authorized under paragraph (1), the Director may, without further authorization from the Office of Personnel Management, provide for alternative methods of—

(A) establishing qualifications requirements for, recruitment of, and appointment to positions; and

(B) classifying positions.

(4) APPOINTMENTS.—Under the pilot project authorized under paragraph (1), upon occurrence of a significant incident, the Director—

(A) may activate members of the Civilian Cybersecurity Reserve by—

(i) noncompetitively appointing members of the Civilian Cybersecurity Reserve to temporary positions in the competitive service; or

(ii) appointing members of the Civilian Cybersecurity Reserve to temporary positions in the excepted service;

(B) shall notify Congress whenever a member is activated under subparagraph (A); and

(C) may appoint not more than 30 members to the Civilian Cybersecurity Reserve under subparagraph (A) at any time.

(5) STATUS AS EMPLOYEES.—An individual appointed under subsection (b)(4) shall be considered a Federal civil service employee under section 2105 of title 5, United States Code.

(6) ADDITIONAL EMPLOYEES.—Individuals appointed under subsection (b)(4) shall be in addition to any employees of the Agency who provide cybersecurity services.

(7) EMPLOYMENT PROTECTIONS.—The Secretary of Labor shall prescribe such regulations as necessary to ensure the reemployment, continuation of benefits, and non-discrimination in reemployment of individuals appointed under subsection (b)(4), provided that such regulations shall include, at a minimum, those rights and obligations set forth under chapter 43 of title 38, United States Code.

(8) STATUS IN RESERVE.—During the period beginning on the date on which an individual is recruited by the Agency to serve in the Civilian Cybersecurity Reserve and ending on the date on which the individual is appointed under subsection (b)(4), and during any period in between any such appointments, the individual shall not be considered a Federal employee.

(c) Eligibility; application and selection.—

(1) IN GENERAL.—Under the pilot project authorized under subsection (b), the Director shall establish criteria for—

(A) individuals to be eligible for the Civilian Cybersecurity Reserve; and

(B) the application and selection processes for the Civilian Cybersecurity Reserve.

(2) REQUIREMENTS FOR INDIVIDUALS.—The criteria established under paragraph (1)(A) with respect to an individual shall include—

(A) previous employment—

(i) by the executive branch;

(ii) within the uniformed services;

(iii) as a Federal contractor within the executive branch; or

(iv) by a State, local, Tribal, or territorial government;

(B) if the individual has previously served as a member of the Civilian Cybersecurity Reserve of the Agency, that the previous appointment ended not less than 60 days before the individual may be appointed for a subsequent temporary position in the Civilian Cybersecurity Reserve of the Agency; and

(C) cybersecurity expertise.

(3) PRESCREENING.—The Agency shall—

(A) conduct a prescreening of each individual prior to appointment under subsection (b)(4) for any topic or product that would create a conflict of interest; and

(B) require each individual appointed under subsection (b)(4) to notify the Agency if a potential conflict of interest arises during the appointment.

(4) AGREEMENT REQUIRED.—An individual may become a member of the Civilian Cybersecurity Reserve only if the individual enters into an agreement with the Director to become such a member, which shall set forth the rights and obligations of the individual and the Agency.

(5) EXCEPTION FOR CONTINUING MILITARY SERVICE COMMITMENTS.—A member of the Selected Reserve under section 10143 of title 10, United States Code, may not be a member of the Civilian Cybersecurity Reserve.

(6) PRIORITY.—In appointing individuals to the Civilian Cybersecurity Reserve, the Agency shall prioritize the appointment of individuals described in clause (i) or (ii) of paragraph (2)(A) before considering individuals described in clause (iii) or (iv) of paragraph (2)(A).

(7) PROHIBITION.—Any individual who is an employee of the executive branch may not be recruited or appointed to serve in the Civilian Cybersecurity Reserve.

(d) Security clearances.—

(1) IN GENERAL.—The Director shall ensure that all members of the Civilian Cybersecurity Reserve undergo the appropriate personnel vetting and adjudication commensurate with the duties of the position, including a determination of eligibility for access to classified information where a security clearance is necessary, according to applicable policy and authorities.

(2) COST OF SPONSORING CLEARANCES.—If a member of the Civilian Cybersecurity Reserve requires a security clearance in order to carry out their duties, the Agency shall be responsible for the cost of sponsoring the security clearance of a member of the Civilian Cybersecurity Reserve.

(e) Study and implementation plan.—

(1) STUDY.—Not later than 60 days after the date of enactment of this Act, the Agency shall begin a study on the design and implementation of the pilot project authorized under subsection (b)(1) at the Agency, including—

(A) compensation and benefits for members of the Civilian Cybersecurity Reserve;

(B) activities that members may undertake as part of their duties;

(C) methods for identifying and recruiting members, including alternatives to traditional qualifications requirements;

(D) methods for preventing conflicts of interest or other ethical concerns as a result of participation in the pilot project and details of mitigation efforts to address any conflict of interest concerns;

(E) resources, including additional funding, needed to carry out the pilot project;

(F) possible penalties for individuals who do not respond to activation when called, in accordance with the rights and procedures set forth under title 5, Code of Federal Regulations; and

(G) processes and requirements for training and onboarding members.

(2) IMPLEMENTATION PLAN.—Not later than 1 year after beginning the study required under paragraph (1), the Agency shall—

(A) submit to the appropriate congressional committees an implementation plan for the pilot project authorized under subsection (b)(1); and

(B) provide to the appropriate congressional committees a briefing on the implementation plan.

(3) PROHIBITION.—The Agency may not take any action to begin implementation of the pilot project authorized under subsection (b)(1) until the Agency fulfills the requirements under paragraph (2).

(f) Project guidance.—Not later than 2 years after the date of enactment of this Act, the Director shall, in consultation with the Office of Personnel Management and the Office of Government Ethics, issue guidance establishing and implementing the pilot project authorized under subsection (b)(1) at the Agency.

(g) Briefings and report.—

(1) BRIEFINGS.—Not later than 1 year after the date of enactment of this Act, and every year thereafter, the Agency shall provide to the appropriate congressional committees a briefing on activities carried out under the pilot project of the Agency, including—

(A) participation in the Civilian Cybersecurity Reserve, including the number of participants, the diversity of participants, and any barriers to recruitment or retention of members;

(B) an evaluation of the ethical requirements of the pilot project;

(C) whether the Civilian Cybersecurity Reserve has been effective in providing additional capacity to the Agency during significant incidents; and

(D) an evaluation of the eligibility requirements for the pilot project.

(2) REPORT.—Not earlier than 6 months and not later than 3 months before the date on which the pilot project of the Agency terminates under subsection (i), the Agency shall submit to the appropriate congressional committees a report and provide a briefing on recommendations relating to the pilot project, including recommendations for—

(A) whether the pilot project should be modified, extended in duration, or established as a permanent program, and if so, an appropriate scope for the program;

(B) how to attract participants, ensure a diversity of participants, and address any barriers to recruitment or retention of members of the Civilian Cybersecurity Reserve;

(C) the ethical requirements of the pilot project and the effectiveness of mitigation efforts to address any conflict of interest concerns; and

(D) an evaluation of the eligibility requirements for the pilot project.

(h) Evaluation.—Not later than 3 years after the pilot project authorized under subsection (b) is established in the Agency, the Comptroller General of the United States shall—

(1) conduct a study evaluating the pilot project at the Agency; and

(2) submit to Congress—

(A) a report on the results of the study; and

(B) a recommendation with respect to whether the pilot project should be modified, extended in duration, or established as a permanent program.

(i) Sunset.—The pilot project authorized under this section shall terminate on the date that is 4 years after the date on which the pilot project is established.

(j) No additional funds.—

(1) IN GENERAL.—No additional funds are authorized to be appropriated for the purpose of carrying out this Act.

(2) EXISTING AUTHORIZED AMOUNTS.—Funds to carry out this Act may, as provided in advance in appropriations Acts, only come from amounts authorized to be appropriated to the Agency.

Calendar No. 348

117th CONGRESS
     2d Session
S. 1324
[Report No. 117–97]
A BILL
To establish a Civilian Cyber Security Reserve as a pilot project to address the cyber security needs of the United States with respect to national security, and for other purposes.
April 27, 2022
Reported with an amendment