Bill Sponsor
Senate Bill 903
118th Congress(2023-2024)
Department of Defense Civilian Cybersecurity Reserve Act
Introduced
Introduced
Introduced in Senate on Mar 21, 2023
Overview
Text
Introduced in Senate 
Mar 21, 2023
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
Introduced in Senate(Mar 21, 2023)
Mar 21, 2023
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
S. 903 (Introduced-in-Senate)


118th CONGRESS
1st Session
S. 903


To require the Secretary of the Army to carry out a pilot project to establish a Civilian Cybersecurity Reserve, and for other purposes.


IN THE SENATE OF THE UNITED STATES

March 21, 2023

Ms. Rosen (for herself and Mrs. Blackburn) introduced the following bill; which was read twice and referred to the Committee on Armed Services


A BILL

To require the Secretary of the Army to carry out a pilot project to establish a Civilian Cybersecurity Reserve, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Department of Defense Civilian Cybersecurity Reserve Act”.

SEC. 2. Civilian Cybersecurity Reserve pilot project.

(a) Definitions.—In this Act:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the Committee on Homeland Security and Governmental Affairs of the Senate;

(B) the Committee on Armed Services of the Senate;

(C) the Committee on Homeland Security of the House of Representatives; and

(D) the Committee on Armed Services of the House of Representatives.

(2) COMPETITIVE SERVICE.—The term “competitive service” has the meaning given the term in section 2102 of title 5, United States Code.

(3) EXCEPTED SERVICE.—The term “excepted service” has the meaning given the term in section 2103 of title 5, United States Code.

(4) TEMPORARY POSITION.—The term “temporary position” means a position in the competitive or excepted service for a period of 180 days or less.

(b) Pilot project.—

(1) IN GENERAL.—The Secretary of the Army shall carry out a pilot project to establish a Civilian Cybersecurity Reserve.

(2) PURPOSE.—The purpose of the Civilian Cybersecurity Reserve is to enable the Army to provide manpower to the United States Cyber Command to effectively—

(A) preempt, defeat, deter, or respond to malicious cyber activity;

(B) conduct cyberspace operations;

(C) secure information and systems of the Department of Defense against malicious cyber activity; and

(D) assist in solving cyber workforce-related challenges.

(3) ALTERNATIVE METHODS.—Consistent with section 4703 of title 5, United States Code, in carrying out the pilot project required under paragraph (1), the Secretary may, without further authorization from the Office of Personnel Management, provide for alternative methods of—

(A) establishing qualifications requirements for, recruitment of, and appointment to positions; and

(B) classifying positions.

(4) APPOINTMENTS.—Under the pilot project required under paragraph (1), in order to fulfill the purpose under paragraph (2), the Secretary—

(A) may activate members of the Civilian Cybersecurity Reserve by—

(i) noncompetitively appointing members of the Civilian Cybersecurity Reserve to temporary positions in the competitive service; or

(ii) appointing members of the Civilian Cybersecurity Reserve to temporary positions in the excepted service;

(B) shall notify Congress whenever a member is activated under subparagraph (A); and

(C) may appoint not more than 50 members to the Civilian Cybersecurity Reserve under subparagraph (A) at any time.

(5) STATUS AS EMPLOYEES.—An individual appointed under paragraph (4) shall be considered a Federal civil service employee under section 2105 of title 5, United States Code.

(6) ADDITIONAL EMPLOYEES.—Individuals appointed under paragraph (4) shall be in addition to any employees of the United States Cyber Command who provide cybersecurity services.

(7) EMPLOYMENT PROTECTIONS.—The Secretary of Labor shall prescribe such regulations as necessary to ensure the reemployment, continuation of benefits, and non-discrimination in reemployment of individuals appointed under paragraph (4), provided that such regulations shall include, at a minimum, those rights and obligations set forth under chapter 43 of title 38, United States Code.

(8) STATUS IN RESERVE.—During the period beginning on the date on which an individual is recruited to serve in the Civilian Cybersecurity Reserve and ending on the date on which the individual is appointed under paragraph (4), and during any period in between any such appointments, the individual shall not be considered a Federal employee.

(c) Eligibility; application and selection.—

(1) IN GENERAL.—Under the pilot project required under subsection (b)(1), the Secretary of the Army shall establish criteria for—

(A) individuals to be eligible for the Civilian Cybersecurity Reserve; and

(B) the application and selection processes for the Civilian Cybersecurity Reserve.

(2) REQUIREMENTS FOR INDIVIDUALS.—The criteria established under paragraph (1)(A) with respect to an individual shall include—

(A) if the individual has previously served as a member of the Civilian Cybersecurity Reserve, that the previous appointment ended not less than 60 days before the individual may be appointed for a subsequent temporary position in the Civilian Cybersecurity Reserve; and

(B) cybersecurity expertise.

(3) PRESCREENING.—The Secretary shall—

(A) conduct a prescreening of each individual prior to appointment under subsection (b)(4) for any topic or product that would create a conflict of interest; and

(B) require each individual appointed under subsection (b)(4) to notify the Secretary if a potential conflict of interest arises during the appointment.

(4) AGREEMENT REQUIRED.—An individual may become a member of the Civilian Cybersecurity Reserve only if the individual enters into an agreement with the Secretary to become such a member, which shall set forth the rights and obligations of the individual and the Army.

(5) EXCEPTION FOR CONTINUING MILITARY SERVICE COMMITMENTS.—A member of the Selected Reserve under section 10143 of title 10, United States Code, may not be a member of the Civilian Cybersecurity Reserve.

(6) PROHIBITION.—Any individual who is an employee of the executive branch may not be recruited or appointed to serve in the Civilian Cybersecurity Reserve.

(d) Security clearances.—

(1) IN GENERAL.—The Secretary of the Army shall ensure that all members of the Civilian Cybersecurity Reserve undergo the appropriate personnel vetting and adjudication commensurate with the duties of the position, including a determination of eligibility for access to classified information where a security clearance is necessary, according to applicable policy and authorities.

(2) COST OF SPONSORING CLEARANCES.—If a member of the Civilian Cybersecurity Reserve requires a security clearance in order to carry out the duties of the member, the Army shall be responsible for the cost of sponsoring the security clearance of the member.

(e) Implementation plan.—

(1) IN GENERAL.—Not later than 180 days after the date on which the Secretary of Defense submits to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives the report required under section 1540(d)(2) of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023 (Public Law 117–263) on the feasibility and advisability of creating and maintaining a civilian cybersecurity reserve corps, the Secretary of the Army shall—

(A) submit to the appropriate congressional committees an implementation plan for the pilot project required under subsection (b)(1); and

(B) provide to the appropriate congressional committees a briefing on the implementation plan.

(2) PROHIBITION.—The Secretary of the Army may not take any action to begin implementation of the pilot project required under subsection (b)(1) until the Secretary fulfills the requirements under paragraph (1).

(f) Project guidance.—Not later than two years after the date of the enactment of this Act, the Secretary of the Army shall, in consultation with the Office of Personnel Management and the Office of Government Ethics, issue guidance establishing and implementing the pilot project required under subsection (b)(1).

(g) Briefings and report.—

(1) BRIEFINGS.—Not later than one year after the date on which the guidance required under subsection (f) is issued, and every year thereafter until the date on which the pilot project required under subsection (b)(1) terminates under subsection (i), the Secretary of the Army shall provide to the appropriate congressional committees a briefing on activities carried out under the pilot project, including—

(A) participation in the Civilian Cybersecurity Reserve, including the number of participants, the diversity of participants, and any barriers to recruitment or retention of members;

(B) an evaluation of the ethical requirements of the pilot project;

(C) whether the Civilian Cybersecurity Reserve has been effective in providing additional capacity to the Army; and

(D) an evaluation of the eligibility requirements for the pilot project.

(2) REPORT.—Not earlier than 180 days and not later than 90 days before the date on which the pilot project required under subsection (b)(1) terminates under subsection (i), the Secretary shall submit to the appropriate congressional committees a report and provide a briefing on recommendations relating to the pilot project, including recommendations for—

(A) whether the pilot project should be modified, extended in duration, or established as a permanent program, and if so, an appropriate scope for the program;

(B) how to attract participants, ensure a diversity of participants, and address any barriers to recruitment or retention of members of the Civilian Cybersecurity Reserve;

(C) the ethical requirements of the pilot project and the effectiveness of mitigation efforts to address any conflict of interest concerns; and

(D) an evaluation of the eligibility requirements for the pilot project.

(h) Evaluation.—Not later than three years after the pilot project required under subsection (b)(1) is established, the Comptroller General of the United States shall—

(1) conduct a study evaluating the pilot project; and

(2) submit to Congress—

(A) a report on the results of the study; and

(B) a recommendation with respect to whether the pilot project should be modified.

(i) Sunset.—The pilot project required under subsection (b)(1) shall terminate on the date that is four years after the date on which the pilot project is established.

(j) No additional funds.—

(1) IN GENERAL.—No additional funds are authorized to be appropriated for the purpose of carrying out this Act.

(2) EXISTING AUTHORIZED AMOUNTS.—Funds to carry out this Act may, as provided in advance in appropriations Acts, only come from amounts authorized to be appropriated to the Army.