[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7265 Introduced in House (IH)]

<DOC>






116th CONGRESS
  2d Session
                                H. R. 7265

To improve assistance provided by the Hollings Manufacturing Extension 
  Partnership to small manufacturers in the defense industrial supply 
  chain on matters relating to cybersecurity, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                             June 18, 2020

 Mr. Panetta (for himself, Mr. Wilson of South Carolina, Ms. Slotkin, 
 Mr. Mitchell, Mr. Ruppersberger, Mr. Reschenthaler, Ms. Stevens, Mr. 
  Carbajal, and Mr. Suozzi) introduced the following bill; which was 
              referred to the Committee on Armed Services

_______________________________________________________________________

                                 A BILL


 
To improve assistance provided by the Hollings Manufacturing Extension 
  Partnership to small manufacturers in the defense industrial supply 
  chain on matters relating to cybersecurity, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Small Manufacturer Cybersecurity 
Enhancement Act''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) The Office of the Director of National Intelligence 
        stated in its 2019 Worldwide Threat Assessment that United 
        States adversaries and strategic competitors will increasingly 
        use cyber capabilities--including cyber espionage, attack, and 
        influence--to seek political, economic, and military advantage 
        over the United States and its allies.
            (2) The Department of Defense recognizes that small 
        manufacturers operating in the defense supply chain are 
        particularly vulnerable to cyber attacks because they 
        frequently lack the necessary human and financial resources to 
        protect themselves.
            (3) The Department of Defense is implementing its 
        Cybersecurity Maturity Model Certification (CMMC) to protect 
        Controlled Unclassified Information and critical United States 
        technology and information from cyber theft and hacking. All 
        defense contractors will need to comply with CMMC.
            (4) The Undersecretary of Defense for Acquisition and 
        Sustainment has stated that smaller companies in the defense 
        supply chain might not be able to afford the Department of 
        Defense's increasingly demanding cybersecurity requirements, 
        but that the Department is committed to ensuring that such 
        companies get the resources they need to comply.
            (5) According to the Bureau of Labor Statistics, there are 
        more than 347,000 manufacturing establishments in the United 
        States, of which 72 percent have fewer than 20 employees and 99 
        percent have fewer than 500 employees.
            (6) During the past 7 years the Hollings Manufacturing 
        Extension Partnership (MEP) Centers have worked closely with 
        the Department of Defense to bolster the resilience of the 
        defense industrial base supply chain by providing cybersecurity 
        services to small manufacturers. The MEP Centers have worked 
        with more than 26,000 small- and medium-sized manufacturers 
        nationwide in fiscal year 2019 alone.
            (7) Hollings Manufacturing Extension Partnership Centers 
        are located in all 50 States and provide a nationwide network 
        that is--
                    (A) raising the awareness of small manufacturers to 
                cyber threats;
                    (B) helping small manufacturers comply with new 
                Department of Defense cybersecurity requirements; and
                    (C) helping small manufacturers understand that if 
                they do not comply with new Department of Defense 
                cybersecurity requirements, then they risk losing their 
                defense contracts.
            (8) The Hollings Manufacturing Extension Partnership 
        Centers are well-positioned to aid small manufacturing 
        companies in the defense supply chain in complying with 
        cybersecurity requirements to protect controlled unclassified 
        information relevant to defense manufacturing supply chains.

SEC. 3. ASSISTANCE FOR SMALL MANUFACTURERS IN THE DEFENSE INDUSTRIAL 
              SUPPLY CHAIN ON MATTERS RELATING TO CYBERSECURITY.

    (a) In General.--Subject to the availability of appropriations, the 
Secretary of Defense, acting through the Office of Economic Adjustment 
and in consultation with the Director of the National Institute of 
Standards and Technology, may make grants to a Center established under 
the Hollings Manufacturing Extension Partnership for the purpose of 
providing cybersecurity services to small manufacturers.
    (b) Criteria.--The Secretary shall establish and publish in the 
Federal Register criteria for selecting grant recipients under this 
section.
    (c) Use of Funds.--Grant funds under this section--
            (1) shall be used by a Center to provide small 
        manufacturers with cybersecurity services related to--
                    (A) compliance with the cybersecurity requirements 
                of the Department of Defense Supplement to the Federal 
                Acquisition Regulation, including awareness, 
                assessment, evaluation, preparation, and implementation 
                of cybersecurity services; and
                    (B) achieving compliance with the Cybersecurity 
                Maturity Model Certification framework of the 
                Department of Defense; and
            (2) may be used by a Center to employ trained personnel to 
        deliver cybersecurity services to small manufacturers.
    (d) Reports.--The Secretary shall submit to the congressional 
defense committees a biennial report on grants awarded under this 
section. To the extent practicable, each such report shall include the 
following with respect to the years covered by the report:
            (1) The number of small manufacturing companies assisted.
            (2) A description of the cybersecurity services provided.
            (3) A description of the cybersecurity matters addressed.
            (4) An analysis of the operational effectiveness and cost-
        effectiveness of the cybersecurity services provided.
    (e) Termination.--The authority of the Secretary of Defense to make 
grants under this section shall terminate on the date that is five 
years after the date of the enactment of this Act.
    (f) Definitions.--In this section:
            (1) Center.--The term ``Center'' has the meaning given that 
        term in section 25(a) of the National Institute of Standards 
        and Technology Act (15 U.S.C. 278k(a)).
            (2) Congressional defense committees.--The term 
        ``congressional defense committees'' has the meaning given that 
        term in section 101(a)(16) of title 10, United States Code.
            (3) Small manufacturer.--The term ``small manufacturer'' 
        has the meaning given that term in section 1644(g) of the John 
        S. McCain National Defense Authorization Act for Fiscal Year 
        2019 (Public Law 115-232; 10 U.S.C. 2224 note).
                                 <all>