[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7331 Introduced in House (IH)]
<DOC>
116th CONGRESS
2d Session
H. R. 7331
To establish the Office of the National Cyber Director, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 25, 2020
Mr. Langevin (for himself, Mr. Gallagher, Mrs. Carolyn B. Maloney of
New York, Mr. Katko, Mr. Ruppersberger, and Mr. Hurd of Texas)
introduced the following bill; which was referred to the Committee on
Oversight and Reform, and in addition to the Committees on Armed
Services, Foreign Affairs, and Intelligence (Permanent Select), for a
period to be subsequently determined by the Speaker, in each case for
consideration of such provisions as fall within the jurisdiction of the
committee concerned
_______________________________________________________________________
A BILL
To establish the Office of the National Cyber Director, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``National Cyber Director Act''.
SEC. 2. NATIONAL CYBER DIRECTOR.
(a) Establishment.--There is established, within the Executive
Office of the President, the Office of the National Cyber Director (in
this section referred to as the ``Office'').
(b) National Cyber Director.--
(1) In general.--The Office shall be headed by the National
Cyber Director (in this section referred to as the
``Director'') who shall be appointed by the President, by and
with the advice and consent of the Senate. As an exercise of
the rulemaking power of the Senate, any nomination of the
Director submitted to the Senate for confirmation, and referred
to a committee, shall be jointly referred to the Homeland
Security and Governmental Affairs and the Armed Services
Committees of the Senate. The Director shall hold office at the
pleasure of the President, and shall be entitled to receive the
same pay and allowances as are provided for level I of the
Executive Schedule under section 5312 of title 5, United States
Code.
(2) Deputy directors.--There shall be two Deputy National
Cyber Directors, to be appointed by the President, who shall
hold office at the pleasure of the President, and who shall
report to the Director, as follows:
(A) The Deputy National Cyber Director for
Strategy, Capabilities, and Budget.
(B) The Deputy National Cyber Director for Plans
and Operations.
(c) Duties of the National Cyber Director.--
(1) In general.--Subject to the authority, direction, and
control of the President, the Director shall--
(A) serve as the principal advisor to the President
on cybersecurity strategy and policy;
(B) in consultation with appropriate Federal
departments and agencies, develop the United States
National Cyber Strategy, which shall include elements
related to Federal departments and agencies--
(i) information security; and
(ii) programs and policies intended to
improve the United States cybersecurity
posture;
(C) in consultation with appropriate Federal
departments and agencies and upon approval of the
National Cyber Strategy by the President, supervise
implementation of the strategy by--
(i) in consultation with the Director of
the Office of Management and Budget, monitoring
and assessing the effectiveness, including
cost-effectiveness, of Federal departments and
agencies' implementation of the strategy;
(ii) making recommendations relevant to
changes in the organization, personnel and
resource allocation, and policies of Federal
departments and agencies to the Director of the
Office of Management and Budget and heads of
such departments and agencies in order to
implement the strategy;
(iii) reviewing the annual budget proposal
for each Federal department or agency and
certifying to the head of each Federal
department or agency and the Director of the
Office of Management and Budget whether the
department or agency proposal is consistent
with the strategy;
(iv) continuously assessing and making
relevant recommendations to the President on
the appropriate level of integration and
interoperability across the Federal
cybersecurity operations centers;
(v) coordinating with the Federal Chief
Information Officer, the Federal Chief
Information Security Officer, the Director of
the Cybersecurity and Infrastructure Security
Agency, and the Director of National Institute
of Standards and Technology on the development
and implementation of policies and guidelines
related to issues of Federal department and
agency information security; and
(vi) reporting annually to the President
and the Congress on the state of the United
States cybersecurity posture, the effectiveness
of the strategy, and the status of Federal
departments and agencies' implementation of the
strategy;
(D) lead joint interagency planning for the Federal
Government's integrated response to cyberattacks and
cyber campaigns of significant consequence, to
include--
(i) coordinating with relevant Federal
departments and agencies in the development of,
for the approval of the President, joint,
integrated operational plans, processes, and
playbooks for incident response that feature--
(I) clear lines of authority and
lines of effort across the Federal
Government;
(II) authorities that have been
delegated to an appropriate level to
facilitate effective operational
responses across the Federal
Government; and
(III) support for the integration
of defensive cyber plans and
capabilities with offensive cyber plans
and capabilities in a manner consistent
with improving the United States
cybersecurity posture;
(ii) exercising these operational plans,
processes, and playbooks;
(iii) updating these operational plans,
processes, and playbooks for incident response
as needed in coordination with ongoing
offensive cyber plans and operations; and
(iv) ensuring these plans, processes, and
playbooks are properly coordinated with
relevant private sector entities, as
appropriate;
(E) direct the Federal Government's response to
cyberattacks and cyber campaigns of significant
consequence, to include--
(i) developing for the approval of the
President, with the heads of relevant Federal
departments and agencies independently or
through the National Security Council as
directed by the President, operational
priorities, requirements, and tasks;
(ii) coordinating, deconflicting, and
ensuring the execution of operational
activities in incident response; and
(iii) coordinating operational activities
with relevant private sector entities;
(F) engage with private sector leaders on
cybersecurity and emerging technology issues with the
support of, and in coordination with, the Cybersecurity
and Infrastructure Security Agency and other Federal
departments and agencies, as appropriate;
(G) annually report to Congress on cybersecurity
threats and issues facing the nation, including any new
or emerging technologies that may impact national
security, economic prosperity, or enforcing the rule of
law; and
(H) be responsible for such other functions as the
President may direct.
(2) Delegation of authority.--The Director may--
(A) serve as the senior representative on any body
that the President may establish for the purpose of
providing the President advice on cybersecurity;
(B) be empowered to convene National Security
Council, National Economic Council and Homeland
Security Council meetings, with the concurrence of the
National Security Advisor, Homeland Security Advisor,
or Director of the National Economic Council, as
appropriate;
(C) be included as a participant in preparations
for and, if appropriate, execution of cybersecurity
summits and other international meetings at which
cybersecurity is a major topic;
(D) delegate any of the Director's functions,
powers, and duties to such officers and employees of
the Office as he may designate; and
(E) authorize such successive re-delegations of
such functions, powers, and duties to such officers and
employees of the Office as he may deem appropriate.
(d) Attendance and Participation in National Security Council
Meetings.--Section 101(c)(2) of the National Security Act of 1947 (50
U.S.C. 3021(c)(2)) is amended by striking ``and the Chairman of the
Joint Chiefs of Staff'' and inserting ``the Chairman of the Joint
Chiefs of Staff, and the National Cyber Director''.
(e) Powers of the Director.--The Director may, for the purposes of
carrying out the Director's functions under this section--
(1) subject to the civil service and classification laws,
select, appoint, employ, and fix the compensation of such
officers and employees as are necessary and prescribe their
authority and duties, except that not more than 75 individuals
may be employed without regard to any provision of law
regulating the employment or compensation at rates not to
exceed the basic rate of basic pay payable for level IV of the
Executive Schedule under section 5315 of title 5, United States
Code;
(2) employ experts and consultants in accordance with
section 3109 of title 5, United States Code, and compensate
individuals so employed for each day (including travel time) at
rates not in excess of the maximum rate of basic pay for grade
GS-15 as provided in section 5332 of such title, and while such
experts and consultants are so serving away from their homes or
regular place of business, to pay such employees travel
expenses and per diem in lieu of subsistence at rates
authorized by section 5703 of such title 5 for persons in
Federal Government service employed intermittently;
(3) promulgate such rules and regulations as may be
necessary to carry out the functions, powers, and duties vested
in the Director;
(4) utilize, with their consent, the services, personnel,
and facilities of other Federal agencies;
(5) enter into and perform such contracts, leases,
cooperative agreements, or other transactions as may be
necessary in the conduct of the work of the Office and on such
terms as the Director may determine appropriate, with any
Federal agency, or with any public or private person or entity;
(6) accept voluntary and uncompensated services,
notwithstanding the provisions of section 1342 of title 31,
United States Code;
(7) adopt an official seal, which shall be judicially
noticed; and
(8) provide, where authorized by law, copies of documents
to persons at cost, except that any funds so received shall be
credited to, and be available for use from, the account from
which expenditures relating thereto were made.
(f) Definitions.--In this section:
(1) Cybersecurity posture.--The term ``cybersecurity
posture'' means the ability to identify and protect, and
detect, respond to and recover from intrusions in, information
systems the compromise of which could constitute a cyber attack
or cyber campaign of significant consequence.
(2) Cyber attacks and cyber campaigns of significant
consequence.--The term ``cyber attacks and cyber campaigns of
significant consequence'' means an incident or series of
incidents that have the purpose or effect of--
(A) causing a significant disruption to the
availability of a Federal information system;
(B) harming, or otherwise significantly
compromising the provision of service by, a computer or
network of computers that support one or more entities
in a critical infrastructure sector;
(C) significantly compromising the provision of
services by one or more entities in a critical
infrastructure sector;
(D) causing a significant misappropriation of funds
or economic resources, trade secrets, personal
identifiers, or financial information for commercial or
competitive advantage or private financial gain; or
(E) otherwise constituting a significant threat to
the national security, foreign policy, or economic
health or financial stability of the United States.
(3) Incident.--The term ``incident'' has the meaning given
that term in section 3552 of title 44, United States Code.
(4) Information security.--The term ``information
security'' has the meaning given that term in section 3552 of
title 44, United States Code.
<all>