[Pages S3528-S3529]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 2098. Mr. PERDUE (for himself, Ms. Sinema, Mr. King, and Mrs. 
Loeffler) submitted an amendment intended to be proposed by him to the 
bill S. 4049, to authorize appropriations for fiscal year 2021 for 
military activities of the Department of Defense, for military 
construction, and for defense activities of the Department of Energy, 
to prescribe military personnel strengths for such fiscal year, and for 
other purposes; which was ordered to lie on the table; as follows:

       At the appropriate place, insert the following:

     SEC. __. CYBERSECURITY ADVISORY COMMITTEE.

       (a) Short Title.--This section may be cited as the 
     ``Cybersecurity Advisory Committee Authorization Act of 
     2020''.

[[Page S3529]]

       (b) In General.--Subtitle A of title XXII of the Homeland 
     Security Act of 2002 (6 U.S.C. 651 et seq.) is amended by 
     adding at the end the following:

     ``SEC. 2215. CYBERSECURITY ADVISORY COMMITTEE.

       ``(a) Establishment.--The Secretary shall establish within 
     the Agency a Cybersecurity Advisory Committee (referred to in 
     this section as the `Advisory Committee').
       ``(b) Duties.--
       ``(1) In general.--The Advisory Committee shall advise, 
     consult with, report to, and make recommendations to the 
     Director, as appropriate, on the development, refinement, and 
     implementation of policies, programs, planning, and training 
     pertaining to the cybersecurity mission of the Agency.
       ``(2) Recommendations.--
       ``(A) In general.--The Advisory Committee shall develop, at 
     the request of the Director, recommendations for improvements 
     to advance the cybersecurity mission of the Agency and 
     strengthen the cybersecurity of the United States.
       ``(B) Recommendations of subcommittees.--Recommendations 
     agreed upon by subcommittees established under subsection (d) 
     for any year shall be approved by the Advisory Committee 
     before the Advisory Committee submits to the Director the 
     annual report under paragraph (4) for that year.
       ``(3) Periodic reports.--The Advisory Committee shall 
     periodically submit to the Director--
       ``(A) reports on matters identified by the Director; and
       ``(B) reports on other matters identified by a majority of 
     the members of the Advisory Committee.
       ``(4) Annual report.--
       ``(A) In general.--The Advisory Committee shall submit to 
     the Director an annual report providing information on the 
     activities, findings, and recommendations of the Advisory 
     Committee, including its subcommittees, for the preceding 
     year.
       ``(B) Publication.--Not later than 180 days after the date 
     on which the Director receives an annual report for a year 
     under subparagraph (A), the Director shall publish a public 
     version of the report describing the activities of the 
     Advisory Committee and such related matters as would be 
     informative to the public during that year, consistent with 
     section 552(b) of title 5, United States Code.
       ``(5) Feedback.--Not later than 90 days after receiving any 
     recommendation submitted by the Advisory Committee under 
     paragraph (2), (3), or (4), the Director shall respond in 
     writing to the Advisory Committee with feedback on the 
     recommendation. Such a response shall include--
       ``(A) with respect to any recommendation with which the 
     Director concurs, an action plan to implement the 
     recommendation; and
       ``(B) with respect to any recommendation with which the 
     Director does not concur, a justification for why the 
     Director does not plan to implement the recommendation.
       ``(6) Congressional notification.--Not less frequently than 
     once per year after the date of enactment of this section, 
     the Director shall provide to the Committee on Homeland 
     Security and Governmental Affairs and the Committee on 
     Appropriations of the Senate and the Committee on Homeland 
     Security and the Committee on Appropriations of the House of 
     Representatives a briefing on feedback from the Advisory 
     Committee.
       ``(7) Governance rules.--The Director shall establish rules 
     for the structure and governance of the Advisory Committee 
     and all subcommittees established under subsection (d).
       ``(c) Membership.--
       ``(1) Appointment.--
       ``(A) In general.--Not later than 180 days after the date 
     of enactment of the Cybersecurity Advisory Committee 
     Authorization Act of 2020, the Director shall appoint the 
     members of the Advisory Committee.
       ``(B) Composition.--The membership of the Advisory 
     Committee shall consist of not more than 35 individuals.
       ``(C) Representation.--
       ``(i) In general.--The membership of the Advisory Committee 
     shall--

       ``(I) consist of subject matter experts;
       ``(II) be geographically balanced; and
       ``(III) include representatives of State, local, and Tribal 
     governments and of a broad range of industries, which may 
     include the following:

       ``(aa) Defense.
       ``(bb) Education.
       ``(cc) Financial services and insurance.
       ``(dd) Healthcare.
       ``(ee) Manufacturing.
       ``(ff) Media and entertainment.
       ``(gg) Chemicals.
       ``(hh) Retail.
       ``(ii) Transportation.
       ``(jj) Energy.
       ``(kk) Information Technology.
       ``(ll) Communications.
       ``(mm) Other relevant fields identified by the Director.
       ``(ii) Prohibition.--Not less than 1 member nor more than 3 
     members may represent any 1 category under clause (i)(III).
       ``(iii) Publication of membership list.--The Advisory 
     Committee shall publish its membership list on a publicly 
     available website not less than once per fiscal year and 
     shall update the membership list as changes occur.
       ``(2) Term of office.--
       ``(A) Terms.--The term of each member of the Advisory 
     Committee shall be 2 years, except that a member may continue 
     to serve until a successor is appointed.
       ``(B) Removal.--The Director may review the participation 
     of a member of the Advisory Committee and remove such member 
     any time at the discretion of the Director.
       ``(C) Reappointment.--A member of the Advisory Committee 
     may be reappointed for an unlimited number of terms.
       ``(3) Prohibition on compensation.--The members of the 
     Advisory Committee may not receive pay or benefits from the 
     United States Government by reason of their service on the 
     Advisory Committee.
       ``(4) Meetings.--
       ``(A) In general.--The Director shall require the Advisory 
     Committee to meet not less frequently than semiannually, and 
     may convene additional meetings as necessary.
       ``(B) Public meetings.--At least one of the meetings 
     referred to in subparagraph (A) shall be open to the public.
       ``(C) Attendance.--The Advisory Committee shall maintain a 
     record of the persons present at each meeting.
       ``(5) Member access to classified information.--
       ``(A) In general.--Not later than 60 days after the date on 
     which a member is first appointed to the Advisory Committee 
     and before the member is granted access to any classified 
     information, the Director shall determine, for the purposes 
     of the Advisory Committee, if the member should be restricted 
     from reviewing, discussing, or possessing classified 
     information.
       ``(B) Access.--Access to classified materials shall be 
     managed in accordance with Executive Order No. 13526 of 
     December 29, 2009 (75 Fed. Reg. 707), or any subsequent 
     corresponding Executive Order.
       ``(C) Protections.--A member of the Advisory Committee 
     shall protect all classified information in accordance with 
     the applicable requirements for the particular level of 
     classification of such information.
       ``(D) Rule of construction.--Nothing in this paragraph 
     shall be construed to affect the security clearance of a 
     member of the Advisory Committee or the authority of a 
     Federal agency to provide a member of the Advisory Committee 
     access to classified information.
       ``(6) Chairperson.--The Advisory Committee shall select, 
     from among the members of the Advisory Committee--
       ``(A) a member to serve as chairperson of the Advisory 
     Committee; and
       ``(B) a member to serve as chairperson of each subcommittee 
     of the Advisory Committee established under subsection (d).
       ``(d) Subcommittees.--
       ``(1) In general.--The Director shall establish 
     subcommittees within the Advisory Committee to address 
     cybersecurity issues, which may include the following:
       ``(A) Information exchange.
       ``(B) Critical infrastructure.
       ``(C) Risk management.
       ``(D) Public and private partnerships.
       ``(2) Meetings and reporting.--Each subcommittee shall meet 
     not less frequently than semiannually, and submit to the 
     Advisory Committee for inclusion in the annual report 
     required under subsection (b)(4) information, including 
     activities, findings, and recommendations, regarding subject 
     matter considered by the subcommittee.
       ``(3) Subject matter experts.--The chair of the Advisory 
     Committee shall appoint members to subcommittees and shall 
     ensure that each member appointed to a subcommittee has 
     subject matter expertise relevant to the subject matter of 
     the subcommittee.''.
       (c) Clerical Amendment.--The table of contents in section 
     1(b) of the Homeland Security Act of 2002 (Public Law 107-
     296; 116 Stat. 2135) is amended by inserting after the item 
     relating to section 2214 the following:

``Sec. 2215. Cybersecurity Advisory Committee.''.
                                 ______