[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4462 Introduced in House (IH)]
<DOC>
118th CONGRESS
1st Session
H. R. 4462
To direct the Secretary of Homeland Security and the Director of
National Intelligence to submit a joint report on foreign threats to
elections in the United States and to establish procedures to test for
and monitor cybersecurity vulnerabilities in certain equipment used in
the administration of elections for Federal office, and for other
purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 3, 2023
Ms. Mace introduced the following bill; which was referred to the
Committee on House Administration, and in addition to the Committees on
Homeland Security, and Intelligence (Permanent Select), for a period to
be subsequently determined by the Speaker, in each case for
consideration of such provisions as fall within the jurisdiction of the
committee concerned
_______________________________________________________________________
A BILL
To direct the Secretary of Homeland Security and the Director of
National Intelligence to submit a joint report on foreign threats to
elections in the United States and to establish procedures to test for
and monitor cybersecurity vulnerabilities in certain equipment used in
the administration of elections for Federal office, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Election Security Assistance Act''.
SEC. 2. REPORTS TO CONGRESS ON FOREIGN THREATS TO ELECTIONS.
(a) In General.--Not later than 30 days after the date of enactment
of this Act, and 30 days after the end of each fiscal year thereafter,
the Secretary of Homeland Security and the Director of National
Intelligence, in coordination with the heads of the appropriate Federal
entities, shall submit a joint report to the appropriate congressional
committees and the chief State election official of each State on
foreign threats to elections in the United States, including physical
and cybersecurity threats.
(b) Voluntary Participation by States.--The Secretary shall solicit
and consider voluntary comments from all State election agencies.
Participation by an election agency in the report under this section
shall be voluntary and at the discretion of the State.
(c) Appropriate Federal Entities.--In this section, the term
``appropriate Federal entities'' means--
(1) the Department of Commerce, including the National
Institute of Standards and Technology;
(2) the Department of Defense;
(3) the Department of Homeland Security, including the
component of the Department that reports to the Under Secretary
responsible for overseeing critical infrastructure protection,
cybersecurity, and other related programs of the Department;
(4) the Department of Justice, including the Federal Bureau
of Investigation;
(5) the Election Assistance Commission; and
(6) the Office of the Director of National Intelligence,
the National Security Agency, and such other elements of the
intelligence community (as defined in section 3 of the National
Security Act of 1947 (50 U.S.C. 3003)) as the Director of
National Intelligence determines are appropriate.
(d) Other Definitions.--In this section--
(1) the term ``appropriate congressional committees''
means--
(A) the Committee on Rules and Administration, the
Committee on Homeland Security and Governmental
Affairs, the Select Committee on Intelligence, and the
Committee on Foreign Relations of the Senate; and
(B) the Committee on House Administration, the
Committee on Homeland Security, the Permanent Select
Committee on Intelligence, and the Committee on Foreign
Affairs of the House of Representatives;
(2) the term ``chief State election official'' means, with
respect to a State, the individual designated by the State
under section 10 of the National Voter Registration Act of 1993
(52 U.S.C. 20509) to be responsible for coordination of the
State's responsibilities under such Act;
(3) the term ``election agency'' means any component of a
State or any component of a unit of local government of a State
that is responsible for administering Federal elections;
(4) the term ``Secretary'' means the Secretary of Homeland
Security; and
(5) the term ``State'' has the meaning given such term in
section 901 of the Help America Vote Act of 2002 (52 U.S.C.
21141).
SEC. 3. PROCESS TO TEST FOR AND MONITOR CYBERSECURITY VULNERABILITIES
IN ELECTION EQUIPMENT.
(a) Process for Covered Voting Systems.--
(1) In general.--The Director of the Cybersecurity and
Infrastructure Security Agency of the Department of Homeland
Security and the Election Assistance Commission (in
consultation with the Technical Guidelines Development
Committee and the Standards Board of the Commission), shall
jointly establish a voluntary process to test for and monitor
covered voting systems for cybersecurity vulnerabilities. Such
process shall include the following:
(A) Mitigation strategies and other remedies.
(B) Notice to the Commission and appropriate
entities of the results of testing conducted pursuant
to such process.
(2) Implementation.--The Director shall implement the
process established under paragraph (1) at the request of the
Commission.
(b) Labeling for Voting Systems.--The Commission (in consultation
with the Technical Guidelines Development Committee and the Standards
Board of the Commission), shall establish a process to provide for the
deployment of appropriate labeling available through the website of the
Commission to indicate that covered voting systems passed the most
recent cybersecurity testing pursuant to the process established under
subsection (a).
(c) Rules of Construction.--The process established under
subsection (a), including the results of any testing carried out
pursuant to this section, shall not affect--
(1) the certification status of equipment used in the
administration of an election for Federal office under the Help
America Vote Act of 2002; or
(2) the authority of the Commission to so certify such
equipment under such Act.
(d) Definition.--In this section, the term ``covered voting
systems'' means equipment used in the administration of an election for
Federal office that is certified in accordance with versions of
Voluntary Voting System Guidelines under the Help America Vote Act of
2002 under which such equipment is not required to be tested for
cybersecurity vulnerabilities.
SEC. 4. DUTY OF SECRETARY OF HOMELAND SECURITY TO NOTIFY STATE AND
LOCAL OFFICIALS OF ELECTION CYBERSECURITY INCIDENTS.
(a) Duty To Share Information With Department of Homeland
Security.--If a Federal entity receives information about an election
cybersecurity incident, the Federal entity shall promptly share that
information with the Department of Homeland Security, unless the head
of the entity (or a Senate-confirmed official designated by the head)
makes a specific determination in writing that there is good cause to
withhold the particular information.
(b) Response to Receipt of Information by Secretary of Homeland
Security.--
(1) In general.--Upon receiving information about an
election cybersecurity incident under subsection (a), the
Secretary of Homeland Security, in consultation with the
Attorney General, the Director of the Federal Bureau of
Investigation, and the Director of National Intelligence, shall
promptly (but in no case later than 96 hours after receiving
the information) review the information and make a
determination whether each of the following apply:
(A) There is credible evidence that the incident
occurred.
(B) There is a basis to believe that the incident
resulted, could have resulted, or could result in voter
information systems or voter tabulation systems being
altered or otherwise affected.
(2) Duty to notify state and local officials.--
(A) Duty described.--If the Secretary makes a
determination under paragraph (1) that subparagraphs
(A) and (B) of such paragraph apply with respect to an
election cybersecurity incident, not later than 96
hours after making the determination, the Secretary
shall provide a notification of the incident to each of
the following:
(i) The chief executive of the State
involved.
(ii) The State election official of the
State involved.
(iii) The local election official of the
election agency involved.
(B) Treatment of classified information.--
(i) Efforts to avoid inclusion of
classified information.--In preparing a
notification provided under this paragraph to
an individual described in clause (i), (ii), or
(iii) of subparagraph (A), the Secretary shall
attempt to avoid the inclusion of classified
information.
(ii) Providing guidance to state and local
officials.--To the extent that a notification
provided under this paragraph to an individual
described in clause (i), (ii), or (iii) of
subparagraph (A) includes classified
information, the Secretary (in consultation
with the Attorney General and the Director of
National Intelligence) shall indicate in the
notification which information is classified.
(3) Exception.--
(A) In general.--If the Secretary, in consultation
with the Attorney General and the Director of National
Intelligence, makes a determination that it is not
possible to provide a notification under paragraph (1)
with respect to an election cybersecurity incident
without compromising intelligence methods or sources or
interfering with an ongoing investigation, the
Secretary shall not provide the notification under such
paragraph.
(B) Ongoing review.--Not later than 30 days after
making a determination under subparagraph (A) and every
30 days thereafter, the Secretary shall review the
determination. If, after reviewing the determination,
the Secretary makes a revised determination that it is
possible to provide a notification under paragraph (2)
without compromising intelligence methods or sources or
interfering with an ongoing investigation, the
Secretary shall provide the notification under
paragraph (2) not later than 96 hours after making such
revised determination.
(4) Coordination with election assistance commission.--The
Secretary shall make determinations and provide notifications
under this subsection in the same manner, and subject to the
same terms and conditions relating to the role of the Election
Assistance Commission, in which the Director of the
Cybersecurity and Infrastructure Security Agency of the
Department of Homeland Security makes determinations as to the
necessity of an advisory and the issuance of an advisory under
section 3(a) and the provision of notification under section
3(b).
(c) Definitions.--In this section, the following definitions apply:
(1) Election agency.--The term ``election agency'' means
any component of a State, or any component of a unit of local
government in a State, which is responsible for the
administration of elections for Federal office in the State.
(2) Election cybersecurity incident.--The term ``election
cybersecurity incident'' means an occurrence that actually or
imminently jeopardizes, without lawful authority, the
integrity, confidentiality, or availability of information on
an information system of election infrastructure (including a
vote tabulation system), or actually or imminently jeopardizes,
without lawful authority, such an information system of
election infrastructure.
(3) Federal election.--The term ``Federal election'' means
any election (as defined in section 301(1) of the Federal
Election Campaign Act of 1971 (52 U.S.C. 30101(1))) for Federal
office (as defined in section 301(3) of the Federal Election
Campaign Act of 1971 (52 U.S.C. 30101(3))).
(4) Federal entity.--The term ``Federal entity'' means any
agency (as defined in section 551 of title 5, United States
Code).
(5) Local election official.--The term ``local election
official'' means the chief election official of a component of
a unit of local government of a State that is responsible for
administering Federal elections.
(6) Secretary.--The term ``Secretary'' means the Secretary
of Homeland Security.
(7) State.--The term ``State'' means each of the several
States, the District of Columbia, the Commonwealth of Puerto
Rico, Guam, American Samoa, the Commonwealth of Northern
Mariana Islands, and the United States Virgin Islands.
(8) State election official.--The term ``State election
official'' means--
(A) the chief State election official of a State
designated under section 10 of the National Voter
Registration Act of 1993 (52 U.S.C. 20509); or
(B) in the case of Puerto Rico, Guam, American
Samoa, the Northern Mariana Islands, and the United
States Virgin Islands, a chief State election official
designated by the State for purposes of this Act.
(d) Effective Date.--This section shall apply with respect to
information about an election cybersecurity incident which is received
on or after the date of the enactment of this Act.
SEC. 5. RULE OF CONSTRUCTION.
Nothing in this Act may be construed as authorizing the Secretary
of Homeland Security to carry out the administration of an election for
Federal office.
<all>