Text: S.890 — 116th Congress (2019-2020)All Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in Senate (03/27/2019)


116th CONGRESS
1st Session
S. 890


To authorize the Sergeant at Arms to protect the personal technology devices and accounts of Senators and covered employees from cyber attacks and hostile information collection activities, and for other purposes.


IN THE SENATE OF THE UNITED STATES

March 27, 2019

Mr. Wyden (for himself and Mr. Cotton) introduced the following bill; which was read twice and referred to the Committee on Rules and Administration


A BILL

To authorize the Sergeant at Arms to protect the personal technology devices and accounts of Senators and covered employees from cyber attacks and hostile information collection activities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Senate Cybersecurity Protection Act”.

SEC. 2. Definitions.

In this Act—

(1) the term “covered employing office” means—

(A) the personal office of a Senator;

(B) the office of a committee of the Senate;

(C) any other office of the Senate not described in subparagraph (A) or (B); or

(D) the office of a joint committee or joint commission;

(2) the term “covered employee” means an individual—

(A) who is employed or serving in a position as—

(i) an officer or employee of a covered employing office;

(ii) a detailee in a covered employing office, without regard to whether the service is on a reimbursable basis; or

(iii) a fellow in a covered employing office, without regard to whether the position is compensated or the source of the compensation;

(B) who is not a Senate authorizer; and

(C) whom the covered employing office has determined is highly vulnerable to cyber attacks and hostile information collection activities because of the position of the individual;

(3) the term “personal account” means an account for online or telecommunications services (including telephone, residential internet access, email, text and multimedia messaging, cloud computing, social media, health care, and financial services)—

(A) used by a Senate authorizer or covered employee;

(B) that is not administered or operated by the Sergeant at Arms; and

(C) with respect to which the parties signing the security memorandum of understanding as described in paragraph (6)(A) jointly agree that the Sergeant at Arms will provide security, in accordance with this Act;

(4) the term “personal technology device”—

(A) means a handheld communications device, laptop computer, desktop computer, or other internet-connected device—

(i) used by a Senate authorizer or covered employee;

(ii) that is not provided to the Senate authorizer or covered employee, or administered, by the Sergeant at Arms; and

(iii) with respect to which the parties signing the security memorandum of understanding as described in paragraph (6)(A) jointly agree that the Sergeant at Arms will provide security, in accordance with this Act; and

(B) may, if agreed to by the parties pursuant to the security memorandum of understanding, include any computer network to which a computer or device described in subparagraph (A) connects;

(5) the term “provide security” means to provide training, advice, support, technical assistance, and other services to prevent, detect, and recover from cyber attacks and hostile information collection activities;

(6) the term “security memorandum of understanding” means a written memorandum of understanding that—

(A) is signed by—

(i) the Sergeant at Arms;

(ii) the Senate authorizer or covered employee for whom the security will be provided pursuant to the memorandum; and

(iii) if the security is being provided for a covered employee, the applicable Senate authorizer for the covered employee;

(B) specifies the personal accounts or personal technology devices, or categories of personal accounts or personal technology devices, for which the Sergeant at Arms will provide security;

(C) describes the rights and responsibilities of each signing party relating to the provision of security and with respect to privacy; and

(D) shall be effective for a period of not more than 1 year;

(7) the term “Senate authorizer”—

(A) means a Senator or the head of a Senate office described in paragraph (1)(C);

(B) when used with respect to a covered employee not described in subparagraph (C), means the Senator or the head of a Senate office who has final authority to appoint, hire, discharge, and set the terms, conditions, or privileges of the employment of the covered employee; and

(C) when used with respect to a covered employee of a joint committee or joint commission, the Senator from the majority party of the Senate who—

(i) is a member of, or has authority over, the committee or commission; and

(ii) serves in the highest leadership role for a Senator in the committee or commission or, if there is no such leadership role, is the most senior Senator from the majority party of the committee or commission; and

(8) the term “Sergeant at Arms” means the Sergeant at Arms and Doorkeeper of the Senate.

SEC. 3. Cybersecurity assistance for personal technology devices and accounts.

(a) Authorization.—

(1) IN GENERAL.—Upon request by a Senate authorizer and upon the signing of a security memorandum of understanding by the parties described in section 2(6)(A), the Sergeant at Arms may use funds provided for official purposes in order to provide security for personal accounts and personal technology devices of the Senate authorizer or a covered employee of the Senate authorizer.

(2) ANNUAL RENEWAL.—A Senate authorizer or covered employee for whom the Sergeant at Arms is providing security for personal accounts and personal technology devices under a security memorandum of understanding may continue to receive such security services under this Act if the applicable signing parties described in section 2(6)(A) enter into a security memorandum of understanding each year.

(b) Aggregate reporting.—By the date that is 2 years after the date of enactment of this Act, and annually thereafter, the Sergeant at Arms shall prepare and submit to the Committee on Rules and Administration and the Select Committee on Intelligence of the Senate a report that includes aggregate statistics for the preceding fiscal year of the number of Senate authorizers and covered employees who entered into a security memorandum of understanding with the Sergeant at Arms and received security assistance for their personal accounts and personal technology devices.

(c) Rule of construction.—Nothing in this Act shall be construed to encourage any Senator or covered employee to conduct official Government business using a personal technology device.

SEC. 4. Annual GAO reports on cybersecurity and surveillance threats.

(a) Annual reports.—

(1) IN GENERAL.—Beginning 180 days after the date of enactment of this Act, and annually thereafter, the Comptroller General of the United States shall prepare and submit, to the Committee on Rules and Administration and the Select Committee on Intelligence of the Senate, a report regarding cybersecurity and surveillance threats to the legislative branch.

(2) STATISTICS.—Each report required under paragraph (1) shall include statistics on cyber attacks, and other incidents of espionage or surveillance targeted against Senators or the immediate families or staff of the Senators, in which the non-public communications and other private information of such targeted individuals were lost, stolen, or otherwise subject to unauthorized access by criminals or a foreign government.

(b) Consultation.—In preparing the report required under subsection (a), the Comptroller General shall consult with the Director of National Intelligence and the Sergeant at Arms.