Cybersecurity Advisory Committee Authorization Act of 2019
This bill requires the Department of Homeland Security to establish a cybersecurity advisory committee within the Cybersecurity and Infrastructure Security Agency (CISA) to consult on the development, refinement, and implementation of policies, programs, and security directives pertinent to the mission of CISA.
[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1975 Introduced in House (IH)]
<DOC>
116th CONGRESS
1st Session
H. R. 1975
To establish in the Cybersecurity and Infrastructure Security Agency of
the Department of Homeland Security a Chief Information Security
Officer Advisory Committee.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
March 28, 2019
Mr. Katko (for himself, Mr. Newhouse, Mr. Fitzpatrick, and Mr.
Lipinski) introduced the following bill; which was referred to the
Committee on Homeland Security, and in addition to the Committees on
Energy and Commerce, and Oversight and Reform, for a period to be
subsequently determined by the Speaker, in each case for consideration
of such provisions as fall within the jurisdiction of the committee
concerned
_______________________________________________________________________
A BILL
To establish in the Cybersecurity and Infrastructure Security Agency of
the Department of Homeland Security a Chief Information Security
Officer Advisory Committee.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cybersecurity Advisory Committee
Authorization Act of 2019''.
SEC. 2. CYBERSECURITY ADVISORY COMMITTEE.
(a) In General.--Subtitle A of title XXII of the Homeland Security
Act of 2002 is amended by adding at the end the following new section:
``SEC. 2215. CYBERSECURITY ADVISORY COMMITTEE.
``(a) Establishment.--The Secretary shall establish within the
Cybersecurity and Infrastructure Security Agency a Cybersecurity
Advisory Committee.
``(b) Duties.--
``(1) In general.--The Advisory Committee may advise,
consult with, report to, and make recommendations to the
Director of Cybersecurity and Infrastructure Security on the
development, refinement, and implementation of policies,
programs, rulemakings, planning, training, and security
directives pertaining to the mission of the Cybersecurity and
Infrastructure Security Agency.
``(2) Recommendations.--
``(A) In general.--The Advisory Committee shall
develop, at the request of the Director,
recommendations for improvements to the cybersecurity
mission of the Cybersecurity and Infrastructure
Security Agency.
``(B) Recommendations of subcommittees.--
Recommendations agreed upon by the subcommittees
established under subsection (d) for any year shall be
approved by the Advisory Committee before the Advisory
Committee submits to the Director the annual report
under paragraph (4) for that year.
``(3) Periodic reports.--The Advisory Committee shall
periodically submit to the Director--
``(A) reports on matters identified by the
Director; and
``(B) reports on other matters identified by a
majority of the members of the Advisory Committee.
``(4) Annual report.--The Advisory Committee shall submit
to the Director an annual report providing information on the
activities, findings, and recommendations of the Advisory
Committee, including its subcommittees, for the preceding year.
Not later than six months after the date that the Director
receives an annual report for a year, the Director shall
publish a public version of the report describing the
activities of the Advisory Committee and such related matters
as would be informative to the public during that year,
consistent with section 552(b) of title 5, United States Code.
``(5) Feedback.--Not later than 90 days after receiving any
recommendation submitted by the Advisory Committee under
paragraph (2), (3), or (4), the Director shall respond in
writing to the Advisory Committee with feedback on the
recommendation. Such a response shall include--
``(A) with respect to any recommendation with which
the Director concurs, an action plan to implement the
recommendation; and
``(B) with respect to any recommendation with which
the Director does not concur, a justification for why
the Director does not plan to implement the
recommendation.
``(6) Congressional notification.--For each fiscal quarter
beginning after the date of the enactment of this section, the
Director shall provide to the Committee on Homeland Security
and Governmental Affairs and the Committee on Appropriations of
the Senate and the Committee on Homeland Security and the
Committee on Appropriations of the House of Representatives a
briefing on feedback from the Advisory Committee.
``(c) Membership.--
``(1) Appointment.--
``(A) In general.--Not later than 180 days after
the date of the enactment of this Act, the Director
shall appoint the members of the Advisory Committee.
``(B) Composition.--The membership of the Advisory
Committee shall consist of not more than 35
individuals, each of whom represent a category referred
to in subparagraph (C)(i).
``(C) Representation.--
``(i) In general.--The membership of the
Advisory Committee shall include
representatives of State and local governments
and of a broad range of industries, including
the following:
``(I) Defense.
``(II) Education.
``(III) Financial services.
``(IV) Healthcare.
``(V) Manufacturing.
``(VI) Media and entertainment.
``(VII) Chemicals.
``(VIII) Retail.
``(IX) Transportation.
``(X) Energy.
``(XI) Information Technology.
``(XII) Communications.
``(XIII) Other relevant fields
identified by the Director.
``(ii) Prohibition.--Not more than three
members may represent any one category under
clause (i).
``(2) Term of office.--
``(A) Terms.--The term of each member of the
Advisory Committee shall be two years, but a member may
continue to serve until a successor is appointed.
``(B) Removal.--The Director may review the
participation of a member of the Advisory Committee and
remove such member for cause at any time.
``(C) Reappointment.--A member of the Advisory
Committee may be reappointed for an unlimited number of
terms.
``(3) Delegation of responsibilities.--A member of the
Advisory Committee may delegate that member's responsibilities
under this section to another individual, with the exception of
access to protected information and classified information
under paragraph (6).
``(4) Prohibition on compensation.--The members of the
Advisory Committee may not receive pay or benefits from the
United States Government by reason of their service on the
Advisory Committee.
``(5) Meetings.--
``(A) In general.--The Director shall require the
Advisory Committee to meet at least quarterly, and may
convene additional meetings as necessary.
``(B) Public meetings.--At least one of the
meetings referred to in subparagraph (A) shall be open
to the public.
``(C) Attendance.--The Advisory Committee shall
maintain a record of the persons present at each
meeting.
``(6) Member access to classified and protected
information.--
``(A) In general.--Not later than 60 days after the
date on which a member is first appointed to the
Advisory Committee and before the member is granted
access to any classified information or protected
information, the Director shall determine if there is
cause for such member to be restricted from reviewing,
discussing, or possessing such information.
``(B) Access.--
``(i) Protected information.--If the
Director does not restrict a member from
reviewing, discussing, or possessing sensitive
information under subparagraph (A) and the
member voluntarily signs a nondisclosure
agreement with respect to protected
information, the member may be granted access
to protected information that the Director
determines is relevant to such member's service
on the Advisory Committee.
``(ii) Classified information.--Access to
classified materials shall be managed in
accordance with Executive Order No. 13526 of
December 29, 2009 (75 Fed. Reg 707), or any
subsequent corresponding Executive Order.
``(C) Protections.--A member of the Advisory
Committee shall agree, as a condition of such
membership, to protect all classified information in
accordance with the applicable requirements for the
particular level of classification of such information
and to protect all protected information appropriately.
``(D) Protected information defined.--In this
section, the term `protected information' means--
``(i) information specifically exempted
from disclosure by statute or regulation;
``(ii) trade secrets and commercial or
financial information obtained from a person
and privileged or confidential;
``(iii) deliberative process privileged
information;
``(iv) personally identifiable information,
the disclosure of which would constitute an
invasion of personal privacy;
``(v) records containing law enforcement
sensitive information; and
``(vi) other categories of information, as
determined by the Director.
``(7) Chairperson.--The Advisory Committee shall select,
from among the members of the Advisory Committee--
``(A) a member to serve as chairperson of the
Advisory Committee; and
``(B) a member to serve as chairperson of each
subcommittee of the Advisory Committee established
under subsection (d).
``(d) Subcommittees.--
``(1) In general.--The Director and the Advisory Committee
shall establish subcommittees within the Advisory Committee to
address cybersecurity issues, including relating to the
following:
``(A) Information exchange.
``(B) Critical infrastructure.
``(C) Risk management.
``(D) Public and private partnerships.
``(2) Additional subcommittees.--In addition to the
subcommittees established pursuant to paragraph (1), the
Advisory Committee chairperson, in coordination with the
Director, may establish within the Advisory Committee
additional subcommittees that the Director and Advisory
Committee determine to be necessary.
``(3) Meetings and reporting.--Each subcommittee shall meet
at least bimonthly, and submit to the Advisory Committee for
inclusion in the annual report required under subsection (b)(4)
information, including activities, findings, and
recommendations, regarding subject matter considered by the
subcommittee.
``(4) Subject matter experts.--The chair of the Advisory
Committee shall appoint members to subcommittees and shall
ensure that each member appointed to a subcommittee has subject
matter expertise relevant to the subject matter of the
subcommittee.
``(e) Nonapplicability of FACA.--The Federal Advisory Committee Act
(5 U.S.C. App.) shall not apply to the Advisory Committee and its
subcommittees.''.
(b) Clerical Amendment.--The table of contents in section 1(b) of
such Act is amended by inserting after the item relating to section
2214 the following new item:
``2215. Cybersecurity Advisory Committee.''.
<all>
Introduced in House
Introduced in House
Referred to the Committee on Homeland Security, and in addition to the Committees on Energy and Commerce, and Oversight and Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Homeland Security, and in addition to the Committees on Energy and Commerce, and Oversight and Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Homeland Security, and in addition to the Committees on Energy and Commerce, and Oversight and Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Subcommittee on Energy.
Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation.
Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation Discharged.
Committee Consideration and Mark-up Session Held.
Ordered to be Reported (Amended) by Unanimous Consent.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line