[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 3153 Placed on Calendar Senate (PCS)]
<DOC>
Calendar No. 494
115th CONGRESS
2d Session
S. 3153
To authorize appropriations for fiscal years 2018 and 2019 for
intelligence and intelligence-related activities of the United States
Government, the Community Management Account, and the Central
Intelligence Agency Retirement and Disability System, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 28, 2018
Mr. Burr, from the Select Committee on Intelligence, reported the
following original bill; which was read twice and placed on the
calendar
_______________________________________________________________________
A BILL
To authorize appropriations for fiscal years 2018 and 2019 for
intelligence and intelligence-related activities of the United States
Government, the Community Management Account, and the Central
Intelligence Agency Retirement and Disability System, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Matthew Young
Pollard Intelligence Authorization Act for Fiscal Years 2018 and
2019''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Definitions.
TITLE I--INTELLIGENCE ACTIVITIES
Sec. 101. Authorization of appropriations.
Sec. 102. Classified Schedules of Authorizations.
Sec. 103. Personnel ceiling adjustments.
Sec. 104. Intelligence Community Management Account.
TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
Sec. 201. Authorization of appropriations.
Sec. 202. Computation of annuities for employees of the Central
Intelligence Agency.
TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
Sec. 301. Restriction on conduct of intelligence activities.
Sec. 302. Increase in employee compensation and benefits authorized by
law.
Sec. 303. Modification of special pay authority for science,
technology, engineering, or mathematics
positions and addition of special pay
authority for cyber positions.
Sec. 304. Modification of appointment of Chief Information Officer of
the Intelligence Community.
Sec. 305. Director of National Intelligence review of placement of
positions within the intelligence community
on the Executive Schedule.
Sec. 306. Supply Chain and Counterintelligence Risk Management Task
Force.
Sec. 307. Consideration of adversarial telecommunications and
cybersecurity infrastructure when sharing
intelligence with foreign governments and
entities.
Sec. 308. Cyber protection support for the personnel of the
intelligence community in positions highly
vulnerable to cyber attack.
Sec. 309. Modification of authority relating to management of supply-
chain risk.
Sec. 310. Limitations on determinations regarding certain security
classifications.
TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
Subtitle A--Office of the Director of National Intelligence
Sec. 401. Authority for protection of current and former employees of
the Office of the Director of National
Intelligence.
Sec. 402. Designation of the program manager-information sharing
environment.
Sec. 403. Modification to the executive schedule.
Subtitle B--Other Elements
Sec. 411. Repeal of foreign language proficiency requirement for
certain senior level positions in the
Central Intelligence Agency.
Sec. 412. Plan for designation of counterintelligence component of
Defense Security Service as an element of
intelligence community.
Sec. 413. Notice not required for private entities.
TITLE V--ELECTION MATTERS
Sec. 501. Report on cyber attacks by foreign governments against United
States election infrastructure.
Sec. 502. Review of intelligence community's posture to collect against
and analyze Russian efforts to influence
the Presidential election.
Sec. 503. Assessment of foreign intelligence threats to Federal
elections.
Sec. 504. Strategy for countering Russian cyber threats to United
States elections.
Sec. 505. Information sharing with State election officials.
Sec. 506. Designation of counterintelligence officer to lead election
security matters.
TITLE VI--SECURITY CLEARANCES
Sec. 601. Definitions.
Sec. 602. Reports and plans relating to security clearances and
background investigations.
Sec. 603. Improving the process for security clearances.
Sec. 604. Goals for promptness of determinations regarding security
clearances.
Sec. 605. Security Executive Agent.
Sec. 606. Report on unified, simplified, governmentwide standards for
positions of trust and security clearances.
Sec. 607. Report on clearance in person concept.
Sec. 608. Budget request documentation on funding for clearances.
Sec. 609. Reports on reciprocity for security clearances inside of
departments and agencies.
Sec. 610. Intelligence community reports on security clearances.
Sec. 611. Periodic report on positions in the intelligence community
which can be conducted without access to
classified information, networks, or
facilities.
Sec. 612. Information sharing program for positions of trust.
Sec. 613. Report on protections for confidentiality of whistleblower-
related communications.
TITLE VII--REPORTS AND OTHER MATTERS
Subtitle A--Matters Relating to Russia and Other Foreign Powers
Sec. 701. Limitation relating to establishment or support of
cybersecurity unit with the Government of
Russia.
Sec. 702. Report on returning Russian compounds.
Sec. 703. Assessment of threat finance relating to Russia.
Sec. 704. Notification of an active measures campaign.
Sec. 705. Notification of travel by accredited diplomatic and consular
personnel of the Russian Federation in the
United States.
Subtitle B--Reports
Sec. 711. Technical correction to Inspector General study.
Sec. 712. Reports on authorities of the Chief Intelligence Officer of
the Department of Homeland Security.
Sec. 713. Report on cyber exchange program.
Sec. 714. Report on role of Director of National Intelligence with
respect to certain foreign investments.
Sec. 715. Report on surveillance by foreign governments against United
States telecommunications networks.
Sec. 716. Biennial report on foreign investment risks.
Sec. 717. Modification of certain reporting requirement on travel of
foreign diplomats.
Sec. 718. Semiannual reports on investigations of unauthorized
disclosures of classified information.
Sec. 719. Congressional notification of designation of covered
intelligence officer as persona non grata.
Sec. 720. Inspectors General reports on classification.
Sec. 721. Reports on intelligence community participation in
vulnerabilities equities process of Federal
Government.
Sec. 722. Reports on global water insecurity and national security
implications.
Sec. 723. Annual report on memoranda of understanding between elements
of intelligence community and other
entities of the United States Government
regarding significant operational
activities or policy.
Sec. 724. Repeal of report requirement for inspectors general of
certain elements of intelligence community.
Sec. 725. Repeal of requirement for annual personnel level assessments
for the intelligence community.
Sec. 726. Report on outreach strategy addressing threats from United
States adversaries to the United States
technology sector.
Sec. 727. Study on the feasibility of encrypting unclassified wireline
and wireless telephone calls.
Sec. 728. Modification of requirement for annual report on hiring and
retention of minority employees.
Subtitle C--Other Matters
Sec. 731. Technical amendments related to the Department of Energy.
Sec. 732. Securing energy infrastructure.
Sec. 733. Sense of Congress on WikiLeaks.
Sec. 734. Bug bounty programs.
Sec. 735. Sense of Congress on consideration of espionage activities
when considering whether or not to provide
visas to foreign individuals to be
accredited to a United Nations mission in
the United States.
Sec. 736. Public Interest Declassification Board.
Sec. 737. Modification of authorities relating to the National
Intelligence University.
SEC. 2. DEFINITIONS.
In this Act:
(1) Congressional intelligence committees.--The term
``congressional intelligence committees'' has the meaning given
such term in section 3 of the National Security Act of 1947 (50
U.S.C. 3003).
(2) Intelligence community.--The term ``intelligence
community'' has the meaning given such term in such section.
TITLE I--INTELLIGENCE ACTIVITIES
SEC. 101. AUTHORIZATION OF APPROPRIATIONS.
(a) In General.--Funds are hereby authorized to be appropriated for
fiscal years 2018 and 2019 for the conduct of the intelligence and
intelligence-related activities of the following elements of the United
States Government:
(1) The Office of the Director of National Intelligence.
(2) The Central Intelligence Agency.
(3) The Department of Defense.
(4) The Defense Intelligence Agency.
(5) The National Security Agency.
(6) The Department of the Army, the Department of the Navy,
and the Department of the Air Force.
(7) The Coast Guard.
(8) The Department of State.
(9) The Department of the Treasury.
(10) The Department of Energy.
(11) The Department of Justice.
(12) The Federal Bureau of Investigation.
(13) The Drug Enforcement Administration.
(14) The National Reconnaissance Office.
(15) The National Geospatial-Intelligence Agency.
(16) The Department of Homeland Security.
(b) Certain Specific Authorization.--Funds appropriated by the
Department of Defense Missile Defeat and Defense Enhancements
Appropriations Act, 2018 (division B of Public Law 115-96) for
intelligence or intelligence-related activities are specifically
authorized by Congress for purposes of section 504 of the National
Security Act of 1947 (50 U.S.C. 3094), as specified in the classified
Schedule of Authorizations pursuant to section 102, and are subject to
such section 504.
(c) Limitation on Certain Waivers From Limitations on Funding of
Intelligence Activities.--
(1) Waivers for covert actions.--Section 504 of the
National Security Act of 1947 (50 U.S.C. 3094) is amended--
(A) by redesignating subsection (e) as subsection
(f); and
(B) by inserting after subsection (d) the
following:
``(e) This section cannot be waived for any covert action (as
defined in section 503(e)) unless and until the Director of National
Intelligence notifies the congressional intelligence committees that
the action is urgent for national security purposes.''.
(2) Waivers for major systems acquisitions.--Such section,
as amended by paragraph (1), is further amended--
(A) by redesignating subsection (f) as subsection
(g); and
(B) by inserting after subsection (e), as added by
paragraph (1), the following:
``(f) This section cannot be waived for any major system (as
defined in section 506A(e)) acquisition unless and until the Director
of National Intelligence notifies the congressional intelligence
committees that the action is urgent for national security purposes.''.
SEC. 102. CLASSIFIED SCHEDULES OF AUTHORIZATIONS.
(a) Specifications of Amounts and Personnel Levels.--
(1) Fiscal year 2018.--The amounts authorized to be
appropriated under section 101 and, subject to section 103, the
authorized personnel ceilings as of September 30, 2018, for the
conduct of the intelligence activities of the elements listed
in paragraphs (1) through (16) of section 101, are those
specified in the classified Schedule of Authorizations for
fiscal year 2018 prepared to accompany this Act.
(2) Fiscal year 2019.--The amounts authorized to be
appropriated under section 101 and, subject to section 103, the
authorized personnel ceilings as of September 30, 2019, for the
conduct of the intelligence activities of the elements listed
in paragraphs (1) through (16) of section 101, are those
specified in the classified Schedule of Authorizations for
fiscal year 2019 prepared to accompany this Act.
(b) Availability of Classified Schedules of Authorizations.--
(1) Availability.--The classified Schedules of
Authorizations referred to in subsection (a) shall be made
available to the Committee on Appropriations of the Senate, the
Committee on Appropriations of the House of Representatives,
and to the President.
(2) Distribution by the president.--Subject to paragraph
(3), the President shall provide for suitable distribution of
the classified Schedules of Authorizations referred to in
subsection (a), or of appropriate portions of such Schedule,
within the executive branch.
(3) Limits on disclosure.--The President shall not publicly
disclose the classified Schedules of Authorizations or any
portion of such Schedule except--
(A) as provided in section 601(a) of the
Implementing Recommendations of the 9/11 Commission Act
of 2007 (50 U.S.C. 3306(a));
(B) to the extent necessary to implement the
budget; or
(C) as otherwise required by law.
SEC. 103. PERSONNEL CEILING ADJUSTMENTS.
(a) Authority for Increases.--The Director of National Intelligence
may authorize employment of civilian personnel in excess of the number
authorized for fiscal year 2018 by the classified Schedules of
Authorizations referred to in section 102(a) if the Director of
National Intelligence determines that such action is necessary to the
performance of important intelligence functions, except that the number
of personnel employed in excess of the number authorized under such
section may not, for any element of the intelligence community,
exceed--
(1) 3 percent of the number of civilian personnel
authorized under such schedule for such element; or
(2) 10 percent of the number of civilian personnel
authorized under such schedule for such element for the
purposes of converting the performance of any function by
contractors to performance by civilian personnel.
(b) Treatment of Certain Personnel.--The Director of National
Intelligence shall establish guidelines that govern, for each element
of the intelligence community, the treatment under the personnel levels
authorized under section 102(a), including any exemption from such
personnel levels, of employment or assignment in--
(1) a student program, trainee program, or similar program;
(2) a reserve corps or as a reemployed annuitant; or
(3) details, joint duty, or long-term, full-time training.
(c) Notice to Congressional Intelligence Committees.--Not later
than 15 days prior to the exercise of an authority described in
subsection (a), the Director of National Intelligence shall submit to
the congressional intelligence committees--
(1) a written notice of the exercise of such authority; and
(2) in the case of an exercise of such authority subject to
the limitation in subsection (a)(2), a written justification
for the contractor conversion that includes a comparison of
whole-of-government costs.
SEC. 104. INTELLIGENCE COMMUNITY MANAGEMENT ACCOUNT.
(a) Authorization of Appropriations.--
(1) Fiscal year 2018.--There is authorized to be
appropriated for the Intelligence Community Management Account
of the Director of National Intelligence for fiscal year 2018
the sum of $546,900,000. Within such amount, funds identified
in the classified Schedule of Authorizations referred to in
section 102(a) for advanced research and development shall
remain available until September 30, 2019.
(2) Fiscal year 2019.--There is authorized to be
appropriated for the Intelligence Community Management Account
of the Director of National Intelligence for fiscal year 2019
the sum of $539,624,000. Within such amount, funds identified
in the classified Schedule of Authorizations referred to in
section 102(a) for advanced research and development shall
remain available until September 30, 2020.
(b) Authorized Personnel Levels.--The elements within the
Intelligence Community Management Account of the Director of National
Intelligence are authorized 797 positions as of September 30, 2018.
Personnel serving in such elements may be permanent employees of the
Office of the Director of National Intelligence or personnel detailed
from other elements of the United States Government.
(c) Classified Authorizations.--
(1) Authorization of appropriations.--
(A) Fiscal year 2018.--In addition to amounts
authorized to be appropriated for the Intelligence
Community Management Account by subsection (a), there
are authorized to be appropriated for the Intelligence
Community Management Account for fiscal year 2018 such
additional amounts as are specified in the classified
Schedule of Authorizations referred to in section
102(a). Such additional amounts made available for
advanced research and development shall remain
available until September 30, 2019.
(B) Fiscal year 2019.--In addition to amounts
authorized to be appropriated for the Intelligence
Community Management Account by subsection (a), there
are authorized to be appropriated for the Intelligence
Community Management Account for fiscal year 2019 such
additional amounts as are specified in the classified
Schedule of Authorizations referred to in section
102(a). Such additional amounts made available for
advanced research and development shall remain
available until September 30, 2020.
(2) Authorization of personnel.--In addition to the
personnel authorized by subsection (b) for elements of the
Intelligence Community Management Account as of September 30,
2018, there are authorized such additional personnel for the
Community Management Account as of that date as are specified
in the classified Schedule of Authorizations referred to in
section 102(a).
TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
SEC. 201. AUTHORIZATION OF APPROPRIATIONS.
There is authorized to be appropriated for the Central Intelligence
Agency Retirement and Disability Fund $514,000,000 for each of fiscal
years 2018 and 2019.
SEC. 202. COMPUTATION OF ANNUITIES FOR EMPLOYEES OF THE CENTRAL
INTELLIGENCE AGENCY.
(a) Computation of Annuities.--
(1) In general.--Section 221 of the Central Intelligence
Agency Retirement Act (50 U.S.C. 2031) is amended--
(A) in subsection (a)(3)(B), by striking the period
at the end and inserting ``, as determined by using the
annual rate of basic pay that would be payable for
full-time service in that position.'';
(B) in subsection (b)(1)(C)(i), by striking ``12-
month'' and inserting ``2-year'';
(C) in subsection (f)(2), by striking ``one year''
and inserting ``two years'';
(D) in subsection (g)(2), by striking ``one year''
each place such term appears and inserting ``two
years'';
(E) by redesignating subsections (h), (i), (j),
(k), and (l) as subsections (i), (j), (k), (l), and
(m), respectively; and
(F) by inserting after subsection (g) the
following:
``(h) Conditional Election of Insurable Interest Survivor Annuity
by Participants Married at the Time of Retirement.--
``(1) Authority to make designation.--Subject to the
rights of former spouses under subsection (b) and section 222,
at the time of retirement a married participant found by the
Director to be in good health may elect to receive an annuity
reduced in accordance with subsection (f)(1)(B) and designate
in writing an individual having an insurable interest in the
participant to receive an annuity under the system after the
participant's death, except that any such election to provide
an insurable interest survivor annuity to the participant's
spouse shall only be effective if the participant's spouse
waives the spousal right to a survivor annuity under this Act.
The amount of the annuity shall be equal to 55 percent of the
participant's reduced annuity.
``(2) Reduction in participant's annuity.--The annuity
payable to the participant making such election shall be
reduced by 10 percent of an annuity computed under subsection
(a) and by an additional 5 percent for each full 5 years the
designated individual is younger than the participant. The
total reduction under this subparagraph may not exceed 40
percent.
``(3) Commencement of survivor annuity.--The annuity
payable to the designated individual shall begin on the day
after the day that the retired participant dies and terminate
on the last day of the month before the designated individual
dies.
``(4) Recomputation of participant's annuity on death of
designated individual.--An annuity that is reduced under this
subsection shall, effective the first day of the month
following the death of the designated individual, be recomputed
and paid as if the annuity had not been so reduced.''.
(2) Conforming amendments.--
(A) Central intelligence agency retirement act.--
The Central Intelligence Agency Retirement Act (50
U.S.C. 2001 et seq.) is amended--
(i) in section 232(b)(1) (50 U.S.C.
2052(b)(1)), by striking ``221(h),'' and
inserting ``221(i),''; and
(ii) in section 252(h)(4) (50 U.S.C.
2082(h)(4)), by striking ``221(k)'' and
inserting ``221(l)''.
(B) Central intelligence agency act of 1949.--
Subsection (a) of section 14 of the Central
Intelligence Agency Act of 1949 (50 U.S.C. 3514(a)) is
amended by striking ``221(h)(2), 221(i), 221(l),'' and
inserting ``221(i)(2), 221(j), 221(m),''.
(b) Annuities for Former Spouses.--Subparagraph (B) of section
222(b)(5) of the Central Intelligence Agency Retirement Act (50 U.S.C.
2032(b)(5)(B)) is amended by striking ``one year'' and inserting ``two
years''.
(c) Prior Service Credit.--Subparagraph (A) of section 252(b)(3) of
the Central Intelligence Agency Retirement Act (50 U.S.C.
2082(b)(3)(A)) is amended by striking ``October 1, 1990'' both places
that term appears and inserting ``March 31, 1991''.
(d) Reemployment Compensation.--Section 273 of the Central
Intelligence Agency Retirement Act (50 U.S.C. 2113) is amended--
(1) by redesignating subsections (b) and (c) as subsections
(c) and (d), respectively; and
(2) by inserting after subsection (a) the following:
``(b) Part-Time Reemployed Annuitants.--The Director shall have the
authority to reemploy an annuitant on a part-time basis in accordance
with section 8344(l) of title 5, United States Code.''.
(e) Effective Date and Application.--The amendments made by
subsection (a)(1)(A) and subsection (c) shall take effect as if enacted
on October 28, 2009, and shall apply to computations or participants,
respectively, as of such date.
TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
SEC. 301. RESTRICTION ON CONDUCT OF INTELLIGENCE ACTIVITIES.
The authorization of appropriations by this Act shall not be deemed
to constitute authority for the conduct of any intelligence activity
that is not otherwise authorized by the Constitution or the laws of the
United States.
SEC. 302. INCREASE IN EMPLOYEE COMPENSATION AND BENEFITS AUTHORIZED BY
LAW.
Appropriations authorized by this Act for salary, pay, retirement,
and other benefits for Federal employees may be increased by such
additional or supplemental amounts as may be necessary for increases in
such compensation or benefits authorized by law.
SEC. 303. MODIFICATION OF SPECIAL PAY AUTHORITY FOR SCIENCE,
TECHNOLOGY, ENGINEERING, OR MATHEMATICS POSITIONS AND
ADDITION OF SPECIAL PAY AUTHORITY FOR CYBER POSITIONS.
Section 113B of the National Security Act of 1947 (50 U.S.C. 3049a)
is amended--
(1) by amending subsection (a) to read as follows:
``(a) Special Rates of Pay for Positions Requiring Expertise in
Science, Technology, Engineering, or Mathematics.--
``(1) In general.--Notwithstanding part III of title 5,
United States Code, the head of each element of the
intelligence community may, for 1 or more categories of
positions in such element that require expertise in science,
technology, engineering, or mathematics--
``(A) establish higher minimum rates of pay; and
``(B) make corresponding increases in all rates of
pay of the pay range for each grade or level, subject
to subsection (b) or (c), as applicable.
``(2) Treatment.--The special rate supplements resulting
from the establishment of higher rates under paragraph (1)
shall be basic pay for the same or similar purposes as those
specified in section 5305(j) of title 5, United States Code.'';
(2) by redesignating subsections (b) through (f) as
subsections (c) through (g), respectively;
(3) by inserting after subsection (a) the following:
``(b) Special Rates of Pay for Cyber Positions.--
``(1) In general.--Notwithstanding subsection (c), the
Director of the National Security Agency may establish a
special rate of pay--
``(A) not to exceed the rate of basic pay payable
for level II of the Executive Schedule under section
5313 of title 5, United States Code, if the Director
certifies to the Under Secretary of Defense for
Intelligence, in consultation with the Under Secretary
of Defense for Personnel and Readiness, that the rate
of pay is for positions that perform functions that
execute the cyber mission of the Agency; or
``(B) not to exceed the rate of basic pay payable
for the Vice President of the United States under
section 104 of title 3, United States Code, if the
Director certifies to the Secretary of Defense, by
name, individuals that have advanced skills and
competencies and that perform critical functions that
execute the cyber mission of the Agency.
``(2) Pay limitation.--Employees receiving a special rate
under paragraph (1) shall be subject to an aggregate pay
limitation that parallels the limitation established in section
5307 of title 5, United States Code, except that--
``(A) any allowance, differential, bonus, award, or
other similar cash payment in addition to basic pay
that is authorized under title 10, United States Code
(or any other applicable law in addition to title 5 of
such Code, excluding the Fair Labor Standards Act of
1938 (29 U.S.C. 201 et seq.)) shall also be counted as
part of aggregate compensation; and
``(B) aggregate compensation may not exceed the
rate established for the Vice President of the United
States under section 104 of title 3, United States
Code.
``(3) Limitation on number of recipients.--The number of
individuals who receive basic pay established under paragraph
(1)(B) may not exceed 100 at any time.
``(4) Limitation on use as comparative reference.--
Notwithstanding any other provision of law, special rates of
pay and the limitation established under paragraph (1)(B) may
not be used as comparative references for the purpose of fixing
the rates of basic pay or maximum pay limitations of qualified
positions under section 1599f of title 10, United States Code,
or section 226 of the Homeland Security Act of 2002 (6 U.S.C.
147).'';
(4) in subsection (c), as redesignated by paragraph (2), by
striking ``A minimum'' and inserting ``Except as provided in
subsection (b), a minimum'';
(5) in subsection (d), as redesignated by paragraph (2), by
inserting ``or (b)'' after ``by subsection (a)''; and
(6) in subsection (g), as redesignated by paragraph (2)--
(A) in paragraph (1), by striking ``Not later than
90 days after the date of the enactment of the
Intelligence Authorization Act for Fiscal Year 2017''
and inserting ``Not later than 90 days after the date
of the enactment of the Matthew Young Pollard
Intelligence Authorization Act for Fiscal Years 2018
and 2019''; and
(B) in paragraph (2)(A), by inserting ``or (b)''
after ``subsection (a)''.
SEC. 304. MODIFICATION OF APPOINTMENT OF CHIEF INFORMATION OFFICER OF
THE INTELLIGENCE COMMUNITY.
Section 103G(a) of the National Security Act of 1947 (50 U.S.C.
3032(a)) is amended by striking ``President'' and inserting
``Director''.
SEC. 305. DIRECTOR OF NATIONAL INTELLIGENCE REVIEW OF PLACEMENT OF
POSITIONS WITHIN THE INTELLIGENCE COMMUNITY ON THE
EXECUTIVE SCHEDULE.
(a) Review.--The Director of National Intelligence, in coordination
with the Director of the Office of Personnel Management, shall conduct
a review of positions within the intelligence community regarding the
placement of such positions on the Executive Schedule under subchapter
II of chapter 53 of title 5, United States Code. In carrying out such
review, the Director of National Intelligence, in coordination with the
Director of the Office of Personnel Management, shall determine--
(1) the standards under which such review will be
conducted;
(2) which positions should or should not be on the
Executive Schedule; and
(3) for those positions that should be on the Executive
Schedule, the level of the Executive Schedule at which such
positions should be placed.
(b) Report.--Not later than 60 days after the date on which the
review under subsection (a) is completed, the Director of National
Intelligence shall submit to the congressional intelligence committees,
the Committee on Homeland Security and Governmental Affairs of the
Senate, and the Committee on Oversight and Government Reform of the
House of Representatives an unredacted report describing the standards
by which the review was conducted and the outcome of the review.
SEC. 306. SUPPLY CHAIN AND COUNTERINTELLIGENCE RISK MANAGEMENT TASK
FORCE.
(a) Requirement to Establish.--The Director of National
Intelligence shall establish a Supply Chain and Counterintelligence
Risk Management Task Force to standardize information sharing between
the intelligence community and the acquisition community of the United
States Government with respect to the supply chain and
counterintelligence risks.
(b) Members.--The Supply Chain and Counterintelligence Risk
Management Task Force established under subsection (a) shall be
composed of--
(1) a representative of the Defense Security Service of the
Department of Defense;
(2) a representative of the General Services
Administration;
(3) a representative of the Office of Federal Procurement
Policy of the Office of Management and Budget;
(4) a representative of the Department of Homeland
Security;
(5) the Director of the National Counterintelligence and
Security Center; and
(6) such other members as the Director of National
Intelligence determines appropriate.
(c) Security Clearances.--Each member of the Supply Chain and
Counterintelligence Risk Management Task Force established under
subsection (a) shall have a security clearance at the top secret level
and be able to access sensitive compartmented information.
(d) Annual Report.--
(1) In general.--Not less frequently than once each year,
the Supply Chain and Counterintelligence Risk Management Task
Force established under subsection (a) shall submit to the
appropriate congressional committees a report that describes
the activities of the Task Force during the previous year,
including identification of the supply chain and
counterintelligence risks shared with the acquisition community
of the United States Government by the intelligence community.
(2) Appropriate congressional committees defined.--In this
subsection, the term ``appropriate congressional committees''
means the following:
(A) The congressional intelligence committees.
(B) The Committee on Armed Services and the
Committee on Homeland Security and Governmental Affairs
of the Senate.
(C) The Committee on Armed Services, the Committee
on Homeland Security, and the Committee on Oversight
and Government Reform of the House of Representatives.
SEC. 307. CONSIDERATION OF ADVERSARIAL TELECOMMUNICATIONS AND
CYBERSECURITY INFRASTRUCTURE WHEN SHARING INTELLIGENCE
WITH FOREIGN GOVERNMENTS AND ENTITIES.
Whenever the head of an element of the intelligence community
enters into an intelligence sharing agreement with a foreign government
or any other foreign entity, the head of the element shall consider the
pervasiveness of telecommunications and cybersecurity infrastructure,
equipment, and services provided by adversaries of the United States,
particularly China and Russia, or entities of such adversaries in the
country or region of the foreign government or other foreign entity
entering into the agreement.
SEC. 308. CYBER PROTECTION SUPPORT FOR THE PERSONNEL OF THE
INTELLIGENCE COMMUNITY IN POSITIONS HIGHLY VULNERABLE TO
CYBER ATTACK.
(a) Definitions.--In this section:
(1) Personal accounts.--The term ``personal accounts''
means accounts for online and telecommunications services,
including telephone, residential Internet access, email, text
and multimedia messaging, cloud computing, social media, health
care, and financial services, used by personnel of the
intelligence community outside of the scope of their employment
with elements of the intelligence community.
(2) Personal technology devices.--The term ``personal
technology devices'' means technology devices used by personnel
of the intelligence community outside of the scope of their
employment with elements of the intelligence community,
including networks to which such devices connect.
(b) Authority to Provide Cyber Protection Support.--
(1) In general.--Subject to a determination by the Director
of National Intelligence, the Director may provide cyber
protection support for the personal technology devices and
personal accounts of the personnel described in paragraph (2).
(2) At-risk personnel.--The personnel described in this
paragraph are personnel of the intelligence community--
(A) who the Director determines to be highly
vulnerable to cyber attacks and hostile information
collection activities because of the positions occupied
by such personnel in the intelligence community; and
(B) whose personal technology devices or personal
accounts are highly vulnerable to cyber attacks and
hostile information collection activities.
(c) Nature of Cyber Protection Support.--Subject to the
availability of resources, the cyber protection support provided to
personnel under subsection (a) may include training, advice,
assistance, and other services relating to cyber attacks and hostile
information collection activities.
(d) Limitation on Support.--Nothing in this section shall be
construed--
(1) to encourage personnel of the intelligence community to
use personal technology devices for official business; or
(2) to authorize cyber protection support for senior
intelligence community personnel using personal devices,
networks, and personal accounts in an official capacity.
(e) Report.--Not later than 180 days after the date of the
enactment of this Act, the Director shall submit to the congressional
intelligence committees a report on the provision of cyber protection
support under subsection (a). The report shall include--
(1) a description of the methodology used to make the
determination under subsection (a)(2); and
(2) guidance for the use of cyber protection support and
tracking of support requests for personnel receiving cyber
protection support under subsection (a).
SEC. 309. MODIFICATION OF AUTHORITY RELATING TO MANAGEMENT OF SUPPLY-
CHAIN RISK.
(a) Modification of Effective Date.--Subsection (f) of section 309
of the Intelligence Authorization Act for Fiscal Year 2012 (Public Law
112-87; 50 U.S.C. 3329 note) is amended by striking ``the date that is
180 days after''.
(b) Extension.--Subsection (g) of such section is amended by
striking ``the date'' and all that follows through the period and
inserting ``September 30, 2023.''.
(c) Reports.--Such section is amended--
(1) by redesignating subsections (f) and (g), as amended by
subsections (a) and (b), as subsections (g) and (h),
respectively; and
(2) by inserting after subsection (e) the following:
``(f) Annual Reports.--
``(1) In general.--Except as provided in paragraph (2), not
later than 180 days after the date of the enactment of the
Matthew Young Pollard Intelligence Authorization Act for Fiscal
Years 2018 and 2019 and not less frequently than once each
calendar year thereafter, the Director of National Intelligence
shall, in consultation with each head of a covered agency,
submit to the congressional intelligence committees (as defined
in section 3 of the National Security Act of 1947 (50 U.S.C.
3003)), a report that details the determinations and
notifications made under subsection (c) during the most
recently completed calendar year.
``(2) Initial report.--The first report submitted under
paragraph (1) shall detail all the determinations and
notifications made under subsection (c) before the date of the
submittal of the report.''.
SEC. 310. LIMITATIONS ON DETERMINATIONS REGARDING CERTAIN SECURITY
CLASSIFICATIONS.
(a) Prohibition.--An officer of an element of the intelligence
community who has been nominated by the President for a position that
requires the advice and consent of the Senate may not make a
classification decision with respect to information related to such
officer.
(b) Classification Determinations.--
(1) In general.--Except as provided in paragraph (2), in a
case in which an officer described in subsection (a) has been
nominated as described in such subsection and classification
authority rests with the officer or another officer who reports
directly to such officer, a classification decision with
respect to information relating to the officer shall be made by
the Director of National Intelligence.
(2) Nominations of director of national intelligence.--In a
case described in paragraph (1) in which the officer nominated
is the Director of National Intelligence, the classification
decision shall be made by the Principal Deputy Director of
National Intelligence.
(c) Reports.--Whenever the Director or the Principal Deputy
Director makes a decision under subsection (b), the Director or the
Principal Deputy Director, as the case may be, shall submit to the
congressional intelligence committees a report detailing the reasons
for the decision.
TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
Subtitle A--Office of the Director of National Intelligence
SEC. 401. AUTHORITY FOR PROTECTION OF CURRENT AND FORMER EMPLOYEES OF
THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE.
Section 5(a)(4) of the Central Intelligence Agency Act of 1949 (50
U.S.C. 3506(a)(4)) is amended by striking ``such personnel of the
Office of the Director of National Intelligence as the Director of
National Intelligence may designate;'' and inserting ``current and
former personnel of the Office of the Director of National Intelligence
and their immediate families as the Director of National Intelligence
may designate;''.
SEC. 402. DESIGNATION OF THE PROGRAM MANAGER-INFORMATION SHARING
ENVIRONMENT.
(a) Information Sharing Environment.--Section 1016(b) of the
Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C.
485(b)) is amended--
(1) in paragraph (1), by striking ``President'' and
inserting ``Director of National Intelligence''; and
(2) in paragraph (2), by striking ``President'' both places
that term appears and inserting ``Director of National
Intelligence''.
(b) Program Manager.--Section 1016(f)(1) of the Intelligence Reform
and Terrorism Prevention Act of 2004 (6 U.S.C. 485(f)(1)) is amended by
striking ``The individual designated as the program manager shall serve
as program manager until removed from service or replaced by the
President (at the President's sole discretion).'' and inserting
``Beginning on the date of the enactment of the Matthew Young Pollard
Intelligence Authorization Act for Fiscal Years 2018 and 2019, each
individual designated as the program manager shall be appointed by the
Director of National Intelligence.''.
SEC. 403. MODIFICATION TO THE EXECUTIVE SCHEDULE.
Section 5315 of title 5, United States Code, is amended by adding
at the end the following:
``Director of the National Counterintelligence and Security
Center.''.
Subtitle B--Other Elements
SEC. 411. REPEAL OF FOREIGN LANGUAGE PROFICIENCY REQUIREMENT FOR
CERTAIN SENIOR LEVEL POSITIONS IN THE CENTRAL
INTELLIGENCE AGENCY.
(a) Repeal of Foreign Language Proficiency Requirement.--Section
104A of the National Security Act of 1947 (50 U.S.C. 3036) is amended
by striking subsection (g).
(b) Conforming Repeal of Report Requirement.--Section 611 of the
Intelligence Authorization Act for Fiscal Year 2005 (Public Law 108-
487) is amended by striking subsection (c).
SEC. 412. PLAN FOR DESIGNATION OF COUNTERINTELLIGENCE COMPONENT OF
DEFENSE SECURITY SERVICE AS AN ELEMENT OF INTELLIGENCE
COMMUNITY.
Not later than 90 days after the date of the enactment of this Act,
the Director of National Intelligence and Under Secretary of Defense
for Intelligence, in coordination with the Director of the National
Counterintelligence and Security Center, shall submit to the
congressional intelligence committees, the Committee on Armed Services
of the Senate, and the Committee on Armed Services of the House of
Representatives a plan to designate the counterintelligence component
of the Defense Security Service of the Department of Defense as an
element of the intelligence community by not later than January 1,
2020. Such plan shall--
(1) address the implications of such designation on the
authorities, governance, personnel, resources, information
technology, collection, analytic products, information sharing,
and business processes of the Defense Security Service and the
intelligence community; and
(2) not address the personnel security functions of the
Defense Security Service.
SEC. 413. NOTICE NOT REQUIRED FOR PRIVATE ENTITIES.
Section 3553 of title 44, United States Code, is amended--
(1) by redesignating subsection (j) as subsection (k); and
(2) by inserting after subsection (i) the following:
``(j) Rule of Construction.--Nothing in this section shall be
construed to require the Secretary to provide notice to any private
entity before the Secretary issues a binding operational directive
under subsection (b)(2).''.
TITLE V--ELECTION MATTERS
SEC. 501. REPORT ON CYBER ATTACKS BY FOREIGN GOVERNMENTS AGAINST UNITED
STATES ELECTION INFRASTRUCTURE.
(a) Definitions.--In this section:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and
Governmental Affairs of the Senate; and
(C) the Committee on Homeland Security of the House
of Representatives.
(2) Congressional leadership.--The term ``congressional
leadership'' includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of
Representatives.
(3) State.--The term ``State'' means any State of the
United States, the District of Columbia, the Commonwealth of
Puerto Rico, and any territory or possession of the United
States.
(b) Report Required.--Not later than 60 days after the date of the
enactment of this Act, the Under Secretary of Homeland Security for
Intelligence and Analysis shall submit to congressional leadership and
the appropriate congressional committees a report on cyber attacks and
attempted cyber attacks by foreign governments on United States
election infrastructure in States and localities in connection with the
Presidential election in the United States and such cyber attacks (or
attempted cyber attacks) as the Under Secretary anticipates against
such infrastructure. Such report shall identify the States and
localities affected and shall include cyber attacks and attempted cyber
attacks against voter registration databases, voting machines, voting-
related computer networks, and the networks of Secretaries of State and
other election officials of the various States.
(c) Form.--The report submitted under subsection (b) shall be
submitted in unclassified form, but may include a classified annex.
SEC. 502. REVIEW OF INTELLIGENCE COMMUNITY'S POSTURE TO COLLECT AGAINST
AND ANALYZE RUSSIAN EFFORTS TO INFLUENCE THE PRESIDENTIAL
ELECTION.
(a) Review Required.--Not later than 1 year after the date of the
enactment of this Act, the Director of National Intelligence shall--
(1) complete an after action review of the posture of the
intelligence community to collect against and analyze efforts
of the Government of Russia to interfere in the 2016
Presidential election in the United States; and
(2) submit to the congressional intelligence committees a
report on the findings of the Director with respect to such
review.
(b) Elements.--The review required by subsection (a) shall include,
with respect to the posture and efforts described in paragraph (1) of
such subsection, the following:
(1) An assessment of whether the resources of the
intelligence community were properly aligned to detect and
respond to the efforts described in subsection (a)(1).
(2) An assessment of the information sharing that occurred
within elements of the intelligence community.
(3) An assessment of the information sharing that occurred
between elements of the intelligence community.
(4) An assessment of applicable authorities necessary to
collect on any such efforts and any deficiencies in those
authorities.
(5) A review of the use of open source material to inform
analysis and warning of such efforts.
(6) A review of the use of alternative and predictive
analysis.
(c) Form of Report.--The report required by subsection (a)(2) shall
be submitted to the congressional intelligence committees in classified
form.
SEC. 503. ASSESSMENT OF FOREIGN INTELLIGENCE THREATS TO FEDERAL
ELECTIONS.
(a) Definitions.--In this section:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and
Governmental Affairs of the Senate; and
(C) the Committee on Homeland Security of the House
of Representatives.
(2) Congressional leadership.--The term ``congressional
leadership'' includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of
Representatives.
(3) Security vulnerability.--The term ``security
vulnerability'' has the meaning given such term in section 102
of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C.
1501).
(b) Assessment and Report.--The Director of National Intelligence,
in coordination with the Director of the Central Intelligence Agency,
the Director of the National Security Agency, the Director of the
Federal Bureau of Investigation, the Secretary of Homeland Security,
and the heads of other relevant elements of the intelligence community,
shall--
(1) commence not later than 1 year before any regularly
scheduled Federal election and complete not later than 180 days
before such election, an assessment of security vulnerabilities
of State election systems; and
(2) not later than 180 days before any regularly scheduled
Federal election, submit a report on such security
vulnerabilities and an assessment of foreign intelligence
threats to the election to--
(A) congressional leadership; and
(B) the appropriate congressional committees.
(c) Update.--Not later than 90 days before any regularly scheduled
Federal election, the Director of National Intelligence shall--
(1) update the assessment of foreign intelligence threats
to that election; and
(2) submit the updated assessment to--
(A) congressional leadership; and
(B) the appropriate congressional committees.
SEC. 504. STRATEGY FOR COUNTERING RUSSIAN CYBER THREATS TO UNITED
STATES ELECTIONS.
(a) Requirement for a Strategy.--Not later than 90 days after the
date of the enactment of this Act, the Director of National
Intelligence, in coordination with the Secretary of Homeland Security,
the Director of the Federal Bureau of Investigation, the Director of
the Central Intelligence Agency, the Secretary of State, the Secretary
of Defense, and the Secretary of the Treasury, shall develop a whole-
of-government strategy for countering the threat of Russian cyber
attacks and attempted cyber attacks against electoral systems and
processes in the United States, including Federal, State, and local
election systems, voter registration databases, voting tabulation
equipment, and equipment and processes for the secure transmission of
election results.
(b) Elements of the Strategy.--The strategy required by subsection
(a) shall include the following elements:
(1) A whole-of-government approach to protecting United
States electoral systems and processes that includes the
agencies and departments indicated in subsection (a) as well as
any other agencies and departments of the United States, as
determined appropriate by the Director of National Intelligence
and the Secretary of Homeland Security.
(2) Input solicited from Secretaries of State of the
various States and the chief election officials of the States.
(3) Technical security measures, including auditable paper
trails for voting machines, securing wireless and Internet
connections, and other technical safeguards.
(4) Detection of cyber threats, including attacks and
attempted attacks by Russian government or nongovernment cyber
threat actors.
(5) Improvement in the identification and attribution of
Russian government or nongovernment cyber threat actors.
(6) Deterrence, including actions and measures that could
or should be undertaken against or communicated to the
Government of Russia or other entities to deter attacks
against, or interference with, United States election systems
and processes.
(7) Improvement in Federal Government communications with
State and local election officials.
(8) Public education and communication efforts.
(9) Benchmarks and milestones to enable the measurement of
concrete steps taken and progress made in the implementation of
the strategy.
(c) Congressional Briefing.--
(1) In general.--Not later than 90 days after the date of
the enactment of this Act, the Director of National
Intelligence and the Secretary of Homeland Security shall
jointly brief the appropriate congressional committees on the
strategy developed under subsection (a).
(2) Appropriate congressional committees defined.--In this
subsection, the term ``appropriate congressional committees''
means the following:
(A) The congressional intelligence committees.
(B) The Committee on Armed Services and the
Committee on Homeland Security and Governmental Affairs
of the Senate.
(C) The Committee on Armed Services and the
Committee on Homeland Security of the House of
Representatives.
SEC. 505. INFORMATION SHARING WITH STATE ELECTION OFFICIALS.
(a) Security Clearances.--
(1) In general.--Not later than 30 days after the date of
the enactment of this Act, the Director of National
Intelligence shall support the Under Secretary of Homeland
Security for Intelligence and Analysis, and any other official
of the Department of Homeland Security designated by the
Secretary of Homeland Security, in sponsoring a security
clearance up to the top secret level for each eligible chief
election official of a State or the District of Columbia, and
additional eligible designees of such election official as
appropriate, at the time that such election official assumes
such position.
(2) Interim clearances.--Consistent with applicable
policies and directives, the Director of National Intelligence
may issue interim clearances, for a period to be determined by
the Director, to a chief election official as described in
paragraph (1) and up to 1 designee of such official under such
paragraph.
(b) Information Sharing.--
(1) In general.--The Director of National Intelligence
shall assist the Under Secretary of Homeland Security for
Intelligence and Analysis with sharing any appropriate
classified information related to threats to election systems
and to the integrity of the election process with chief
election officials and such designees who have received a
security clearance under subsection (a).
(2) Coordination.--The Under Secretary of Homeland Security
for Intelligence and Analysis shall coordinate with the
Director of National Intelligence to facilitate the sharing of
information to the affected Secretaries of State or States.
(c) State Defined.--In this section, the term ``State'' means any
State of the United States, the District of Columbia, the Commonwealth
of Puerto Rico, and any territory or possession of the United States.
SEC. 506. DESIGNATION OF COUNTERINTELLIGENCE OFFICER TO LEAD ELECTION
SECURITY MATTERS.
(a) In General.--The Director of National Intelligence shall
designate a national counterintelligence officer within the National
Counterintelligence and Security Center to lead, manage, and coordinate
counterintelligence matters relating to election security.
(b) Additional Responsibilities.--The person designated under
subsection (a) shall also lead, manage, and coordinate
counterintelligence matters relating to risks posed by interference
from foreign powers (as defined in section 101 of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801)) to the
following:
(1) The Federal Government election security supply chain.
(2) Election voting systems and software.
(3) Voter registration databases.
(4) Critical infrastructure related to elections.
(5) Such other Government goods and services as the
Director of National Intelligence considers appropriate.
TITLE VI--SECURITY CLEARANCES
SEC. 601. DEFINITIONS.
In this title:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the congressional intelligence committees;
(B) the Committee on Armed Services of the Senate;
(C) the Committee on Appropriations of the Senate;
(D) the Committee on Homeland Security and
Governmental Affairs of the Senate;
(E) the Committee on Armed Services of the House of
Representatives;
(F) the Committee on Appropriations of the House of
Representatives;
(G) the Committee on Homeland Security of the House
of Representatives; and
(H) the Committee on Oversight and Government
Reform of the House of Representatives.
(2) Council.--The term ``Council'' means the Security,
Suitability, and Credentialing Performance Accountability
Council established pursuant to Executive Order 13467 (73 Fed.
Reg. 38103; 50 U.S.C. 3161 note), or any successor entity.
(3) Security executive agent.--The term ``Security
Executive Agent'' means the Director of National Intelligence
acting as the Security Executive Agent in accordance with
section 605.
(4) Suitability and credentialing executive agent.--The
term ``Suitability and Credentialing Executive Agent'' means
the Director of the Office of Personnel Management acting as
the Suitability and Credentialing Executive Agent in accordance
with Executive Order 13467 (73 Fed. Reg. 38103; 50 U.S.C. 3161
note), or any successor entity.
SEC. 602. REPORTS AND PLANS RELATING TO SECURITY CLEARANCES AND
BACKGROUND INVESTIGATIONS.
(a) Sense of Congress.--It is the sense of Congress that--
(1) ensuring the trustworthiness and security of the
workforce, facilities, and information of the Federal
Government is of the highest priority to national security and
public safety;
(2) the President and Congress should prioritize the
modernization of the personnel security framework to improve
its efficiency, effectiveness, and accountability;
(3) the current system for security clearance, suitability
and fitness for employment, and credentialing lacks
efficiencies and capabilities to meet the current threat
environment, recruit and retain a trusted workforce, and
capitalize on modern technologies; and
(4) changes to policies or processes to improve this system
should be vetted through the Council to ensure standardization,
portability, and reciprocity in security clearances across the
Federal Government.
(b) Accountability Plans and Reports.--
(1) Plans.--Not later than 90 days after the date of the
enactment of this Act, the Council shall submit to the
appropriate congressional committees the following:
(A) A plan to reduce the background investigation
inventory to 500,000 by the end of year 2018 and to
200,000 or an otherwise sustainable steady-level by the
end of year 2019. Such plan shall include notes of any
required changes in investigative and adjudicative
standards or resources.
(B) A plan to consolidate the conduct of background
investigations associated with the processing for
positions of trust in the most effective and efficient
manner between the National Background Investigation
Bureau and the Defense Security Service, or a successor
organization. Such plan shall address required funding,
personnel, contracts, information technology, field
office structure, policy, governance, schedule,
transition costs, and effects on stakeholders.
(2) Report on the future of personnel security.--
(A) In general.--Not later than 180 days after the
date of the enactment of this Act, the Chairman of the
Council, in coordination with the members of the
Council, shall submit to the appropriate congressional
committees a report on the future of personnel security
to reflect changes in threats, the workforce, and
technology.
(B) Contents.--The report submitted under
subparagraph (A) shall include the following:
(i) A risk framework for granting and
renewing access to classified information.
(ii) A discussion of the use of
technologies to prevent, detect, and monitor
threats.
(iii) A discussion of efforts to address
reciprocity and portability.
(iv) A discussion of the characteristics of
effective insider threat programs.
(v) An analysis of how to integrate data
from continuous vetting, insider threat
programs, and human resources data.
(vi) Recommendations on interagency
governance.
(3) Plan for implementation.--Not later than 180 days after
the date of the enactment of this Act, the Chairman of the
Council, in coordination with the members of the Council, shall
submit to the appropriate congressional committees a plan to
implement the report's framework and recommendations submitted
under paragraph (2)(A).
(4) Congressional notifications.--Not less frequently than
monthly, the Security Executive Agent shall submit a report to
the appropriate congressional committees regarding the status
of the disposition of requests received from departments and
agencies of the Federal Government for a change to, or approval
under, the Federal investigative standards, the national
adjudicative guidelines, continuous evaluation, or other
national policy regarding personnel security.
SEC. 603. IMPROVING THE PROCESS FOR SECURITY CLEARANCES.
(a) Reviews.--Not later than 180 days after the date of the
enactment of this Act, the Security Executive Agent, in coordination
with the members of the Council, shall submit to the appropriate
congressional committees a report that includes the following:
(1) A review of whether the information requested on the
Questionnaire for National Security Positions (Standard Form
86) and by the Federal Investigative Standards prescribed by
the Office of Personnel Management and the Office of the
Director of National Intelligence appropriately support the
adjudicative guidelines under Security Executive Agent
Directive 4 (known as the ``National Security Adjudicative
Guidelines''). Such review shall include identification of
whether any such information currently collected is unnecessary
to support the adjudicative guidelines.
(2) An assessment of whether such Questionnaire, Standards,
and guidelines should be revised to account for the prospect of
a holder of a security clearance becoming an insider threat.
(3) Recommendations to improve the background investigation
process by--
(A) simplifying the Questionnaire for National
Security Positions (Standard Form 86) and increasing
customer support to applicants completing such
Questionnaire;
(B) using remote techniques and centralized
locations to support or replace field investigation
work;
(C) using secure and reliable digitization of
information obtained during the clearance process;
(D) building the capacity of the background
investigation labor sector; and
(E) replacing periodic reinvestigations with
continuous evaluation techniques in all appropriate
circumstances.
(b) Policy, Strategy, and Implementation.--Not later than 180 days
after the date of the enactment of this Act, the Security Executive
Agent shall, in coordination with the members of the Council, establish
the following:
(1) A policy and implementation plan for the issuance of
interim security clearances.
(2) A policy and implementation plan to ensure contractors
are treated consistently in the security clearance process
across agencies and departments of the United States as
compared to employees of such agencies and departments. Such
policy shall address--
(A) prioritization of processing security
clearances based on the mission the contractors will be
performing;
(B) standardization of how requests for clearance
sponsorship are issued;
(C) digitization of background investigation-
related forms;
(D) use of the polygraph;
(E) the application of the adjudicative guidelines
under Security Executive Agent Directive 4 (known as
the ``National Security Adjudicative Guidelines'');
(F) reciprocal recognition of clearances across
agencies and departments of the United States,
regardless of status of periodic reinvestigation;
(G) tracking of clearance files as individuals move
from employment with an agency or department of the
United States to employment in the private sector;
(H) collection of timelines for movement of
contractors across agencies and departments;
(I) reporting on security incidents and job
performance that affect the ability to hold a security
clearance;
(J) any recommended changes to the Federal
Acquisition Regulations (FAR) necessary to ensure that
information affecting contractor clearances or
suitability is appropriately and expeditiously shared
between and among agencies and contractors; and
(K) portability of contractor security clearances
between or among contracts at the same agency and
between or among contracts at different agencies that
require the same level of clearance.
(3) A strategy and implementation plan that--
(A) provides for periodic reinvestigations as part
of a security clearance determination only on an as-
needed, risk-based basis;
(B) includes actions to assess the extent to which
automated records checks and other continuous
evaluation methods may be used to expedite or focus
reinvestigations; and
(C) provides an exception for certain populations
if the Security Executive Agent--
(i) determines such populations require
reinvestigations at regular intervals; and
(ii) provides written justification to the
appropriate congressional committees for any
such determination.
(4) A policy and implementation plan for agencies and
departments of the United States, as a part of the security
clearance process, to accept automated records checks generated
pursuant to a security clearance applicant's employment with a
prior employer.
(5) A policy for the use of certain background materials on
individuals collected by the private sector for background
investigation purposes.
SEC. 604. GOALS FOR PROMPTNESS OF DETERMINATIONS REGARDING SECURITY
CLEARANCES.
(a) In General.--The Council shall take such actions as may be
necessary to ensure that, by December 31, 2021, 90 percent of all
determinations regarding--
(1) security clearances--
(A) at the secret level are issued in 30 days or
fewer; and
(B) at the top secret level are issued in 90 days
or fewer; and
(2) reciprocity of a security clearance at the same level
are recognized in 2 weeks or fewer.
(b) Certain Reinvestigations.--The Council shall ensure that by
December 31, 2021, reinvestigation on a set periodicity is not be
required for more than 10 percent of the population that holds a
security clearance.
(c) Plan.--Not later than 180 days after the date of the enactment
of this Act, the Council shall submit a plan to carry out this section
to the appropriate congressional committees. Such plan shall include
recommended interim milestones for the goals set forth in subsections
(a) and (b) for 2019, 2020, and 2021.
(d) Reciprocity Defined.--In this section, the term ``reciprocity''
means reciprocal recognition by Federal departments and agencies of
eligibility for access to classified information.
SEC. 605. SECURITY EXECUTIVE AGENT.
(a) In General.--The Director of National Intelligence shall serve
as the Security Executive Agent for all departments and agencies of the
United States.
(b) Duties.--The duties of the Security Executive Agent are as
follows:
(1) To direct the oversight of investigations,
reinvestigations, adjudications, and, as applicable, polygraphs
for eligibility for access to classified information or
eligibility to hold a sensitive position made by any Federal
agency.
(2) To review the national security background
investigation and adjudication programs of Federal agencies to
determine whether such programs are being implemented in
accordance with this section.
(3) To develop and issue uniform and consistent policies
and procedures to ensure the effective, efficient, timely, and
secure completion of investigations, polygraphs, and
adjudications relating to determinations of eligibility for
access to classified information or eligibility to hold a
sensitive position.
(4) Unless otherwise designated by law, to serve as the
final authority to designate a Federal agency or agencies to
conduct investigations of persons who are proposed for access
to classified information or for eligibility to hold a
sensitive position to ascertain whether such persons satisfy
the criteria for obtaining and retaining access to classified
information or eligibility to hold a sensitive position, as
applicable.
(5) Unless otherwise designated by law, to serve as the
final authority to designate a Federal agency or agencies to
determine eligibility for access to classified information or
eligibility to hold a sensitive position in accordance with
Executive Order 12968 of August 2, 1995, as amended.
(6) To ensure reciprocal recognition of eligibility for
access to classified information or eligibility to hold a
sensitive position among Federal agencies, including acting as
the final authority to arbitrate and resolve disputes among
such agencies involving the reciprocity of investigations and
adjudications of eligibility.
(7) To execute all other duties assigned to the Security
Executive Agent by law.
(c) Authorities.--The Security Executive Agent shall--
(1) issue guidelines and instructions to the heads of
Federal agencies to ensure appropriate uniformity,
centralization, efficiency, effectiveness, timeliness, and
security in processes relating to determinations by such
agencies of eligibility for access to classified information or
eligibility to hold a sensitive position, including such
matters as investigations, polygraphs, adjudications, and
reciprocity;
(2) have the authority to grant exceptions to, or waivers
of, national security investigative requirements, including
issuing implementing or clarifying guidance, as necessary;
(3) have the authority to assign, in whole or in part, to
the head of any Federal agency (solely or jointly) any of the
duties of the Security Executive Agent described in subsection
(b) or the authorities described in paragraphs (1) and (2),
provided that the exercise of such assigned duties or
authorities is subject to the oversight of the Security
Executive Agent, including such terms and conditions (including
approval by the Security Executive Agent) as the Security
Executive Agent determines appropriate; and
(4) define and set standards for continuous evaluation for
continued access to classified information and for eligibility
to hold a sensitive position.
SEC. 606. REPORT ON UNIFIED, SIMPLIFIED, GOVERNMENTWIDE STANDARDS FOR
POSITIONS OF TRUST AND SECURITY CLEARANCES.
Not later than 90 days after the date of the enactment of this Act,
the Security Executive Agent and the Suitability and Credentialing
Executive Agent, in coordination with the other members of the Council,
shall jointly issue a report regarding the advisability and the risks,
benefits, and costs to the Government and to industry of consolidating
to not more than 3 tiers for positions of trust and security
clearances.
SEC. 607. REPORT ON CLEARANCE IN PERSON CONCEPT.
(a) Sense of Congress.--It is the sense of Congress that to reflect
the greater mobility of the modern workforce, alternative methodologies
merit analysis to allow greater flexibility for individuals moving in
and out of positions that require access to classified information,
while still preserving security.
(b) Report Required.--Not later than 90 days after the date of the
enactment of this Act, the Security Executive Agent shall submit a
report to the appropriate congressional committees that describes the
requirements, feasibility, and advisability of implementing a clearance
in person concept described in subsection (c) for maintaining access to
classified information.
(c) Clearance in Person Concept.--The clearance in person concept--
(1) permits an individual to maintain his or her
eligibility for access to classified information, networks, and
facilities for up to 3 years after the individual's access to
classified information would otherwise lapse; and
(2) unless otherwise directed by the Security Executive
Agent, recognizes an individual's security clearance and
background investigation as current, regardless of employment
status.
(d) Contents.--The report required under subsection (b) shall
address--
(1) requirements for an individual to voluntarily remain in
a continuous evaluation program validated by the Security
Executive Agent even if the individual is not in a position
requiring access to classified information;
(2) appropriate safeguards for privacy;
(3) advantages to government and industry;
(4) the costs and savings associated with implementation;
(5) the risks of such implementation, including security
and counterintelligence risks;
(6) an appropriate funding model; and
(7) fairness to small companies and independent
contractors.
SEC. 608. BUDGET REQUEST DOCUMENTATION ON FUNDING FOR CLEARANCES.
(a) In General.--As part of the fiscal year 2020 budget request
submitted to Congress pursuant to section 1105(a) of title 31, United
States Code, the President shall include exhibits that identify the
resources allocated by each agency to processing security clearances,
disaggregated by type of security clearance.
(b) Contents.--Each exhibit submitted under subsection (a) shall
include, with respect to security clearances, details on the costs of--
(1) background investigations and reinvestigations;
(2) additional screening mechanisms, such as polygraphs,
medical exams, and psychological exams;
(3) adjudications;
(4) other means of continuous vetting, such as continuous
evaluation and user activity monitoring; and
(5) the average per person cost for each type of security
clearance.
SEC. 609. REPORTS ON RECIPROCITY FOR SECURITY CLEARANCES INSIDE OF
DEPARTMENTS AND AGENCIES.
(a) Reports to Security Executive Agent.--The head of each Federal
department or agency shall submit an annual report to the Security
Executive Agent that--
(1) identifies the number of individuals whose security
clearances take more than 2 weeks to be reciprocally recognized
after such individuals move to another part of such department
or agency; and
(2) breaks out the information described in paragraph (1)
by type of clearance and the reasons for any delays.
(b) Annual Report.--Not less frequently than once each year, the
Security Executive Agent shall submit to the appropriate congressional
committees an annual report that summarizes the information received
pursuant to subsection (a) during the period covered by such report.
(c) Reciprocally Recognized Defined.--In this section, the term
``reciprocally recognized'' means reciprocal recognition by Federal
departments and agencies of eligibility for access to classified
information.
SEC. 610. INTELLIGENCE COMMUNITY REPORTS ON SECURITY CLEARANCES.
Section 506H of the National Security Act of 1947 (50 U.S.C. 3104)
is amended--
(1) in subsection (a)(1)--
(A) in subparagraph (A)(ii), by adding ``and'' at
the end;
(B) in subparagraph (B)(ii), by striking ``; and''
and inserting a period; and
(C) by striking subparagraph (C);
(2) by redesignating subsection (b) as subsection (c);
(3) by inserting after subsection (a) the following:
``(b) Intelligence Community Reports.--(1) Not later than March 1
of each year, the Director of National Intelligence shall submit a
report to the congressional intelligence committees, the Committee on
Homeland Security and Governmental Affairs of the Senate, and the
Committee on Homeland Security of the House of Representatives
regarding the security clearances processed by each element of the
intelligence community during the preceding fiscal year. Each report
submitted under this paragraph shall separately identify security
clearances processed for Federal employees and contractor employees
sponsored by each such element.
``(2) Each report submitted under paragraph (1) shall include, for
each element of the intelligence community for the fiscal year covered
by the report, the following:
``(A) The total number of initial security clearance
background investigations sponsored for new applicants.
``(B) The total number of security clearance periodic
reinvestigations sponsored for existing employees.
``(C) The total number of initial security clearance
background investigations for new applicants that were
adjudicated with notice of a determination provided to the
prospective applicant, including--
``(i) the total number of such adjudications that
were adjudicated favorably and granted access to
classified information; and
``(ii) the total number of such adjudications that
were adjudicated unfavorably and resulted in a denial
or revocation of a security clearance.
``(D) The total number of security clearance periodic
background investigations that were adjudicated with notice of
a determination provided to the existing employee, including--
``(i) the total number of such adjudications that
were adjudicated favorably; and
``(ii) the total number of such adjudications that
were adjudicated unfavorably and resulted in a denial
or revocation of a security clearance.
``(E) The total number of pending security clearance
background investigations, including initial applicant
investigations and periodic reinvestigations, that were not
adjudicated as of the last day of such year and that remained
pending, categorized as follows:
``(i) For 180 days or shorter.
``(ii) For longer than 180 days, but shorter than
12 months.
``(iii) For 12 months or longer, but shorter than
18 months.
``(iv) For 18 months or longer, but shorter than 24
months.
``(v) For 24 months or longer.
``(F) For any security clearance determinations completed
or pending during the year preceding the year for which the
report is submitted that have taken longer than 12 months to
complete--
``(i) an explanation of the causes for the delays
incurred during the period covered by the report; and
``(ii) the number of such delays involving a
polygraph requirement.
``(G) The percentage of security clearance investigations,
including initial and periodic reinvestigations, that resulted
in a denial or revocation of a security clearance.
``(H) The percentage of security clearance investigations
that resulted in incomplete information.
``(I) The percentage of security clearance investigations
that did not result in enough information to make a decision on
potentially adverse information.
``(3) The report required under this subsection shall be submitted
in unclassified form, but may include a classified annex.''; and
(4) in subsection (c), as redesignated, by striking
``subsection (a)(1)'' and inserting ``subsections (a)(1) and
(b)''.
SEC. 611. PERIODIC REPORT ON POSITIONS IN THE INTELLIGENCE COMMUNITY
WHICH CAN BE CONDUCTED WITHOUT ACCESS TO CLASSIFIED
INFORMATION, NETWORKS, OR FACILITIES.
Not later than 180 days after the date of the enactment of this Act
and not less frequently than once every 5 years thereafter, the
Director of National Intelligence shall submit to the congressional
intelligence committees a report that reviews the intelligence
community for which positions can be conducted without access to
classified information, networks, or facilities, or may only require a
security clearance at the secret level.
SEC. 612. INFORMATION SHARING PROGRAM FOR POSITIONS OF TRUST.
(a) Agency Defined.--In this section, the term ``agency'' has the
meaning given the term ``Executive agency'' in section 105 of title 5,
United Stats Code.
(b) Program Required.--Not later than 90 days after the date of the
enactment of this Act, the Security Executive Agent shall establish a
program to share between and among agencies and industry partners of
the Federal Government information regarding individuals applying for
and in positions of trust, including derogatory and suitability
information.
(c) Goal.--The goal of the program required by subsection (b) shall
be to alert agencies and industry partners as to individuals who may
require further vetting or should be subject to certain insider threat
programs regarding granted access, or continued access, to classified
information, especially when such individuals change agencies,
employers, or contracts.
(d) Privacy Safeguards.--The Security Executive Agent shall ensure
that the program required by subsection (b) includes such safeguards
for privacy as the Security Executive Agent considers appropriate.
(e) Provision of Information to the Private Sector.--The Security
Executive Agent shall ensure that under the program required by
subsection (b)--
(1) sufficient information is provided to the private
sector so that employers in the private sector can make
informed decisions about hiring and retention in positions of
trust; and
(2) agencies and private sector entities that receive
information under the program have the capabilities in place to
safeguard personnel privacy in compliance with applicable law
and policy.
(f) Implementation Plan.--
(1) In general.--Not later than 90 days after the date of
the enactment of this Act, the Security Executive Agent shall
submit a plan to the appropriate congressional committees for
the implementation of the program required under subsection
(b).
(2) Contents.--The plan required under paragraph (1) shall
include--
(A) matters that address privacy, security, and
human resources processes; and
(B) any recommendations of the Security Executive
Agent for legislative or administrative action to carry
out or improve the program.
SEC. 613. REPORT ON PROTECTIONS FOR CONFIDENTIALITY OF WHISTLEBLOWER-
RELATED COMMUNICATIONS.
Not later than 180 days after the date of the enactment of this
Act, the Security Executive Agent shall, in coordination with the
Inspector General of the Intelligence Community, submit to the
appropriate congressional committees a report detailing the controls
employed by the intelligence community to ensure that continuous
evaluation programs, including those involving user activity
monitoring, protect the confidentiality of whistleblower-related
communications.
TITLE VII--REPORTS AND OTHER MATTERS
Subtitle A--Matters Relating to Russia and Other Foreign Powers
SEC. 701. LIMITATION RELATING TO ESTABLISHMENT OR SUPPORT OF
CYBERSECURITY UNIT WITH THE GOVERNMENT OF RUSSIA.
(a) Appropriate Congressional Committees.--The term ``appropriate
congressional committees'' means--
(1) the congressional intelligence committees; and
(2) the Committee on Armed Services of the Senate and the
Committee on Armed Services of the House of Representatives.
(b) Limitation.--
(1) In general.--No amount may be expended by the Federal
Government, other than the Department of Defense, to enter into
or implement any bilateral agreement between the United States
and the Russian Federation regarding cybersecurity, including
the establishment or support of any cybersecurity unit, unless,
at least 30 days prior to the conclusion of any such agreement,
the Director of National Intelligence submits to the
appropriate congressional committees a report on such agreement
that includes the elements required by subsection (c).
(2) Department of defense agreements.--Any agreement
between the Department of Defense and the Russian Federation
regarding cybersecurity shall be conducted in accordance with
section 1232 of the National Defense Authorization Act for
Fiscal Year 2017 (Public Law 114-328), as amended by section
1231 of the National Defense Authorization Act for Fiscal Year
2018 (Public Law 115-91).
(c) Elements.--If the Director submits a report under subsection
(a) with respect to an agreement, such report shall include a
description of each of the following:
(1) The purpose of the agreement.
(2) The nature of any intelligence to be shared pursuant to
the agreement.
(3) The expected value to national security resulting from
the implementation of the agreement.
(4) Such counterintelligence concerns associated with the
agreement as the Director may have and such measures as the
Director expects to be taken to mitigate such concerns.
(d) Rule of Construction.--This section shall not be construed to
affect any existing authority of the Director of National Intelligence,
the Director of the Central Intelligence Agency, or any other head of
an element of the intelligence community, to share or receive foreign
intelligence on a case-by-case basis.
SEC. 702. REPORT ON RETURNING RUSSIAN COMPOUNDS.
(a) Covered Compounds Defined.--In this section, the term ``covered
compounds'' means the real property in New York, the real property in
Maryland, and the real property in San Francisco, California, that were
under the control of the Government of Russia in 2016 and were removed
from such control in response to various transgressions by the
Government of Russia, including the interference by the Government of
Russia in the 2016 election in the United States.
(b) Requirement for Report.--Not later than 180 days after the date
of the enactment of this Act, the Director of National Intelligence
shall submit to the congressional intelligence committees a report on
the intelligence risks of returning the covered compounds to Russian
control.
(c) Form of Report.--The report required by this section shall be
submitted in classified and unclassified forms.
SEC. 703. ASSESSMENT OF THREAT FINANCE RELATING TO RUSSIA.
(a) Threat Finance Defined.--In this section, the term ``threat
finance'' means--
(1) the financing of cyber operations, global influence
campaigns, intelligence service activities, proliferation,
terrorism, or transnational crime and drug organizations;
(2) the methods and entities used to spend, store, move,
raise, conceal, or launder money or value, on behalf of threat
actors;
(3) sanctions evasion; and
(4) other forms of threat finance activity domestically or
internationally, as defined by the President.
(b) Report Required.--Not later than 60 days after the date of the
enactment of this Act, the Director of National Intelligence, in
coordination with the Assistant Secretary of the Treasury for
Intelligence and Analysis, shall submit to the congressional
intelligence committees a report containing an assessment of Russian
threat finance. The assessment shall be based on intelligence from all
sources, including from the Office of Terrorism and Financial
Intelligence of the Department of the Treasury.
(c) Elements.--The report required by subsection (b) shall include
each of the following:
(1) A summary of leading examples from the 3-year period
preceding the date of the submittal of the report of threat
finance activities conducted by, for the benefit of, or at the
behest of--
(A) officials of the Government of Russia;
(B) persons subject to sanctions under any
provision of law imposing sanctions with respect to
Russia;
(C) Russian nationals subject to sanctions under
any other provision of law; or
(D) Russian oligarchs or individuals involved in
organized crime.
(2) An assessment with respect to any trends or patterns in
threat finance activities relating to Russia, including common
methods of conducting such activities and global nodes of money
laundering used by Russian threat actors described in paragraph
(1) and associated entities.
(3) An assessment of any connections between Russian
individuals involved in money laundering and the Government of
Russia.
(4) A summary of engagement and coordination with
international partners on threat finance relating to Russia,
especially in Europe, including examples of such engagement and
coordination.
(5) An identification of any resource and collection gaps.
(6) An identification of--
(A) entry points of money laundering by Russian and
associated entities into the United States;
(B) any vulnerabilities within the United States
legal and financial system, including specific sectors,
which have been or could be exploited in connection
with Russian threat finance activities; and
(C) the counterintelligence threat posed by Russian
money laundering and other forms of threat finance, as
well as the threat to the United States financial
system and United States efforts to enforce sanctions
and combat organized crime.
(7) Any other matters the Director determines appropriate.
(d) Form of Report.--The report required under subsection (b) may
be submitted in classified form.
SEC. 704. NOTIFICATION OF AN ACTIVE MEASURES CAMPAIGN.
(a) Definitions.--In this section:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the congressional intelligence committees; and
(B) the Committee on Armed Services of the Senate
and the Committee on Armed Services of the House of
Representatives.
(2) Congressional leadership.--The term ``congressional
leadership'' includes the following:
(A) The majority leader of the Senate.
(B) The minority leader of the Senate.
(C) The Speaker of the House of Representatives.
(D) The minority leader of the House of
Representatives.
(b) Requirement for Notification.--The Director of National
Intelligence, in cooperation with the Director of the Federal Bureau of
Investigation and the head of any other relevant agency, shall notify
the congressional leadership and the Chairman and Vice Chairman or
Ranking Member of each of the appropriate congressional committees, and
of other relevant committees of jurisdiction, each time the Director of
National Intelligence determines there is credible information that a
foreign power has, is, or will attempt to employ a covert influence or
active measures campaign with regard to the modernization, employment,
doctrine, or force posture of the nuclear deterrent or missile defense.
(c) Content of Notification.--Each notification required by
subsection (a) shall include information concerning actions taken by
the United States to expose or halt an attempt referred to in
subsection (a).
SEC. 705. NOTIFICATION OF TRAVEL BY ACCREDITED DIPLOMATIC AND CONSULAR
PERSONNEL OF THE RUSSIAN FEDERATION IN THE UNITED STATES.
In carrying out the advance notification requirements set out in
section 502 of the Intelligence Authorization Act for Fiscal Year 2017
(division N of Public Law 115-31; 131 Stat. 825; 22 U.S.C. 254a note),
the Secretary of State shall--
(1) ensure that the Russian Federation provides
notification to the Secretary of State at least 2 business days
in advance of all travel that is subject to such requirements
by accredited diplomatic and consular personnel of the Russian
Federation in the United States, and take necessary action to
secure full compliance by Russian personnel and address any
noncompliance; and
(2) provide notice of travel described in paragraph (1) to
the Director of National Intelligence and the Director of the
Federal Bureau of Investigation within 1 hour of receiving
notice of such travel.
Subtitle B--Reports
SEC. 711. TECHNICAL CORRECTION TO INSPECTOR GENERAL STUDY.
Section 11001(d) of title 5, United States Code, is amended--
(1) in the subsection heading, by striking ``Audit'' and
inserting ``Review'';
(2) in paragraph (1), by striking ``audit'' and inserting
``review''; and
(3) in paragraph (2), by striking ``audit'' and inserting
``review''.
SEC. 712. REPORTS ON AUTHORITIES OF THE CHIEF INTELLIGENCE OFFICER OF
THE DEPARTMENT OF HOMELAND SECURITY.
(a) Homeland Security Intelligence Enterprise Defined.--In this
section, the term ``Homeland Security Intelligence Enterprise'' has the
meaning given such term in Department of Homeland Security Instruction
Number 264-01-001, or successor authority.
(b) Requirement for Report.--Not later than 120 days after the date
of the enactment of this Act, the Secretary of Homeland Security, in
consultation with the Under Secretary of Homeland Security for
Intelligence and Analysis, shall submit to the congressional
intelligence committees, the Committee on Homeland Security and
Governmental Affairs of the Senate, and the Committee on Homeland
Security of the House of Representatives a report on the authorities of
the Under Secretary.
(c) Elements.--The report required by subsection (b) shall include
each of the following:
(1) An analysis of whether the Under Secretary has the
legal and policy authority necessary to organize and lead the
Homeland Security Intelligence Enterprise, with respect to
intelligence, and, if not, a description of--
(A) the obstacles to exercising the authorities of
the Chief Intelligence Officer of the Department and
the Homeland Security Intelligence Council, of which
the Chief Intelligence Officer is the chair; and
(B) the legal and policy changes necessary to
effectively coordinate, organize, and lead intelligence
activities of the Department of Homeland Security.
(2) A description of the actions that the Secretary has
taken to address the inability of the Under Secretary to
require components of the Department, other than the Office of
Intelligence and Analysis of the Department to--
(A) coordinate intelligence programs; and
(B) integrate and standardize intelligence products
produced by such other components.
SEC. 713. REPORT ON CYBER EXCHANGE PROGRAM.
(a) Report.--Not later than 90 days after the date of the enactment
of this Act, the Director of National Intelligence shall submit to the
congressional intelligence committees a report on the potential
establishment of a fully voluntary exchange program between elements of
the intelligence community and private technology companies under
which--
(1) an employee of an element of the intelligence community
with demonstrated expertise and work experience in
cybersecurity or related disciplines may elect to be
temporarily detailed to a private technology company that has
elected to receive the detailee; and
(2) an employee of a private technology company with
demonstrated expertise and work experience in cybersecurity or
related disciplines may elect to be temporarily detailed to an
element of the intelligence community that has elected to
receive the detailee.
(b) Elements.--The report under subsection (a) shall include the
following:
(1) An assessment of the feasibility of establishing the
exchange program described in such subsection.
(2) Identification of any challenges in establishing the
exchange program.
(3) An evaluation of the benefits to the intelligence
community that would result from the exchange program.
SEC. 714. REPORT ON ROLE OF DIRECTOR OF NATIONAL INTELLIGENCE WITH
RESPECT TO CERTAIN FOREIGN INVESTMENTS.
(a) Report.--Not later than 180 days after the date of the
enactment of this Act, the Director of National Intelligence, in
consultation with the heads of the elements of the intelligence
community determined appropriate by the Director, shall submit to the
congressional intelligence committees a report on the role of the
Director in preparing analytic materials in connection with the
evaluation by the Federal Government of national security risks
associated with potential foreign investments into the United States.
(b) Elements.--The report under subsection (a) shall include--
(1) a description of the current process for the provision
of the analytic materials described in subsection (a);
(2) identification of the most significant benefits and
drawbacks of such process with respect to the role of the
Director, including any benefits or drawbacks relating to the
time allotted to the Director to prepare such materials; and
(3) recommendations to improve such process.
SEC. 715. REPORT ON SURVEILLANCE BY FOREIGN GOVERNMENTS AGAINST UNITED
STATES TELECOMMUNICATIONS NETWORKS.
(a) Appropriate Congressional Committees Defined.--In this section,
the term ``appropriate congressional committees'' means the following:
(1) The congressional intelligence committees.
(2) The Committee on the Judiciary and the Committee on
Homeland Security and Governmental Affairs of the Senate.
(3) The Committee on the Judiciary and the Committee on
Homeland Security of the House of Representatives.
(b) Report.--Not later than 180 days after the date of the
enactment of this Act, the Director of National Intelligence shall, in
coordination with the Director of the Central Intelligence Agency, the
Director of the National Security Agency, the Director of the Federal
Bureau of Investigation, and the Secretary of Homeland Security, submit
to the appropriate congressional committees a report describing--
(1) any attempts known to the intelligence community by
foreign governments to exploit cybersecurity vulnerabilities in
United States telecommunications networks (including Signaling
System No. 7) to target for surveillance of United States
persons, including employees of the Federal Government; and
(2) any actions, as of the date of the enactment of this
Act, taken by the intelligence community to protect agencies
and personnel of the United States Government from surveillance
conducted by foreign governments.
SEC. 716. BIENNIAL REPORT ON FOREIGN INVESTMENT RISKS.
(a) Intelligence Community Interagency Working Group.--
(1) Requirement to establish.--The Director of National
Intelligence shall establish an intelligence community
interagency working group to prepare the biennial reports
required by subsection (b).
(2) Chairperson.--The Director of National Intelligence
shall serve as the chairperson of such interagency working
group.
(3) Membership.--Such interagency working group shall be
composed of representatives of each element of the intelligence
community that the Director of National Intelligence determines
appropriate.
(b) Biennial Report on Foreign Investment Risks.--
(1) Report required.--Not later than 180 days after the
date of the enactment of this Act, and biennially thereafter,
the Director of National Intelligence shall submit to the
congressional intelligence committees, the Committee on
Homeland Security and Governmental Affairs of the Senate, and
the Committee on Homeland Security of the House of
Representatives a report on foreign investment risks prepared
by the interagency working group established under subsection
(a).
(2) Elements.--Each report required by paragraph (1) shall
include an identification, analysis, and explanation of the
following:
(A) Any current or projected major threats to the
national security of the United States with respect to
foreign investment.
(B) Any strategy used by a foreign country that
such interagency working group has identified to be a
country of special concern to use foreign investment to
target the acquisition of critical technologies,
critical materials, or critical infrastructure.
(C) Any economic espionage efforts directed at the
United States by a foreign country, particularly such a
country of special concern.
SEC. 717. MODIFICATION OF CERTAIN REPORTING REQUIREMENT ON TRAVEL OF
FOREIGN DIPLOMATS.
Section 502(d)(2) of the Intelligence Authorization Act for Fiscal
Year 2017 (Public Law 115-31; 22 U.S.C. 254a note) is amended by
striking ``the number'' and inserting ``a best estimate''.
SEC. 718. SEMIANNUAL REPORTS ON INVESTIGATIONS OF UNAUTHORIZED
DISCLOSURES OF CLASSIFIED INFORMATION.
(a) In General.--Title XI of the National Security Act of 1947 (50
U.S.C. 3231 et seq.) is amended by adding at the end the following new
section:
``SEC. 1105. SEMIANNUAL REPORTS ON INVESTIGATIONS OF UNAUTHORIZED
DISCLOSURES OF CLASSIFIED INFORMATION.
``(a) Definitions.--In this section:
``(1) Covered official.--The term `covered official'
means--
``(A) the heads of each element of the intelligence
community; and
``(B) the inspectors general with oversight
responsibility for an element of the intelligence
community.
``(2) Investigation.--The term `investigation' means any
inquiry, whether formal or informal, into the existence of an
unauthorized public disclosure of classified information.
``(3) Unauthorized disclosure of classified information.--
The term `unauthorized disclosure of classified information'
means any unauthorized disclosure of classified information to
any recipient.
``(4) Unauthorized public disclosure of classified
information.--The term `unauthorized public disclosure of
classified information' means the unauthorized disclosure of
classified information to a journalist or media organization.
``(b) Intelligence Community Reporting.--
``(1) In general.--Not less frequently than once every 6
months, each covered official shall submit to the congressional
intelligence committees a report on investigations of
unauthorized public disclosures of classified information.
``(2) Elements.--Each report submitted under paragraph (1)
shall include, with respect to the preceding 6-month period,
the following:
``(A) The number of investigations opened by the
covered official regarding an unauthorized public
disclosure of classified information.
``(B) The number of investigations completed by the
covered official regarding an unauthorized public
disclosure of classified information.
``(C) Of the number of such completed
investigations identified under subparagraph (B), the
number referred to the Attorney General for criminal
investigation.
``(c) Department of Justice Reporting.--
``(1) In general.--Not less frequently than once every 6
months, the Assistant Attorney General for National Security of
the Department of Justice, in consultation with the Director of
the Federal Bureau of Investigation, shall submit to the
congressional intelligence committees, the Committee on the
Judiciary of the Senate, and the Committee on the Judiciary of
the House of Representatives a report on the status of each
referral made to the Department of Justice from any element of
the intelligence community regarding an unauthorized disclosure
of classified information made during the most recent 365-day
period or any referral that has not yet been closed, regardless
of the date the referral was made.
``(2) Contents.--Each report submitted under paragraph (1)
shall include, for each referral covered by the report, at a
minimum, the following:
``(A) The date the referral was received.
``(B) A statement indicating whether the alleged
unauthorized disclosure described in the referral was
substantiated by the Department of Justice.
``(C) A statement indicating the highest level of
classification of the information that was revealed in
the unauthorized disclosure.
``(D) A statement indicating whether an open
criminal investigation related to the referral is
active.
``(E) A statement indicating whether any criminal
charges have been filed related to the referral.
``(F) A statement indicating whether the Department
of Justice has been able to attribute the unauthorized
disclosure to a particular entity or individual.
``(d) Form of Reports.--Each report submitted under this section
shall be submitted in unclassified form, but may have a classified
annex.''.
(b) Clerical Amendment.--The table of contents in the first section
of the National Security Act of 1947 is amended by inserting after the
item relating to section 1104 the following new item:
``Sec. 1105. Semiannual reports on investigations of unauthorized
disclosures of classified information.''.
SEC. 719. CONGRESSIONAL NOTIFICATION OF DESIGNATION OF COVERED
INTELLIGENCE OFFICER AS PERSONA NON GRATA.
(a) Intelligence Officer Defined.--In this section, the term
``covered intelligence officer'' means--
(1) a United States intelligence officer serving in a post
in a foreign country; or
(2) a known or suspected foreign intelligence officer
serving in a United States post.
(b) Requirement for Reports.--Not later than 72 hours after a
covered intelligence officer is designated as a persona non grata, the
Director of National Intelligence, in consultation with the Secretary
of State, shall submit to the congressional intelligence committees a
notification of that designation. Each such notification shall
include--
(1) the date of the designation;
(2) the basis for the designation; and
(3) a justification for the expulsion.
SEC. 720. INSPECTORS GENERAL REPORTS ON CLASSIFICATION.
(a) Reports.--Not later than October 1, 2019, each Inspector
General listed in subsection (b) shall submit to the congressional
intelligence committees a report that includes, with respect to the
department or agency of the Inspector General, analyses of the
following:
(1) The accuracy of the application of classification and
handling markers on a representative sample of finished
reports, including such reports that are compartmented.
(2) Compliance with declassification procedures.
(3) The effectiveness of processes for identifying topics
of public or historical importance that merit prioritization
for a declassification review.
(b) Inspectors General.--The Inspectors General listed in this
subsection are as follows:
(1) The Inspector General of the Intelligence Community.
(2) The Inspector General of the Central Intelligence
Agency.
(3) The Inspector General of the National Security Agency.
(4) The Inspector General of the Defense Intelligence
Agency.
(5) The Inspector General of the National Reconnaissance
Office.
(6) The Inspector General of the National Geospatial-
Intelligence Agency.
SEC. 721. REPORTS ON INTELLIGENCE COMMUNITY PARTICIPATION IN
VULNERABILITIES EQUITIES PROCESS OF FEDERAL GOVERNMENT.
(a) Definitions.--In this section:
(1) Vulnerabilities equities policy and process document.--
The term ``Vulnerabilities Equities Policy and Process
document'' means the executive branch document entitled
``Vulnerabilities Equities Policy and Process'' dated November
15, 2017.
(2) Vulnerabilities equities process.--The term
``Vulnerabilities Equities Process'' means the interagency
review of vulnerabilities, pursuant to the Vulnerabilities
Equities Policy and Process document or any successor document.
(3) Vulnerability.--The term ``vulnerability'' means a
weakness in an information system or its components (for
example, system security procedures, hardware design, and
internal controls) that could be exploited or could affect
confidentiality, integrity, or availability of information.
(b) Reports on Process and Criteria Under Vulnerabilities Equities
Policy and Process.--
(1) In general.--Not later than 90 days after the date of
the enactment of this Act, the Director of National
Intelligence shall submit to the congressional intelligence
committees a written report describing--
(A) with respect to each element of the
intelligence community--
(i) the title of the official or officials
responsible for determining whether, pursuant
to criteria contained in the Vulnerabilities
Equities Policy and Process document or any
successor document, a vulnerability must be
submitted for review under the Vulnerabilities
Equities Process; and
(ii) the process used by such element to
make such determination; and
(B) the roles or responsibilities of that element
during a review of a vulnerability submitted to the
Vulnerabilities Equities Process.
(2) Changes to process or criteria.--Not later than 30 days
after any significant change is made to the process and
criteria used by any element of the intelligence community for
determining whether to submit a vulnerability for review under
the Vulnerabilities Equities Process, such element shall submit
to the congressional intelligence committees a report
describing such change.
(3) Form of reports.--Each report submitted under this
subsection shall be submitted in unclassified form, but may
include a classified annex.
(c) Annual Reports.--
(1) In general.--Not less frequently than once each
calendar year, the Director of National Intelligence shall
submit to the congressional intelligence committees a
classified report containing, with respect to the previous
year--
(A) the number of vulnerabilities submitted for
review under the Vulnerabilities Equities Process;
(B) the number of vulnerabilities described in
subparagraph (A) disclosed to each vendor responsible
for correcting the vulnerability, or to the public,
pursuant to the Vulnerabilities Equities Process; and
(C) the aggregate number, by category, of the
vulnerabilities excluded from review under the
Vulnerabilities Equities Process, as described in
paragraph 5.4 of the Vulnerabilities Equities Policy
and Process document.
(2) Unclassified information.--Each report submitted under
paragraph (1) shall include an unclassified appendix that
contains--
(A) the aggregate number of vulnerabilities
disclosed to vendors or the public pursuant to the
Vulnerabilities Equities Process; and
(B) the aggregate number of vulnerabilities
disclosed to vendors or the public pursuant to the
Vulnerabilities Equities Process known to have been
patched.
(3) Non-duplication.--The Director of National Intelligence
may forgo submission of an annual report required under this
subsection for a calendar year, if the Director notifies the
intelligence committees in writing that, with respect to the
same calendar year, an annual report required by paragraph 4.3
of the Vulnerabilities Equities Policy and Process document
already has been submitted to Congress, and such annual report
contains the information that would otherwise be required to be
included in an annual report under this subsection.
SEC. 722. REPORTS ON GLOBAL WATER INSECURITY AND NATIONAL SECURITY
IMPLICATIONS.
(a) Reports Required.--Not later than 180 days after the date of
the enactment of this Act and not less frequently than once every 5
years thereafter, the Director of National Intelligence shall submit to
the congressional intelligence committees a report on the implications
of water insecurity on the national security interest of the United
States, including consideration of social, economic, agricultural, and
environmental factors.
(b) Assessment Scope and Focus.--Each report submitted under
subsection (a) shall include an assessment of water insecurity
described in such subsection with a global scope, but focus on areas of
the world--
(1) of strategic, economic, or humanitarian interest to the
United States--
(A) that are, as of the date of the report, at the
greatest risk of instability, conflict, human
insecurity, or mass displacement; or
(B) where challenges relating to water insecurity
are likely to emerge and become significant during the
5-year or the 20-year period beginning on the date of
the report; and
(2) where challenges relating to water insecurity are
likely to imperil the national security interests of the United
States or allies of the United States.
(c) Consultation.--In researching a report required by subsection
(a), the Director shall consult with--
(1) such stakeholders within the intelligence community,
the Department of Defense, and the Department of State as the
Director considers appropriate; and
(2) such additional Federal agencies and persons in the
private sector as the Director considers appropriate.
(d) Form.--Each report submitted under subsection (a) shall be
submitted in unclassified form, but may include a classified annex.
SEC. 723. ANNUAL REPORT ON MEMORANDA OF UNDERSTANDING BETWEEN ELEMENTS
OF INTELLIGENCE COMMUNITY AND OTHER ENTITIES OF THE
UNITED STATES GOVERNMENT REGARDING SIGNIFICANT
OPERATIONAL ACTIVITIES OR POLICY.
Section 311 of the Intelligence Authorization Act for Fiscal Year
2017 (50 U.S.C. 3313) is amended--
(1) by redesignating subsection (b) as subsection (c); and
(2) by striking subsection (a) and inserting the following:
``(a) In General.--Each year, concurrent with the annual budget
request submitted by the President to Congress under section 1105 of
title 31, United States Code, each head of an element of the
intelligence community shall submit to the congressional intelligence
committees a report that lists each memorandum of understanding or
other agreement regarding significant operational activities or policy
entered into during the most recently completed fiscal year between or
among such element and any other entity of the United States
Government.
``(b) Provision of Documents.--Each head of an element of an
intelligence community who receives a request from the Select Committee
on Intelligence of the Senate or the Permanent Select Committee on
Intelligence of the House of Representatives for a copy of a memorandum
of understanding or other document listed in a report submitted by the
head under subsection (a) shall submit to such committee the requested
copy as soon as practicable after receiving such request.''.
SEC. 724. REPEAL OF REPORT REQUIREMENT FOR INSPECTORS GENERAL OF
CERTAIN ELEMENTS OF INTELLIGENCE COMMUNITY.
(a) In General.--Section 8H of the Inspector General Act of 1978 (5
U.S.C. App.) is amended--
(1) by striking subsection (g); and
(2) by redesignating subsections (h) and (i) as subsections
(g) and (h), respectively.
(b) Conforming Amendments.--
(1) National security act of 1947.--Section 507(a) of the
National Security Act of 1947 (50 U.S.C. 3106(a)) is amended--
(A) by striking paragraph (1); and
(B) by redesignating paragraphs (2) through (5) as
paragraphs (1) through (4).
(2) Intelligence reform and terrorism prevention act of
2004.--Section 3001(j)(1)(C) of the Intelligence Reform and
Terrorism Prevention Act of 2004 (50 U.S.C. 3341(j)(1)(C)) is
amended by striking ``and (h)'' and inserting ``and (g)''.
SEC. 725. REPEAL OF REQUIREMENT FOR ANNUAL PERSONNEL LEVEL ASSESSMENTS
FOR THE INTELLIGENCE COMMUNITY.
Section 506B of the National Security Act of 1947 (50 U.S.C. 3098)
is hereby repealed.
SEC. 726. REPORT ON OUTREACH STRATEGY ADDRESSING THREATS FROM UNITED
STATES ADVERSARIES TO THE UNITED STATES TECHNOLOGY
SECTOR.
(a) Report Required.--Not later than 180 days after the date of the
enactment of this Act, the Director of National Intelligence shall
submit to the appropriate committees of Congress a report detailing
outreach by the intelligence community and the Defense Intelligence
Enterprise to United States industrial, commercial, scientific,
technical, and academic communities on matters relating to the efforts
of adversaries of the United States to acquire critical United States
technology, intellectual property, and research and development
information.
(b) Contents.--The report required by subsection (a) shall include
the following:
(1) A review of the current outreach efforts of the
intelligence community and the Defense Intelligence Enterprise
described in subsection (a), including the type of information
conveyed in the outreach.
(2) A determination of the appropriate element of the
intelligence community to lead such outreach efforts.
(3) An assessment of potential methods for improving the
effectiveness of such outreach, including an assessment of the
following:
(A) Those critical technologies, infrastructure, or
related supply chains that are at risk from the efforts
of adversaries described in subsection (a).
(B) The necessity and advisability of granting
security clearances to company or community leadership,
when necessary and appropriate, to allow for tailored
classified briefings on specific targeted threats.
(C) The advisability of partnering with entities of
the Federal Government that are not elements of the
intelligence community and relevant regulatory and
industry groups described in subsection (a), to convey
key messages across sectors targeted by United States
adversaries.
(D) Strategies to assist affected elements of the
communities described in subparagraph (C) in
mitigating, deterring, and protecting against the broad
range of threats from the efforts of adversaries
described in subsection (a), with focus on producing
information that enables private entities to justify
business decisions related to national security
concerns.
(E) The advisability of the establishment of a
United States Government-wide task force to coordinate
outreach and activities to combat the threats from
efforts of adversaries described in subsection (a).
(F) Such other matters as the Director of National
Intelligence may consider necessary.
(c) Consultation Encouraged.--In preparing the report required by
subsection (a), the Director is encouraged to consult with other
government agencies, think tanks, academia, representatives of the
financial industry, or such other entities as the Director considers
appropriate.
(d) Form.--The report required by subsection (a) shall be submitted
in unclassified form, but may include a classified annex as necessary.
(e) Appropriate Committees of Congress Defined.--In this section,
the term ``appropriate committees of Congress'' means--
(1) the congressional intelligence committees;
(2) the Committee on Armed Services and the Committee on
Homeland Security and Governmental Affairs of the Senate; and
(3) the Committee on Armed Services, Committee on Homeland
Security, and the Committee on Oversight and Government Reform
of the House of Representatives.
SEC. 727. STUDY ON THE FEASIBILITY OF ENCRYPTING UNCLASSIFIED WIRELINE
AND WIRELESS TELEPHONE CALLS.
(a) Study Required.--Not later than 180 days after the date of the
enactment of this Act, the Director of National Intelligence shall
complete a study on the feasibility of encrypting unclassified wireline
and wireless telephone calls between personnel in the intelligence
community.
(b) Report.--Not later than 90 days after the date on which the
Director completes the study required by subsection (a), the Director
shall submit to the congressional intelligence committees a report on
the Director's findings with respect to such study.
SEC. 728. MODIFICATION OF REQUIREMENT FOR ANNUAL REPORT ON HIRING AND
RETENTION OF MINORITY EMPLOYEES.
(a) Expansion of Period of Report.--Subsection (a) of section 114
of the National Security Act of 1947 (50 U.S.C. 3050) is amended by
inserting ``and the preceding 5 fiscal years'' after ``fiscal year''.
(b) Clarification on Disaggregation of Data.--Subsection (b) of
such section is amended, in the matter before paragraph (1), by
striking ``disaggregated data by category of covered person from each
element of the intelligence community'' and inserting ``data,
disaggregated by category of covered person and by element of the
intelligence community,''.
Subtitle C--Other Matters
SEC. 731. TECHNICAL AMENDMENTS RELATED TO THE DEPARTMENT OF ENERGY.
(a) National Nuclear Security Administration Act.--
(1) Clarification of functions of the administrator for
nuclear security.--Subsection (b) of section 3212 of the
National Nuclear Security Administration Act (50 U.S.C.
2402(b)) is amended--
(A) by striking paragraphs (11) and (12); and
(B) by redesignating paragraphs (13) through (19)
as paragraphs (11) through (17), respectively.
(2) Counterintelligence programs.--Section 3233(b) of the
National Nuclear Security Administration Act (50 U.S.C.
2423(b)) is amended--
(A) by striking ``Administration'' and inserting
``Department''; and
(B) by inserting ``Intelligence and'' after ``the
Office of''.
(b) Atomic Energy Defense Act.--Section 4524(b)(2) of the Atomic
Energy Defense Act (50 U.S.C. 2674(b)(2)) is amended by inserting
``Intelligence and'' after ``The Director of''.
(c) National Security Act of 1947.--Paragraph (2) of section 106(b)
of the National Security Act of 1947 (50 U.S.C. 3041(b)(2)) is
amended--
(1) in subparagraph (E), by inserting ``and
Counterintelligence'' after ``Office of Intelligence'';
(2) by striking subparagraph (F);
(3) by redesignating subparagraphs (G), (H), and (I) as
subparagraphs (F), (G), and (H), respectively; and
(4) in subparagraph (H), as so redesignated, by realigning
the margin of such subparagraph 2 ems to the left.
SEC. 732. SECURING ENERGY INFRASTRUCTURE.
(a) Definitions.--In this section:
(1) Appropriate congressional committees.--The term
``appropriate congressional committees'' means--
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and
Governmental Affairs and the Committee on Energy and
Natural Resources of the Senate; and
(C) the Committee on Homeland Security and the
Committee on Energy and Commerce of the House of
Representatives.
(2) Covered entity.--The term ``covered entity'' means an
entity identified pursuant to section 9(a) of Executive Order
13636 of February 12, 2013 (78 Fed. Reg. 11742), relating to
identification of critical infrastructure where a cybersecurity
incident could reasonably result in catastrophic regional or
national effects on public health or safety, economic security,
or national security.
(3) Exploit.--The term ``exploit'' means a software tool
designed to take advantage of a security vulnerability.
(4) Industrial control system.--The term ``industrial
control system'' means an operational technology used to
measure, control, or manage industrial functions, and includes
supervisory control and data acquisition systems, distributed
control systems, and programmable logic or embedded
controllers.
(5) National laboratory.--The term ``National Laboratory''
has the meaning given the term in section 2 of the Energy
Policy Act of 2005 (42 U.S.C. 15801).
(6) Program.--The term ``Program'' means the pilot program
established under subsection (b).
(7) Secretary.--The term ``Secretary'' means the Secretary
of Energy.
(8) Security vulnerability.--The term ``security
vulnerability'' means any attribute of hardware, software,
process, or procedure that could enable or facilitate the
defeat of a security control.
(b) Pilot Program for Securing Energy Infrastructure.--Not later
than 180 days after the date of the enactment of this Act, the
Secretary shall establish a 2-year control systems implementation pilot
program within the National Laboratories for the purposes of--
(1) partnering with covered entities in the energy sector
(including critical component manufacturers in the supply
chain) that voluntarily participate in the Program to identify
new classes of security vulnerabilities of the covered
entities; and
(2) evaluating technology and standards, in partnership
with covered entities, to isolate and defend industrial control
systems of covered entities from security vulnerabilities and
exploits in the most critical systems of the covered entities,
including--
(A) analog and nondigital control systems;
(B) purpose-built control systems; and
(C) physical controls.
(c) Working Group to Evaluate Program Standards and Develop
Strategy.--
(1) Establishment.--The Secretary shall establish a working
group--
(A) to evaluate the technology and standards used
in the Program under subsection (b)(2); and
(B) to develop a national cyber-informed
engineering strategy to isolate and defend covered
entities from security vulnerabilities and exploits in
the most critical systems of the covered entities.
(2) Membership.--The working group established under
paragraph (1) shall be composed of not fewer than 10 members,
to be appointed by the Secretary, at least 1 member of which
shall represent each of the following:
(A) The Department of Energy.
(B) The energy industry, including electric
utilities and manufacturers recommended by the Energy
Sector coordinating councils.
(C)(i) The Department of Homeland Security; or
(ii) the Industrial Control Systems Cyber Emergency
Response Team.
(D) The North American Electric Reliability
Corporation.
(E) The Nuclear Regulatory Commission.
(F)(i) The Office of the Director of National
Intelligence; or
(ii) the intelligence community.
(G)(i) The Department of Defense; or
(ii) the Assistant Secretary of Defense for
Homeland Security and America's Security Affairs.
(H) A State or regional energy agency.
(I) A national research body or academic
institution.
(J) The National Laboratories.
(d) Reports on the Program.--
(1) Interim report.--Not later than 180 days after the date
on which funds are first disbursed under the Program, the
Secretary shall submit to the appropriate congressional
committees an interim report that--
(A) describes the results of the Program;
(B) includes an analysis of the feasibility of each
method studied under the Program; and
(C) describes the results of the evaluations
conducted by the working group established under
subsection (c)(1).
(2) Final report.--Not later than 2 years after the date on
which funds are first disbursed under the Program, the
Secretary shall submit to the appropriate congressional
committees a final report that--
(A) describes the results of the Program;
(B) includes an analysis of the feasibility of each
method studied under the Program; and
(C) describes the results of the evaluations
conducted by the working group established under
subsection (c)(1).
(e) Exemption From Disclosure.--Information shared by or with the
Federal Government or a State, Tribal, or local government under this
section--
(1) shall be deemed to be voluntarily shared information;
(2) shall be exempt from disclosure under section 552 of
title 5, United States Code, or any provision of any State,
Tribal, or local freedom of information law, open government
law, open meetings law, open records law, sunshine law, or
similar law requiring the disclosure of information or records;
and
(3) shall be withheld from the public, without discretion,
under section 552(b)(3) of title 5, United States Code, and any
provision of any State, Tribal, or local law requiring the
disclosure of information or records.
(f) Protection From Liability.--
(1) In general.--A cause of action against a covered entity
for engaging in the voluntary activities authorized under
subsection (b)--
(A) shall not lie or be maintained in any court;
and
(B) shall be promptly dismissed by the applicable
court.
(2) Voluntary activities.--Nothing in this section subjects
any covered entity to liability for not engaging in the
voluntary activities authorized under subsection (b).
(g) No New Regulatory Authority for Federal Agencies.--Nothing in
this section authorizes the Secretary or the head of any other
department or agency of the Federal Government to issue new
regulations.
(h) Authorization of Appropriations.--
(1) Pilot program.--There is authorized to be appropriated
$10,000,000 to carry out subsection (b).
(2) Working group and report.--There is authorized to be
appropriated $1,500,000 to carry out subsections (c) and (d).
(3) Availability.--Amounts made available under paragraphs
(1) and (2) shall remain available until expended.
SEC. 733. SENSE OF CONGRESS ON WIKILEAKS.
It is the sense of Congress that WikiLeaks and the senior
leadership of WikiLeaks resemble a nonstate hostile intelligence
service often abetted by state actors and should be treated as such a
service by the United States.
SEC. 734. BUG BOUNTY PROGRAMS.
(a) Definitions.--In this section:
(1) Appropriate committees of congress.--The term
``appropriate committees of Congress'' means--
(A) the congressional intelligence committees;
(B) the Committee on Homeland Security and
Governmental Affairs and the Committee on Armed
Services of the Senate; and
(C) the Committee on Homeland Security and the
Committee on Armed Services of the House of
Representatives.
(2) Bug bounty program.--The term ``bug bounty program''
means a program under which an approved computer security
specialist or security researcher is temporarily authorized to
identify and report vulnerabilities within the information
system of an agency or department of the United States in
exchange for compensation.
(3) Information system.--The term ``information system''
has the meaning given such term in section 3502 of title 44,
United States Code.
(b) Bug Bounty Program Plan.--
(1) Requirement.--Not later than 180 days after the date of
the enactment of this Act, the Secretary of Homeland Security,
in consultation with the Secretary of Defense, shall submit to
the appropriate committees of Congress a strategic plan for
appropriate agencies and departments of the United States to
implement bug bounty programs.
(2) Contents.--The plan required by paragraph (1) shall
include--
(A) an assessment of--
(i) the ``Hack the Pentagon'' pilot program
carried out by the Department of Defense in
2016 and subsequent bug bounty programs in
identifying and reporting vulnerabilities
within the information systems of the
Department of Defense; and
(ii) private sector bug bounty programs,
including such programs implemented by leading
technology companies in the United States; and
(B) recommendations on the feasibility of
initiating bug bounty programs at appropriate agencies
and departments of the United States.
SEC. 735. SENSE OF CONGRESS ON CONSIDERATION OF ESPIONAGE ACTIVITIES
WHEN CONSIDERING WHETHER OR NOT TO PROVIDE VISAS TO
FOREIGN INDIVIDUALS TO BE ACCREDITED TO A UNITED NATIONS
MISSION IN THE UNITED STATES.
It is the sense of the Congress that the Secretary of State, in
considering whether or not to provide a visa to a foreign individual to
be accredited to a United Nations mission in the United States, should
consider--
(1) known and suspected intelligence activities, espionage
activities, including activities constituting precursors to
espionage, carried out by the individual against the United
States, foreign allies of the United States, or foreign
partners of the United States; and
(2) the status of an individual as a known or suspected
intelligence officer for a foreign adversary.
SEC. 736. PUBLIC INTEREST DECLASSIFICATION BOARD.
Section 710(b) of the Public Interest Declassification Act of 2000
(Public Law 106-567; 50 U.S.C. 3161 note) is amended by striking
``December 31, 2018'' and inserting ``December 31, 2022''.
SEC. 737. MODIFICATION OF AUTHORITIES RELATING TO THE NATIONAL
INTELLIGENCE UNIVERSITY.
(a) Civilian Faculty Members; Employment and Compensation.--
(1) In general.--Section 1595(c) of title 10, United States
Code, is amended by adding at the end the following:
``(5) The National Intelligence University.''.
(2) Compensation plan.--The Secretary of Defense shall
provide each person employed as a professor, instructor, or
lecturer at the National Intelligence University on the date of
the enactment of this Act an opportunity to elect to be paid
under the compensation plan in effect on the day before the
date of the enactment of this Act (with no reduction in pay) or
under the authority of section 1595 of title 10, United States
Code, as amended by paragraph (1).
(b) Acceptance of Faculty Research Grants.--Section 2161 of such
title is amended by adding at the end the following:
``(d) Acceptance of Faculty Research Grants.--The Secretary of
Defense may authorize the President of the National Intelligence
University to accept qualifying research grants in the same manner and
to the same degree as the President of the National Defense University
under section 2165(e) of this title.''.
(c) Admission of Private Sector Civilians.--
(1) In general.--Chapter 108 of such title is amended by
inserting after section 2167a the following:
``Sec. 2167b. National Intelligence University: admission of private
sector civilians to receive instruction
``(a) Authority for Admission.--(1) The Secretary of Defense may
permit eligible private sector employees who work in organizations
relevant to national security to receive instruction at the National
Intelligence University in accordance with this section.
``(2) No more than the equivalent of 35 full-time student positions
may be filled at any one time by private sector employees enrolled
under this section.
``(3) Upon successful completion of the course of instruction in
which enrolled, any such private sector employee may be awarded an
appropriate diploma or degree under section 2161 of this title.
``(b) Eligible Private Sector Employees.--(1) For purposes of this
section, an eligible private sector employee is an individual employed
by a private firm that is engaged in providing to the Department of
Defense, the intelligence community, or other Government departments or
agencies significant and substantial intelligence or defense-related
systems, products, or services or whose work product is relevant to
national security policy or strategy.
``(2) A private sector employee admitted for instruction at the
National Intelligence University remains eligible for such instruction
only so long as that person remains employed by the same firm, holds
appropriate security clearances, and complies with any other applicable
security protocols.
``(c) Annual Certification by Secretary of Defense.--Private sector
employees may receive instruction at the National Intelligence
University during any academic year only if, before the start of that
academic year, the Secretary of Defense determines, and certifies to
the Committee on Armed Services of the Senate and the Committee on
Armed Services of the House of Representatives, that providing
instruction to private sector employees under this section during that
year will further the national security interests of the United States.
``(d) Program Requirements.--The Secretary of Defense shall ensure
that--
``(1) the curriculum in which private sector employees may
be enrolled under this section is not readily available through
other schools and concentrates on national security relevant
issues; and
``(2) the course offerings at the National Intelligence
University are determined by the needs of the Department of
Defense and the intelligence community.
``(e) Tuition.--The President of the National Intelligence
University shall charge students enrolled under this section a rate
that--
``(1) is at least the rate charged for employees of the
United States outside the Department of Defense, less
infrastructure costs; and
``(2) considers the value to the school and course of the
private sector student.
``(f) Standards of Conduct.--While receiving instruction at the
National Intelligence University, students enrolled under this section,
to the extent practicable, are subject to the same regulations
governing academic performance, attendance, norms of behavior, and
enrollment as apply to Government civilian employees receiving
instruction at the university.
``(g) Use of Funds.--(1) Amounts received by the National
Intelligence University for instruction of students enrolled under this
section shall be retained by the university to defray the costs of such
instruction.
``(2) The source, and the disposition, of such funds shall be
specifically identified in records of the university.''.
(2) Clerical amendment.--The table of sections at the
beginning of chapter 108 of such title is amended by inserting
after the item relating to section 2167a the following:
``2167b. National Intelligence University: admission of private sector
civilians to receive instruction.''.
Calendar No. 494
115th CONGRESS
2d Session
S. 3153
_______________________________________________________________________
A BILL
To authorize appropriations for fiscal years 2018 and 2019 for
intelligence and intelligence-related activities of the United States
Government, the Community Management Account, and the Central
Intelligence Agency Retirement and Disability System, and for other
purposes.
_______________________________________________________________________
June 28, 2018
Read twice and placed on the calendar
