[Congressional Bills 113th Congress] [From the U.S. Government Publishing Office] [S. 658 Introduced in Senate (IS)] 113th CONGRESS 1st Session S. 658 To amend titles 10 and 32, United States Code, to enhance capabilities to prepare for and respond to cyber emergencies, and for other purposes. _______________________________________________________________________ IN THE SENATE OF THE UNITED STATES March 22, 2013 Mrs. Gillibrand (for herself, Mr. Vitter, Mr. Coons, Mr. Blunt, Ms. Landrieu, Mr. Leahy, Mr. Warner, and Mrs. Murray) introduced the following bill; which was read twice and referred to the Committee on Armed Services _______________________________________________________________________ A BILL To amend titles 10 and 32, United States Code, to enhance capabilities to prepare for and respond to cyber emergencies, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Cyber Warrior Act of 2013''. SEC. 2. FINDINGS. Congress makes the following findings: (1) The report of the Department of Defense Science Board Task Force on Resilient Military Systems and the Advanced Cyber Threat finds that ``[i]t is not clear that high-end cyber practitioners can be found in sufficient numbers within typical recruitments pools''. (2) The report recommends that ``[t]he Department must scale up its efforts to recruit, provided facilities and training, and use effectively these critical people''. (3) The National Guard has the authority to operate on active duty under title 10, United States Code, and in National Guard status under title 32, United States Code. (4) The National Guard can leverage the expertise of private sector information technology (IT) specialists and help retain the capability of retiring military personnel trained in cybersecurity matters. (5) The National Guard in its status under title 32, United States Code, supports the Department of Homeland Security and the Governors of the States in responding to natural disasters. SEC. 3. ENHANCEMENT OF PREPARATION FOR AND RESPONSE TO CYBER EMERGENCIES. (a) Establishment of Cyber and Computer Network Incident Response Teams.-- (1) In general.--The Secretary of Defense shall establish in each of the several States and the District of Columbia a separate team of members of the National Guard under section 12310(d) of title 10, United States Code (as amended by subsection (b)), and section 510 of title 32, United States Code (as added by subsection (c)), to perform duties relating to analysis and protection in support of programs to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network. (2) Designation.--Each team established under paragraph (1) shall be known as a ``Cyber and Computer Network Incident Response Team''. (b) Use of Active National Guard Personnel.--Section 12310 of title 10, United States Code, is amended-- (1) by redesignating subsection (d) as subsection (e); and (2) by inserting after subsection (c) the following new subsection (d): ``(d) Operations Relating to Protection of Public and Private Cyber Infrastructure.--(1) Notwithstanding subsection (b), a member of the National Guard on active duty as described in subsection (a), or a member of the National Guard serving on full-time National Guard duty under section 502(f) of title 32 in connection with functions referred to in subsection (a), may perform duties relating to analysis and protection in support of programs to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network. ``(2) The duties of members under this subsection may include duties to assist the combatant commands in developing and expanding their capacity relating to analysis and protection in support of programs to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network. ``(3) The duties performed by members under this subsection may be performed for or in support of cyber and computer network incident response teams established pursuant to section 3(a) of the Cyber Warrior Act of 2013. ``(4) Notwithstanding section 502(f) of title 32, the costs of the pay, allowances, clothing, subsistence, gratuities, travel, and related expenses for a member of the National Guard performing duties under this subsection shall be paid from the appropriation that is available to pay such costs for members of the regular component of the armed force of that member. ``(5) Members of the National Guard on active duty who are performing duty described in this subsection shall be counted against the annual end strength authorizations required by section 115(a)(1) of this title. The justification materials for the defense budget request for a fiscal year shall identify the number and component of members of the National Guard programmed to be performing duties described in this subsection during that fiscal year. ``(6) Members may not perform duties under this subsection unless the Secretary of Defense has certified to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives that the members possess the requisite skills, training, and equipment to be proficient in all mission requirements.''. (c) Use of National Guard Personnel Performing Training or Drill.-- (1) In general.--Chapter 5 of title 32, United States Code, is amended by adding at the end the following new section: ``Sec. 510. Preparation for and response to cyber emergencies ``Under regulations prescribed by the Secretary of the Army or the Secretary of the Air Force, as the case may be, members of the National Guard performing training or drill required by this chapter may perform duties relating to analysis and protection in support of programs to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network, including in connection with cyber and computer network incident response teams established pursuant to section 3(a) of the Cyber Warrior Act of 2013.''. (2) Clerical amendment.--The table of sections at the beginning of chapter 5 of such title is amended by adding at the end the following new item: ``510. Preparation for and response to cyber emergencies.''. (d) Homeland Defense Activities.-- (1) In general.--Chapter 9 of title 32, United States Code, is amended by inserting after section 902 the following new section: ``Sec. 902a. Homeland defense activities: activities relating to preparation for and response to cyber emergencies ``(a) In General.--The homeland defense activities for which funds may be provided under this chapter shall include the following: ``(1) The provision by units or members of the National Guard of education and training for State and local law enforcement and governmental personnel on analysis and protection to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network. ``(2) Upon the order of the Governor of the State, the performance by units or members of the National Guard of activities being undertaken by the State government and local governments in the State on analysis and protection to prepare for and respond to emergencies described in paragraph (1). ``(b) Members Authorized To Perform Activities.--The members of the National Guard who may perform activities authorized by this section are members on full-time National Guard duty under section 502(f) of this title. ``(c) Performance in Connection With Cyber and Computer Network Incident Response Teams.--The activities performed by members under this section may be performed for or in support of cyber and computer network incident response teams established pursuant to section 3(a) of the Cyber Warrior Act of 2013. ``(d) Inapplicability of Certain Requirements and Limitations.--The performance of activities under this section by members of the National Guard shall not be subject to the requirements and limitations in subsections (b), (c), and (d) of section 904 of this title. ``(e) Definitions.--In this section: ``(1) The term `Governor', in the case of the District of Columbia, means the commanding general of the District of Columbia National Guard. ``(2) The term `State' means the several States, the District of Columbia, the Commonwealth of Puerto Rico, and the Territories of the United States.''. (2) Clerical amendment.--The table of sections at the beginning of chapter 9 of such title is amended by inserting after the item relating to section 902 the following new item: ``902a. Homeland defense activities: activities relating to preparation for and response to cyber emergencies.''. (e) Training on Cyber Duties.-- (1) In general.--The Secretary of the Army and the Secretary of the Air Force shall ensure that the training provided to members of the Army National Guard and the Air National Guard, respectively, on analysis and protection to prepare for and respond to emergencies involving an attack or natural disaster impacting a computer, electronic, or cyber network shall, to the extent practicable, be equivalent to the training provided members of the regular component of the Army and the Air Force on such matters. (2) Reports.--Not later than one year after the date of the enactment of this Act, and annually thereafter for four years, the Secretary of Defense shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report on the training provided to members of the Army National Guard and the Air National Guard pursuant to paragraph (1) on the matters described in that paragraph. Each report shall include a description of the training currently provided to members of the Army National Guard and the Air National Guard on such matters, and such recommendations as the Secretary considers appropriate for improvements to such training in order to better align such training for members of the Army National Guard and the Air National Guard, on the one hand, and members of the regular component of the Army and the Air Force, on the other. (f) Additional Report.--Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives a report setting forth the following: (1) A description and assessment of various mechanisms to recruit and retain members of the regular components and reserve components of the Armed Forces with expertise in computer network defense and operations, including modifications of the curricula for the Reserve Officers' Training Corps programs, enhanced opportunities for individuals to select their preferred Armed Force of accession, payment of recruitment and retention bonuses, the provision of educational scholarships and stipends, and enhanced funding of training and certification programs. (2) An assessment of the circumstances (including short- term deployment, virtual deployment, or both) under which members of the reserve components with computer network defense duties can be managed without the geographic relocation of such members. (3) A description of the training requirements and physical demands, if any, for military occupational specialties relating to computer network defense. <all>