[Congressional Bills 115th Congress] [From the U.S. Government Publishing Office] [H.R. 1981 Introduced in House (IH)] <DOC> 115th CONGRESS 1st Session H. R. 1981 To codify an office within the Department of Homeland Security with the mission of strengthening the capacity of the agency to attract and retain highly trained computer and information security professionals, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES April 6, 2017 Ms. Jackson Lee introduced the following bill; which was referred to the Committee on Education and the Workforce, and in addition to the Committees on Science, Space, and Technology, and Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned _______________________________________________________________________ A BILL To codify an office within the Department of Homeland Security with the mission of strengthening the capacity of the agency to attract and retain highly trained computer and information security professionals, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) Short Title.--This Act may be cited as the ``Cyber Security Education and Federal Workforce Enhancement Act''. (b) Table of Contents.--The table of contents for this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Findings. TITLE I--DEPARTMENT OF HOMELAND SECURITY K-12 EXCELLENCE IN SCIENCE AND TECHNOLOGY Sec. 101. Office of Cybersecurity Education and Awareness. Sec. 102. Science and technology initiative grants. Sec. 103. Project-based learning program. Sec. 104. Matching funds for State and privately financed science and technology after-school programs. Sec. 105. Science and Technology Board of Advisors. Sec. 106. Laboratories for science and technology excellence. TITLE II--POST-SECONDARY COMPUTER AND INFORMATION SECURITY EDUCATION Sec. 201. Computing and Information Research Working Group. Sec. 202. Process for adoption research and a best practices voluntary guidelines for laboratory facilities. Sec. 203. Computing and information security mentoring programs for college students. Sec. 204. Grants for computer equipment. Sec. 205. Centers of Academic Computing and Information Assurance. TITLE III--FEDERAL WORKFORCE COMPUTER AND INFORMATION SECURITY PROFESSIONAL DEVELOPMENT Sec. 301. Lifelong learning in computer and information security study. Sec. 302. Computer and information security job opportunities program. Sec. 303. Department of Homeland Security Cybersecurity training programs and equipment. Sec. 304. E-Security Fellows Program. TITLE IV--RESEARCH Sec. 401. National Science Foundation study on science and technology student retention. Sec. 402. Challenge Grants. Sec. 403. E-Security Fellows Program. SEC. 2. FINDINGS. Congress makes the following findings: (1) The Department of Homeland Security's Cybersecurity Education & Awareness (CE&A) Branch was established under National Security Presidential Directive-54/Homeland Security Presidential Directive-23, which launched the 2008 Comprehensive National Cybersecurity Initiative. There is no appropriations language that references CE&A; it is funded through the Infrastructure Protection and Information Security appropriation under the National Protection and Programs Directorate. (2) The Department of Homeland Security's CE&A works with universities to attract top talent through competitive scholarship, fellowship, and internship programs. (3) The agency certifies more than 125 institutions nationwide as National Centers for Academic Excellence to teach students valuable technical skills in various disciplines of Information Assurance. (4) The CE&A prepares and makes available computer and information security lesson plans. At the K-12 level, the Department has partnered with USA Today to provide lesson plans about the importance of prevention of computer and digital information crimes at home and in the classroom. (5) The agency initiated the IT Security Essential Body of Knowledge (EBK). The National Cybersecurity Division developed the EBK to establish a national baseline of the essential knowledge and skills that IT security practitioners in the public and private sector should have to perform specific roles and responsibilities. (6) The challenge for computer and information security coordination and development is no single agreed upon voluntary taxonomy nor definitions to rely upon when categorizing or classifying computer or information security jobs. (7) The fields of computer and information security study is within the field of information assurance. (8) The information assurance, cybersecurity and computer security workforce encompasses a variety of context, roles, and occupations and is too broad and diverse to be treated as a single occupation or profession. (9) Science, technology, engineering, and mathematics occupations, which include computer and information security experts and professionals, are expected to grow by 17 percent by the year 2018 compared to 9.8 percent for other jobs. (10) The Federal Government is experiencing a shortage of qualified professionals with expertise in computer and information security. (11) Insufficiently trained, educated, or supervised Federal computer workers can reduce the Nation's ability to secure computer networks from cyber attacks or incidents. (12) The computing and information security workforce encompasses a variety of context, roles, and occupations and is too broad an diverse to be treated as a single occupation or profession. (13) Computing and information security is not solely a technical endeavor, and thus encompasses a wide range of backgrounds and skills that will be needed in an effective national computing and information security workforce. (14) The route toward professionalization of a field of study can be slow and difficult, and not all portions of a field can or should be professionalized at the same time. (15) It is essential, just as it is for other disciplines like medicine and the law, that academics, employers, and government share a common language to identify, train, educate, and employ computer and information security professionals. (16) The secure management of digital sensitive information collected maintained or transmitted by Federal Government agencies, including taxpayer data, Social Security records, medical records, intellectual property, proprietary business information, and sensitive Government data vital to national security and national defense requires an educated and well- trained, as well as supervised, Federal workforce. (17) It is in the Nation's interest to promote opportunities for science and technology education and employment as a means of addressing the need to fill computer and information security jobs within the Federal Government. (18) The Department of Homeland Security's role is to lead, champion, and sustain the development of a national information assurance, cybersecurity and computer security workforce, as well as to educate the citizenry. (19) Developing, implementing, and articulating programs that protect against and respond to computer and information security threats and hazards to the Homeland's security. (20) The Department of Homeland Security must create an agile, diverse workforce and digital citizenry that are capable of sustaining a safe, secure, resilient computer and information security space, driven by a dynamic Department organization at the forefront of cross-sector computer and information security workforce development. TITLE I--DEPARTMENT OF HOMELAND SECURITY K-12 EXCELLENCE IN SCIENCE AND TECHNOLOGY SEC. 101. OFFICE OF CYBERSECURITY EDUCATION AND AWARENESS. (a) In General.--Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.) is amended by adding at the end the following new section: ``SEC. 230A. OFFICE OF CYBERSECURITY EDUCATION AND AWARENESS. ``(a) Establishment.--There shall be within the Department an Office of Cybersecurity Education and Awareness Branch (hereinafter in this section referred to as the `Office'). ``(b) Responsibilities.--The Office shall be responsible for carrying out the duties of the Office as directed by the Secretary. The Office shall also report to the Secretary the ongoing work of the Office. Further, the Office shall report on the statutory authority, Executive orders or agency directives that guide the work of the Office. The Office shall report to the Secretary what additional authority is needed to fulfill the mission for the Office as outlined by the section. The Office shall also conduct research and make recommendations to the Secretary to the extent that the agency can effectively engage in the following: ``(1) Recruiting, retaining, and sustaining the skills and knowledge of information assurance, cybersecurity and computer security professionals in the Department of Homeland Security, hereinafter known as the `Department'. ``(2) Supporting kindergarten through grade 12 science and technology and computer and information safety education through grants, and training programs. ``(3) Supporting postsecondary information assurance, cybersecurity and computer security programs that provide education that benefits the mission and objective of the Department regarding recruitment and retention of highly trained computing professionals who are work ready. ``(4) Promoting public knowledge of computer and information security competitions to provide computer and information security competition administrators, participants, and sponsors with information necessary to further broader public participation in these activities. ``(5) Developing a guest lecturer program or part-time lecturer program comprised of information assurance, cybersecurity and computer security experts in the Federal Government, academia and private sector to support education of students at institutions of higher education who are pursuing degrees in computing science. ``(6) Managing a Computer and Information Security Youth Training Pathway Program for secondary school and postsecondary school students to work in part-time or summer positions along with Federal agency computer and information security professionals. ``(7) Developing programs that increase the capacity of institutions defined in section 371 of the Higher Education Act of 1965-- ``(A) Historically Black Colleges and Universities; ``(B) professional and academic areas in which African-Americans are under represented; ``(C) Hispanic-serving institutions; ``(D) Native American colleges; and ``(E) rural colleges and universities. ``(8) Conduct research and make recommendations to the Secretary on what the agency can do to increase participation of professional and academic under represented areas at minority institutions. ``(9) Providing support to the institutions of higher education described in subparagraphs (A) through (E) of paragraph (7) to provide course work and education in computer and information security designed to raise the number and diversity of students in the field. The Office may use the institutions defined under section 371 of the Higher Education Act of 1965 (20 U.S.C. 1067q) minority-serving institutions are defined as follows: ``(A) A part B institution (as defined in section 322 (20 U.S.C. 1061)). ``(B) A Hispanic-serving institution (as defined in section 502 (20 U.S.C. 1101a)). ``(C) A Tribal College or University (as defined in section 316 (20 U.S.C. 1059)). ``(D) An Alaska Native-serving institution or a Native Hawaiian-serving institution (as defined in section 317(b) (20 U.S.C. 1059d(b))). ``(E) A Predominantly Black Institution (as defined in subsection (c)). ``(F) An Asian American and Native American Pacific Islander-serving institution (as defined in subsection (c)). ``(G) A Native American-serving nontribal institution (as defined in subsection (c)). ``(c) Definitions.--In this section: ``(1) The term `information assurance, cybersecurity and computer security program' has the meaning given by the Secretary in consultation with the computing and information Security Post Secondary Education Working Group under the bill. ``(2) The term `K-12' may be defined by the Secretary in consultation with the K-12 Science and Technology Education Board of Advisors under section 105 of the Cyber Security Education and Federal Workforce Enhancement Act. ``(3) The Secretary may define higher education institutions under this title using definitions found in section 371 of the Higher Education Act of 1965. ``(4) The term `professional and academic under represented areas' means areas in which African-Americans, Hispanics, and women are under represented has the meaning given such term by the Secretary, who may consult with the Commissioner for Education Statistics and the Commissioner of the Bureau of Labor Statistics. The basis of the determining the means should be based on most recent available satisfactory data, as computing and information security professional and academic areas in which the percentage of African-Americans, Hispanics, and females who have been educated, trained, and employed is less than the percentage of African-Americans, Hispanics, and women in the general population.''. (b) Clerical Amendment.--The table of contents in section 1(b) of such Act is amended by inserting after the item relating to section 225 the following new item: ``Sec. 230A. Office of Cybersecurity Education and Awareness.''. SEC. 102. SCIENCE AND TECHNOLOGY INITIATIVE GRANTS. (a) In General.--The Secretary of Homeland Security shall consider existing authority to make grants to secondary schools under this section, which shall be known as ``Science and Technology Educators Initiative Grants''. (b) Selection of Schools.--If the Secretary determines that they have the authority they may select secondary schools to receive grants under this section, the Secretary may consider the following factors: (1) Whether more than 40 percent of the students at the secondary school are eligible for free or reduced price school meal programs under the Richard B. Russell National School Lunch Act and the Child Nutrition Act of 1966. (2) The location of the secondary school is in a rural area. (3) The participation of representation of professions and academic area among students which will also include home schooled, individuals residing in rural areas, and individuals attending underperforming secondary schools. (4) The location of the school in an area where the unemployment rate was not more than one percent higher than the national average unemployment rate during the 24-month period preceding the determination of eligibility under this subsection. (5) The location of the secondary school in an area where the per capita income is of 80 percent or less of the national per capita income. SEC. 103. PROJECT-BASED LEARNING PROGRAM. (a) Establishment.--The Secretary shall direct the Office to conduct research to investigate and make recommendations regarding the feasibility and existing authority to establish a national project- based science and technology learning program, to be known as the ``K- 12 Science and Technology Learning Program'' and make a report to both House and Senate Oversight Committees. Under such research program, the Secretary shall determine existing authority to-- (1) create State and regional workshops to train teachers in science and technology project-based learning; (2) establish between institutions of higher education, businesses, and local public and private educational agencies that serve students comprised of 40 percent or more of professional and academic under represented areas to provide materials and teaching aids to teachers who successfully complete the science and technology project-based learning program under this section; (3) identify no cost or low cost summer and after school science and technology education programs and broadly disseminate that information to the public; and (4) make grants to local educational agencies to support the participation of teachers of elementary school and secondary school in science and technology training programs by providing travel and enrollment expenses, with a priority given to teachers who work in schools serving neglected, delinquent, migrant students, English learners, at-risk students, and Native Americans, as determined by the Secretary. (b) Authority.--The Secretary shall have the authority under this statute to conduct a limited pilot project to test recommendations on possible programs that would be low-cost but have the greatest impact on instilling the importance of technology and science education. (c) Report to Congress.--The Secretary shall submit to Congress an annual report on the program established under this section. (d) Project-Based Science and Technology Learning Defined.--In this section, the term ``project-based science and technology learning'' means a systematic teaching method that engages students in learning essential science, technology, engineering and mathematics through knowledge and life-enhancing skills through an extended, student- influenced inquiry process structured around complex, authentic questions and carefully designed products and tasks developed specifically for education. SEC. 104. MATCHING FUNDS FOR STATE AND PRIVATELY FINANCED SCIENCE AND TECHNOLOGY AFTER-SCHOOL PROGRAMS. (a) In General.--The Secretary of Homeland Security shall provide matching funds to local educational agencies for after-school programs dedicated to science, technology, engineering, and math in an amount equal to the amount provided to the program by a State, local, tribal, or territorial government or by a nonprofit or private entity. (b) Criteria.--In selecting programs for which to provide funds under this section, the Secretary shall consider-- (1) the number of students served by the programs; and (2) the participation in the programs of students from populations referred to in section 230A of the Homeland Security Act of 2002, as added by section 101. (c) Limitation on Amount of Funding.--For any fiscal year, no individual school's after-school program shall receive more than $5,000 under this section. SEC. 105. SCIENCE AND TECHNOLOGY BOARD OF ADVISORS. (a) Establishment.--There is established in the Department of Homeland Security the ``Research K-12 Science and Technology Education Board of Advisors'' (hereinafter in this section referred to as the ``Board''). (b) Membership.-- (1) Composition.--The Board shall be composed of 15 members appointed by the Secretary of Homeland Security, all of whom shall have K-12 education expertise in programs. The Secretary shall appoint members based on the following qualifications: (A) Members of the Board shall have experience in K-12 science, technology, engineering, and mathematics education programs. (B) Members of the Board shall have experience in training K-12 educators on providing science and technology instruction. (C) Members of the Board shall have experience in the promotion of science and technology education among under represented populations, as defined by section 230A of the Homeland Security Act of 2002, as added by section 101. (2) Deadline for appointment.--All members of the Board shall be appointed not later than 60 days after the date of the enactment of this Act. (3) Vacancies.--Any vacancy in the membership of the Board shall not affect its powers and shall be filled in the same manner in which the original appointment was made. (4) Compensation.-- (A) In general.--Members of the Board shall not receive any compensation for their service. (B) Travel expenses.--While away from their homes or regular places of business in the performance of services for the Board, members of the Board shall be allowed travel expenses, including per diem in lieu of subsistence, in the same manner as persons employed intermittently in the Government service are allowed expenses under section 5703(b) of title 5, United States Code. (C) Prohibition of consultant or contracting work.--No member of the Board while serving in this capacity or for 1 year following departure from the Board may work as a consultant or contract worker for the Department of Homeland Security in a position related to the work of the Board or member agency that participates as a member of the Board. (c) Responsibilities.--The responsibilities of the Board are to research and make recommendations to the Secretary on-- (1) the status of K-12 science and technology education domestically and internationally; (2) how to increase the quality and diversity of science and technology curriculum; (3) promoting K-12 science and technology competitions; (4) establishing a virtual network to support teacher and student science and technology education and development; (5) ascertaining, evaluating, and reporting on best practices for project-based science and technology learning (as such term is defined in section 103(c)); and (6) identifying K-12 science and technology education efforts that are successful in engaging youth, with proven competence in engaging females, minorities, individuals residing in rural areas, individuals residing in majority minority districts, home schooled students. (d) Chair.--The Chair of the Board shall be designated by the Secretary from among the members of the Board. (e) Meetings.-- (1) Initial meeting.--The Board shall meet and begin the operations of the Board by not later than 90 days after the date of the enactment of this Act. (2) Subsequent meetings.--After its initial meeting, the Board shall set the time and place of its next meeting. The Board can upon the call of the chairman or a majority of its members meet. (3) Quorum.--A majority of the Board shall constitute a quorum. (4) Voting.--Proxy voting shall be allowed on behalf of a member of the Board. (5) Rules of procedure.--The Board may establish rules for the conduct of the Board's business, if such rules are not inconsistent with this section or other applicable law. (f) Powers.-- (1) Hearings and evidence.--The Board or, on the authority of the Board, any subcommittee or member thereof, may, for the purpose of carrying out this title hold such hearings and sit and act at such times and places, take such testimony, receive such evidence, administer such oaths. (2) Federal agency staff.--The Secretary shall make decisions regarding Federal agency staff to be detailed to support the work of the Board. (3) Contract authority.--The Board may enter into contracts with the approval of the Secretary to such extent and in such amounts as necessary for the Board to discharge its duties under this section. (4) Information from federal agencies.-- (A) In general.--After providing notice to the Secretary who may provide staff from the Department to meet the staffing needs of the Board. After 10 working days following notice to the Secretary the Board is authorized to secure directly from any executive department, bureau, agency, board, office, independent establishment, or instrumentality of the Government, information, suggestions, estimates, and statistics for the purposes of this title. Each department, bureau, agency, board, office, independent establishment, or instrumentality shall, to the extent authorized by law, furnish such information, suggestions, estimates, and statistics directly to the Board, upon request made by the chairman, the chairman of any subcommittee created by a majority of the Board, or any member designated by a majority of the Board. (B) Receipt, handling, storage, and dissemination.--Information shall only be received, handled, stored, and disseminated by members of the Board and its staff consistent with all applicable statutes, regulations, and Executive orders. (5) Assistance from federal agencies.-- (A) General services administration.--The Administrator of General Services shall provide to the Board on a reimbursable basis administrative support and other services for the performance of the Board's functions. (B) Other departments and agencies.--In addition to the assistance prescribed in subparagraph (A), departments and agencies of the United States may provide to the Board such services, funds, facilities, staff, and other support services as they may determine advisable and as may be authorized by law. (C) Postal services.--The Board may use the United States mails in the same manner and under the same conditions as departments and agencies of the United States. (g) Staff.-- (1) In general.-- (A) Appointment and compensation.--The Chair, in accordance with rules agreed upon by the Board, may appoint and fix the compensation of a staff director and such other personnel as may be necessary to enable the Board to carry out its functions, without regard to the provisions of title 5, United States Code, governing appointments in the competitive service, and without regard to the provisions of chapter 51 and subchapter III of chapter 53 of such title relating to classification and General Schedule pay rates, except that no rate of pay fixed under this subsection may exceed the equivalent of that payable for a position at level V of the Executive Schedule under section 5316 of title 5, United States Code. (B) Personnel as federal employees.-- (i) In general.--The executive director and any personnel of the Board who are employees shall be employees under section 2105 of title 5, United States Code, for purposes of chapters 63, 81, 83, 84, 85, 87, 89, and 90 of that title. (ii) Members of the board.--Clause (i) shall not be construed to apply to members of the Board. (2) Detailees.--Any Federal Government employee may be detailed to the Board without reimbursement from the Board, and such detailee shall retain the rights, status, and privileges of his or her regular employment without interruption. (3) Administrative support from the department.--At the request of the Board, the Secretary of Homeland Security shall provide the Board with Administrative support necessary for the Board to carry out its duties under this title. (h) Reports.-- (1) Quarterly reports.--The Board shall submit to the Secretary of Homeland Security quarterly reports on the activities of the Board. (2) Final report.--Not later than two years after the date of the enactment of this Act, the Board shall submit to the Secretary a final report containing such findings conclusions, and recommendations as have been agreed to by a majority of Board members. (i) Applicability of FACA.-- (1) In general.--Nothing in the Federal Advisory Committee Act (5 U.S.C. App.) shall apply to the Board. (2) Public meetings and release of public versions of reports.--The Board shall-- (A) hold public hearings and meetings to the extent appropriate; and (B) release public versions of the reports required under subsection (h). (3) Public hearings.--Any public hearings of the Board shall be conducted in a manner consistent with the protection of information provided to or developed for or by the Board as required by any applicable statute, regulation, or Executive order. (j) Termination.--The Board, and all the authorities of this title, shall terminate two years after the date of the Board's first meeting, which shall take place 90 days following its appointment. (1) In general.--The Board and all the authorities under this section shall terminate 60 days after the date on which the final report is submitted under subsection (h)(2). (2) Administrative activities before termination.--The Board may use the 60-day period referred to in paragraph (1) for the purpose of concluding its activities, including providing testimony to committees of Congress concerning its reports and disseminating the final report. (k) Funding.--There is authorized to be appropriated such sums as may be necessary to carry out this section. Amounts made available pursuant to this subsection shall remain available until the termination of the Board. SEC. 106. LABORATORIES FOR SCIENCE AND TECHNOLOGY EXCELLENCE. The Secretary of Homeland Security shall determine if existing authority allows the agency to make grants to local education agencies for the purpose of supplying laboratory facilities at secondary schools to promote the teaching of science, technology, engineering, and mathematics. If the Secretary determines that the authority does not exist shall make a report to congressional oversight committees detailing the limitation in agency authority to conduct activity under this section and make recommendations on the benefits if any should the agency have the authority to engage in the activity outlined in this section. TITLE II--POST-SECONDARY COMPUTER AND INFORMATION SECURITY EDUCATION SEC. 201. COMPUTING AND INFORMATION RESEARCH WORKING GROUP. (a) Establishment.--There is hereby established in the Department of Homeland Security the Computing and Information Security Post- Secondary Education Working Group, hereafter in this section referred to as the ``Working Group''. (b) Responsibilities.--The Working Group shall conduct research and-- (1) assist the Secretary in developing voluntary guidelines that could serve as guidance to Federal civil agency training programs, computer and information security certification authorities, and accreditation bodies seeking guidance on developing, enhancing, or sustaining competitive information security; and (2) make recommendations to the Secretary regarding-- (A) the state of the computing and information security workforce development; (B) evaluations and reports on the advantages, disadvantages, and approaches to professionalizing the Nation's computing and information security workforce; (C) criteria that can be used to identify which, if any, specialty areas may require professionalization; (D) criteria for evaluating different approaches and tools for professionalization; (E) techniques that enhance the efficiency and effectiveness of computing and information security workers; (F) better tools and approaches for risk identification and assessment; (G) improved system design and development; (H) creation of better incentives for deployment of better computing and information security technologies; (I) improvements in end user behaviors through training and better coordination among network managers; (J) core curriculum requirements for computing and information security training; (K) efficacy and efficiencies of taxonomy and definitions for computer and information security; (L) guidelines for accreditations and certification of computing and information security college and university programs; (M) identifying the role of mentors in the retention of students enrolled in computing and technology programs at institutions of higher education who complete degree programs; (N) remote access to computing and information security education and training through the Internet; and (O) institution of higher education funding and research needs. (c) Deadline for Submittal of Research Funding and Recommendations.-- (1) Initial research.--The Working Group shall submit to the Secretary an initial research plan that will guide the work of the Working Group. (2) Other research recommendations.--The Working Group shall provide the Secretary a list of other areas that require research to accomplish the purpose of the agency's goal of providing cyber security protection for the agency. The Working Group shall provide a description of the proposed research and the purpose of the research as it relates to the goals of cybersecurity of the agency. (3) Initial recommendations.--The Working Group shall submit to the Secretary initial recommendations under this section by not later than nine months after the date on which all of the members of the Working Group are appointed. (4) Other recommendations.--Not later than six months after all members of the Working Group are appointed, the Working Group shall submit to the Secretary research and recommendations on the effectiveness of Federal civil agency computer and information security training programs, including an evaluation of certification authorities and their role in providing work ready staff to fill positions with the agency. (5) Subsequent research and recommendations.--Not later than one year after the date of the submittal of the initial research and recommendations under paragraph (1), and annually thereafter, the Working Group shall submit to the Secretary subsequent research and recommendations under this section and an update on the progress made toward a well trained and sustainable Department computer and information workforce. (d) Membership.-- (1) Chair.--The Chair of the Working Group shall be the Director of the National Institute of Standards and Technology or the Director's designee. (2) Other members.--The Working Group shall be composed of 21 members, who are appointed by the Secretary of Homeland Security in consultation with the Director of NIST and the head of the entity represented by the member. (3) Appointment.--All appointments are for a term of 2 years with one reappointment for an additional 2 years. (4) Quorum.--A majority of the members of the Working Group shall constitute a quorum. (e) No Compensation for Service.--While away from their homes or regular places of business in the performance of services for the Commission, members of the Commission shall be allowed travel expenses, including per diem in lieu of subsistence, in the same manner as persons employed intermittently in the Government service are allowed expenses under section 5703(b) of title 5, United States Code. (f) Technical Support From the Department of Homeland Security.--At the request of the Working Group, the Secretary of Homeland Security shall provide the Working Group with technical support necessary for the Working Group to carry out its duties under this section. (g) Intellectual Property Rights.--No private-sector individual or entity shall obtain any intellectual property rights to any guidelines or recommendations nor the contents of any guideline (or any modification to any guideline) adopted by the Secretary under this section. (h) Report.--Not later than one year after the date of the enactment of this Act, the Working Group shall submit to the Secretary a report containing researching findings, an outline for other areas requiring research and why as well as recommendations of the Working Group. (i) Submittal of Recommendations to Congress.--Not later than 18 months after the date of the enactment of this Act, the Secretary shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the research findings, an outline of other areas requiring research and why and recommendations for furthering the cybersecurity of the agency. (j) Treatment of Recommendations.--The Secretary has the benefit of the Working Group's work which the Secretary may accept, reject, or modify. The Secretary shall not be bound by the recommendations of the Working Group. (k) Publication of Recommendations in Federal Register.--The Secretary shall approve the publication of grant application guidelines in the Federal Register by not later than 90 days after receiving the report submitted under subsection (h). (l) Applicability of FACA.--Nothing in the Federal Advisory Committee Act (5 U.S.C. App.; relating to the termination of advisory committees) shall apply to the Working Group. SEC. 202. PROCESS FOR ADOPTION RESEARCH AND A BEST PRACTICES VOLUNTARY GUIDELINES FOR LABORATORY FACILITIES. (a) Establishment of the Post-Secondary Laboratory Development Task Force.--The Secretary of Homeland Security shall establish a ``Post- Secondary Laboratory Research Development Task Force'' (hereinafter in this section referred to as the ``Development Task Force''). (b) Responsibilities.--The Development Task Force shall conduct research for and make recommendations to the Secretary regarding best practices voluntary guidelines for college and university laboratory facilities for education and research purposes related to information assurance, cybersecurity and computing security. Such research on what baseline equipment, capacity, skilled instruction, and certification may be needed for a set of best practices voluntary guidelines for colleague or university laboratories and make recommendations on the best methods of assuring that the greatest number of institutions have access to facilities that meet the baseline best practices regarding-- (1) qualifications for laboratories for the purpose of providing education or instruction in computing security, computer networks, enterprises, informatics, and other systems designated by the Secretary; (2) types of software; (3) types of hardware; (4) types of firmware; (5) security applications, including firewalls, whole hat hackers, red teams, and blue teams; (6) security protocols needed to protect the physical and computer resources of the laboratory; (7) accreditation and certification of college and university computer and information security laboratories; (8) best practices for-- (A) public-private collaborations to support secondary and post-secondary laboratory facilities for computer or information security; (B) visiting guest lecture programs for business and Government information technology security experts; and (C) developing real world laboratory exercise and proficiency measures; and (9) how best to recruit and retain instructors with requisite degrees to teach computer and information security courses to undergraduate and graduate students. (c) Membership.-- (1) Members.--The Development Task Force shall be composed of 19 members, including the Chair. The Secretary of Homeland Security, in consultation with the head of the entity represented by the member agencies, shall appoint members. The Secretary shall appoint a chair from among the members of the Development Task Force. Such members shall consist of one representative of each of the following agencies: (A) The White House Office of Science and Technology Policy. (B) The Office of the Director of National Intelligence. (C) The Department of Energy. (D) The Defense Advanced Research Projects Agency. (E) The Department of Commerce. (F) The National Institutes of Health. (G) The National Institute of Science and Technology. (H) The National Science Foundation. (I) The Director of the Office of Personnel Management. (2) Other members.--The Secretary shall consider for the other members of the Development Task Force representatives from organizations that advocate and promote professional development of professional and academic under represented areas and organizations with the mission of promoting professional development and academic excellence in information assurance, cybersecurity and computing security: (A) Organizations with the mission of advancing computing as a science and profession. (B) Organizations that promote information system security education. (C) Professional associations that are well established and broadly recognized for the advancement of technology. (D) Professional associations that represent professionals and academics referred to in section 230A of the Homeland Security Act of 2002, as added by section 101. (E) K-12 science and technology programs that conduct successful after school and summer programs for under represented populations, rural communities and serve communities where unemployment is at least two percent higher than the national average. (F) Organizations that promote education of Native Americans or other indigenous peoples of the United States or its territories. (G) Regional diversity of public and private school districts that excel at science and technology education. (3) Quorum.--A majority of the members of the Development Task Force shall constitute a quorum. (4) Voting.--Proxy voting shall be allowed on behalf of a member of the Development Task Force. (5) Rules of procedure.--The Development Task Force may establish rules for the conduct of the Development Task Force's business, if such rules are not inconsistent with this section or other applicable law. (d) Powers.-- (1) Hearings and evidence.--The Development Task Force or, on the authority of the Development Task Force, or any subcommittee or member thereof, may, for the purpose of carrying out this section hold such hearings and sit and act at such times and places, take such testimony, receive such evidence, and administer such oaths. (2) Contract authority.--After giving notice to the Secretary who may substitute agency staff with the requisite skills to fill a position needed by the Board at no additional cost to the Board. After 10 working days following notice to the Secretary the Development Task Force may enter into contracts to such extent and in such amounts as necessary for the Development Task Force to discharge its duties under this section. (3) Information from federal agencies.-- (A) In general.--The Development Task Force is authorized to secure directly from any executive department, bureau, agency, board, office, independent establishment, or instrumentality of the Government information, suggestions, estimates, and statistics for the purposes of this section. Each department, bureau, agency, board, office, independent establishment, or instrumentality shall, to the extent authorized by law, furnish such information, suggestions, estimates, and statistics directly to the Board, upon request made by the chairman, the chairman of any subcommittee created by a majority of the Board, or any member designated by a majority of the Board. (B) Receipt, handling, storage, and dissemination.--Information shall only be received, handled, stored, and disseminated by members of the Board and its staff consistent with all applicable statutes, regulations, and Executive orders. (4) Assistance from federal agencies.-- (A) General services administration.--The Administrator of General Services shall provide to the Development Task Force on a reimbursable basis administrative support and other services for the performance of the Board's functions. (B) Other departments and agencies.--In addition to the assistance prescribed in subparagraph (A), departments and agencies of the United States may provide to the Board such services, funds, facilities, staff, and other support services as they may determine advisable and as may be authorized by law. (C) Postal services.--The Development Task Force may use the United States mails in the same manner and under the same conditions as departments and agencies of the United States. (e) Staff.-- (1) In general.--While away from their homes or regular places of business in the performance of services for the Commission, members of the Commission shall be allowed travel expenses, including per diem in lieu of subsistence, in the same manner as persons employed intermittently in the Government service are allowed expenses under section 5703(b) of title 5, United States Code. (2) Personnel as federal employees.-- (A) In general.--The executive director and any personnel of the Development Task Force who are employees shall be employees under section 2105 of title 5, United States Code, for purposes of chapters 63, 81, 83, 84, 85, 87, 89, and 90 of that title. (B) Members of the development task force.-- Subparagraph (A) shall not be construed to apply to members of the Development Task Force. (3) Detailees.--Any Federal Government employee may be detailed to the Board without reimbursement from the Development Task Force, and such detailee shall retain the rights, status, and privileges of his or her regular employment without interruption. (f) No Compensation for Service.--Members of the Development Task Force shall not receive any compensation for their service, but shall be paid travel expenses, including per diem in lieu of subsistence, at rates authorized for employees of agencies under subchapter I of chapter 57 of title 5, United States Code, while away from their homes or regular places of business in the performance of services for the Development Task Force. (g) Prohibition of Consultant or Contracting Work.--No member of the Development Task Force while serving in this capacity or for 1 year following departure from the Development Task Force may work as a consultant or contract worker for the Department of Homeland Security in a position related to the work of the Development Task Force or member agency that participates as a member of the Development Task Force. (h) Report.--The Development Task Force shall submit a report to the Secretary of Homeland Security; a report on research findings, best practices voluntary guidelines and recommendations to the Secretary. The report shall be in unclassified form but may include a classified annex. (i) Secretary of Homeland Security Report.--The Secretary shall submit to Congress a report on the work of the Development Task Force's research into best practices voluntary guidelines, areas that require additional study and a set of recommendations. The Secretary shall indicate to the Congress which Development Task Force recommendations have been implemented, which will be implemented, or which will be rejected and why. (j) Technical Support From the Department.--At the request of Development Task Force the Secretary of Homeland Security shall provide the Development Task Force with technical support necessary for the Development Task Force to carry out its duties under this section. (k) Intellectual Property.--No private-sector individual or entity serving on the Development Task Force shall obtain any intellectual property rights to any guidelines or recommendations that derive from the work of the Development Task Force or any guidelines (or any modification to any guidelines) based on the work of the Development Task Force. (l) Prohibition of Consultant or Contracting Work.--No member of the Development Task Force while serving in this capacity or for 1 year following departure from the Development Task Force may work as a consultant or contract worker in a position related to the direct work of the Development Task Force to the Department of Homeland Security or member agency that participates as a member of the Development Task Force. SEC. 203. COMPUTING AND INFORMATION SECURITY MENTORING PROGRAMS FOR COLLEGE STUDENTS. (a) Office of Cybersecurity and Information Security Professional's Mentoring Program.-- (1) In general.--Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.) is further amended by adding at the end the following new section: ``SEC. 230B. OFFICE OF COMPUTING AND INFORMATION SECURITY PROFESSIONAL'S MENTORING PROGRAM. ``(a) Establishment.--There is in the Department an Office of Computing and Information Security Professional's Mentoring Program. The head of the office is the Mentoring Coordinator, who shall be appointed by the Secretary. ``(b) Responsibilities.--The Mentoring Coordinator shall be responsible for working with outreach to institution of higher education, critical infrastructure owners, and the heads of Federal departments and agencies to develop and promote the participation of professionals as volunteer mentors to-- ``(1) undergraduate students at institutions of higher education who are enrolled in the third or fourth year of a program of education leading to a degree in computing or information security; ``(2) students enrolled in a program of education leading to a doctoral degree in computing or information security; and ``(3) new employees of Federal departments and agencies whose primary responsibilities relate to computing or information security.''. (2) Clerical amendment.--The table of contents in section 1(b) of such Act is further amended by inserting after the item relating to section 230A the following new item: ``Sec. 230B. Office of Computing and Information Security Professional's Mentoring Program.''. (b) Grant Program.-- (1) In general.--The Secretary of Homeland Security shall determine existing authority to make grants to covered institutions of higher learning for the establishment of mentoring programs for undergraduates enrolled in programs or courses of education in information assurance, cybersecurity or computing security programs. (2) Covered institutions of higher learning.--For purposes of this subsection, the term ``covered institution of higher learning'' means those institutions as defined in section 371 of the Higher Education Act of 1965 and listed in section 101 of this bill. SEC. 204. GRANTS FOR COMPUTER EQUIPMENT. (a) Grants.--The Secretary of Homeland Security may make grants to post-secondary institutions that offer courses or degrees in computing or information security to be used to establish or equip a computer laboratory to be made available to students and faculty for both teaching and research purposes. (b) Technical Support.--The Secretary shall ensure that each recipient of a grant under this section also receives technical support on the use and proper function of equipment and software. (c) Publication in Federal Register.--The Secretary shall publish the name of each institution of higher education that receives a grant under this section and the amount of such grant. (d) Qualification.--In making grants under this section, the Secretary-- (1) shall take into consideration whether more than 50 percent of the students at an institution are taking online or distance learning computer science and information security courses; and (2) may establish guidance to institutions for entering into laboratory facilities sharing agreements to allow institutions to qualify for grants under this section. SEC. 205. CENTERS OF ACADEMIC COMPUTING AND INFORMATION ASSURANCE. (a) Program Established.--The Secretary of Homeland Security shall establish a program for Centers of Academic Computer and Information Assurance Distinction. (b) Designation of Centers.-- (1) In general.--The Secretary may designate five colleges or universities as Centers of Distinction for Academic Computing and Information Security Assurance each year with no limit to the total number of such Centers that may be established. The Secretary may make public the Centers for Distinction in Academic Computing and Information Security Assurance. (2) Revocation of designations.--The Secretary may revoke the designation of a Center of Distinction for Academic Computing and Information Security Assurance. (3) Criteria.--The Secretary shall make available information regarding the criteria for designating an institution as a Center of Distinction for Academic Computing and Information Security Assurance under this section. (4) Distance learning.--In designating Centers under this section, the Secretary shall consider the number of students who are enrolled in distance learning computer or information security courses and whether collaborations for in laboratory instruction through shared arrangements with established information assurance, cybersecurity computing security programs at secondary education programs that laboratory facilities that meet best practices as outlined by the Secretary would be sufficient to meet the requirements established under this section. (c) Outreach.--The Secretary shall identify and report on the success of efforts to reach under represented populations in the field of computing and information security through work with institutions as defined under section 371 of the Higher Education Act of 1965 listed in section 101 of this bill. (d) Report.--Not later than 220 days after the date of the enactment of this Act, the Secretary shall submit to Congress recommendations regarding distance learning computer and information security programs for meeting the cybersecurity professional requirements of the agency. (e) Consideration of Programs.--The Secretary may consider the following when making grants to postsecondary education institutions and private sector entities who are contracted, provided grants or funds to conduct research on information assurance, cybersecurity and computing security to advance the agency's cybersecurity capacity: (1) Institutions designated as a Center of Distinction for Academic Computing and Information Security Assurance. (2) Institutions who have established academic mentoring and program development partnerships related to information assurance, cybersecurity, and computing security academic programs with institutions defined under section 371 of the Higher Education Act of 1965 listed in section 101 of this bill. TITLE III--FEDERAL WORKFORCE COMPUTER AND INFORMATION SECURITY PROFESSIONAL DEVELOPMENT SEC. 301. LIFELONG LEARNING IN COMPUTER AND INFORMATION SECURITY STUDY. (a) Establishment.--The Secretary of Homeland Security shall establish a program to be known as the ``Lifelong Computer and Information Security Study''. Such program shall be designed to promote computer and information security professionals among Federal civilian agencies, critical infrastructure, and the general public by supporting post-employment education and training. (b) Discretion of Secretary.--The Secretary shall have the discretion to determine the best methods for accomplishing the objective of this section. (c) Reports.--The Secretary shall periodically submit to Congress a report on the implementation of this section. SEC. 302. COMPUTER AND INFORMATION SECURITY JOB OPPORTUNITIES PROGRAM. (a) In General.--The Secretary of Homeland Security, acting through the Deputy Assistant Secretary for Cybersecurity Education and Awareness, shall establish, in conjunction with the National Science Foundation, a program to award grants to institutions of higher education (and consortia thereof) for-- (1) the establishment or expansion of computer and information security professional development programs; (2) the establishment or expansion (or both) of associate degree programs in computer and information security; and (3) the purchase of equipment to provide training in computer and information security for either professional development programs or degree programs. (b) Goals and Criteria.--The Secretary, acting through the Deputy Assistant Secretary and in consultation with the Working Group established under section 201, shall establish the goals for the program under this section and the criteria for awarding grants. (c) Awards.-- (1) Peer review.--All awards under this section shall be provided on a competitive, merit-reviewed basis. The peer review process shall be published in the Federal Register. Those serving in a peer review role shall do so for 2 years with an option for 1 additional term. Applicants in the event of a denial of an award shall be provided with a detailed explanation for the denial. (2) Focus.--In making awards under this section, the Deputy Assistant Secretary shall, to the extent practicable, ensure geographic diversity and the participation of women and under represented minorities. (3) Preference.--In making awards under this section, the Deputy Assistant Secretary shall-- (A) give preference to applications submitted by consortia of institutions, to encourage as many students and professionals as possible to benefit from the program established under this section; (B) give preference to any application submitted by a consortium of institutions that includes at least one institution that is eligible to receive funds under title III or V of the Higher Education Act of 1965; and (C) consider the enrollment of students in online and distance learning courses. (d) Institution of Higher Education Defined.--In this section the term ``institution of higher education'' has the meaning given that term in section 101(a) of the Higher Education Act of 1965 (20 U.S.C. 1001(a)). SEC. 303. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY TRAINING PROGRAMS AND EQUIPMENT. (a) In General.--The Secretary of Homeland Security, acting through the Assistant Secretary of Cybersecurity, shall establish, in conjunction with the National Science Foundation, a program to award grants to institutions of higher education (and consortia thereof) for-- (1) the establishment or expansion of cybersecurity professional development programs; (2) the establishment or expansion (or both) of associate degree programs in cybersecurity; and (3) the purchase of equipment to provide training in cybersecurity for either professional development programs or degree programs. (b) Roles.-- (1) Department of homeland security.--The Secretary, acting through the Assistant Secretary and in consultation with the Director of the National Science Foundation, shall establish the goals for the program established under this section and the criteria for awarding grants. (2) National science foundation.--The Director of the National Science Foundation shall operate the program established under this section consistent with the goals and criteria established under paragraph (1), including soliciting applicants, reviewing applications, and making and administering awards. The Director may consult with the Assistant Secretary in selecting awardees. (3) Funding.--The Secretary shall transfer to the National Science Foundation the funds necessary to carry out this section. (c) Awards.-- (1) Peer review.--All awards under this section shall be provided on a competitive, merit-reviewed basis. (2) Focus.--In making awards under this section, the Director shall, to the extent practicable, ensure geographic diversity and the participation of women and under represented minorities. (3) Preference.--In making awards under this section, the Director-- (A) shall give preference to applications submitted by consortia of institutions, to encourage as many students and professionals as possible to benefit from the program established under this section; and (B) shall give preference to any application submitted by a consortium of institutions that includes at least one institution that is eligible to receive funds under title III or V of the Higher Education Act of 1965. (d) Institution of Higher Education Defined.--In this section the term ``institution of higher education'' has the meaning given that term in section 101(a) of the Higher Education Act of 1965 (20 U.S.C. 1001(a)). (e) Authorization of Appropriations.--There is authorized to be appropriated to the Secretary for carrying out this section $3,700,000 for each of fiscal years 2016 and 2017. SEC. 304. E-SECURITY FELLOWS PROGRAM. (a) Establishment of Program.--Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is further amended by adding at the end the following: ``SEC. 230C. E-SECURITY FELLOWS PROGRAM. ``(a) Establishment.-- ``(1) In general.--The Secretary shall establish a fellowship program in accordance with this section for the purpose of bringing State, local, tribal, and private sector officials to participate in the work of the National Cybersecurity Division in order to become familiar with the Department's stated cybersecurity missions and capabilities, including but not limited to-- ``(A) enhancing Federal, State, local, and tribal government cybersecurity; ``(B) developing partnerships with other Federal agencies, State, local, and tribal governments, and the private sector; ``(C) improving and enhancing public/private information sharing involving cyber attacks, threats, and vulnerabilities; ``(D) providing and coordinating incident response and recovery planning efforts; and ``(E) fostering training and certification. ``(2) Program name.--The program under this section shall be known as the E-Security Fellows Program. ``(b) Eligibility.--In order to be eligible for selection as a fellow under the program, an individual must-- ``(1) have cybersecurity-related responsibilities; and ``(2) be eligible to possess an appropriate national security clearance. ``(c) Limitations.--The Secretary-- ``(1) may conduct up to 2 iterations of the program each year, each of which shall be 180 days in duration; and ``(2) shall ensure that the number of fellows selected for each iteration does not impede the activities of the Division. ``(d) Condition.--As a condition of selecting an individual as a fellow under the program, the Secretary shall require that the individual's employer agree to continue to pay the individual's salary and benefits during the period of the fellowship. ``(e) Stipend.--During the period of the fellowship of an individual under the program, the Secretary shall, subject to the availability of appropriations, provide to the individual a stipend to cover the individual's reasonable living expenses during the period of the fellowship.''. (b) Clerical Amendment.--The table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to such subtitle the following: ``Sec. 230C. E-Security Fellows Program.''. TITLE IV--RESEARCH SEC. 401. NATIONAL SCIENCE FOUNDATION STUDY ON SCIENCE AND TECHNOLOGY STUDENT RETENTION. (a) Study.--The National Science Foundation shall conduct a study on the causes of the high dropout rates of women and minority students enrolled in programs of education leading to degrees in science, technology, engineering, and mathematics and the effects of such dropout rates on the cost of education for such students and the shortage of workers qualified for jobs in science and technology. (b) Report.--Not later than 180 days after the date of the enactment of this Act, the National Science Foundation shall submit to Congress a report on the study conducted under subsection (a) together with any recommendations of the National Science Foundation. SEC. 402. CHALLENGE GRANTS. (a) In General.--The Secretary of Homeland Security shall make grants to the Center of Distinction for Academic Computing and Information Security Assurance, which shall be known as ``Challenge Grants''. The recipient of a grant under this section shall use the grant to form a partnership with section 230A of the Homeland Security Act of 2002, as added by section 101 to assist in improving the computing programs of such colleges and universities and meeting the requirements to become a Center of Distinction for Academic Computing and Information Security. The Secretary shall ensure that the institutions that receive assistance under this subsection are the institutions as defined under section 371 of the Higher Education Act of 1965 (20 U.S.C. 1067q). (b) Report.--The Secretary shall submit to Congress a report on the outcomes of the partnerships funded by grants under this section and shall include in such report the recommendations of the Secretary regarding improving the access of the population served by the institutions of higher education described in subsection (a). SEC. 403. E-SECURITY FELLOWS PROGRAM. (a) Establishment of Program.--Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is further amended by adding at the end the following: ``SEC. 230D. E-SECURITY FELLOWS PROGRAM. ``(a) Establishment.-- ``(1) In general.--The Secretary shall establish a fellowship program in accordance with this section for the purpose of bringing State, local, tribal, and private sector officials to participate in the work of the National Cybersecurity Division in order to become familiar with the Department's stated cybersecurity missions and capabilities, including but not limited to-- ``(A) developing partnerships with other Federal agencies, State, local, and tribal governments, and the private sector; and ``(B) fostering training and certification. ``(2) Program name.--The program under this section shall be known as the `E-Security Fellows Program'. ``(b) Eligibility.--In order to be eligible for selection as a fellow under the program, an individual must-- ``(1) have computer and information security-related responsibilities; and ``(2) be eligible to possess an appropriate national security clearance. ``(c) Limitations.--The Secretary-- ``(1) may conduct up to 2 iterations of the program each year, each of which shall be 180 days in duration; and ``(2) shall ensure that the number of fellows selected for each iteration does not impede the activities of the Division. ``(d) Condition.--As a condition of selecting an individual as a fellow under the program, the Secretary shall require that the individual's employer agree to continue to pay the individual's salary and benefits during the period of the fellowship. ``(e) Stipend.--During the period of the fellowship of an individual under the program, the Secretary shall, subject to the availability of appropriations, provide to the individual a stipend to cover the individual's reasonable living expenses during the period of the fellowship.''. (b) Clerical Amendment.--The table of contents in section 1(b) of such Act is further amended by adding at the end of the items relating to such subtitle the following: ``Sec. 230D. E-Security Fellows Program.''. <all>