[House Report 114-629]
[From the U.S. Government Publishing Office]
114th Congress } { Report
HOUSE OF REPRESENTATIVES
2d Session } { 114-629
======================================================================
SUPPORT FOR RAPID INNOVATION ACT OF 2016
_______
June 21, 2016.--Committed to the Committee of the Whole House on the
State of the Union and ordered to be printed
_______
Mr. McCaul, from the Committee on Homeland Security, submitted the
following
R E P O R T
[To accompany H.R. 5388]
The Committee on Homeland Security, to whom was referred
the bill (H.R. 5388) to amend the Homeland Security Act of 2002
to provide for innovative research and development, and for
other purposes, having considered the same, reports favorably
thereon without amendment and recommends that the bill do pass.
CONTENTS
Page
Purpose and Summary.............................................. 1
Background and Need for Legislation.............................. 2
Hearings......................................................... 2
Committee Consideration.......................................... 3
Committee Votes.................................................. 3
Committee Oversight Findings..................................... 3
New Budget Authority, Entitlement Authority, and Tax Expenditures 3
Congressional Budget Office Estimate............................. 3
Statement of General Performance Goals and Objectives............ 4
Duplicative Federal Programs..................................... 4
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits....................................................... 4
Federal Mandates Statement....................................... 4
Preemption Clarification......................................... 4
Disclosure of Directed Rule Makings.............................. 4
Advisory Committee Statement..................................... 4
Applicability to Legislative Branch.............................. 5
Section-by-Section Analysis of the Legislation................... 5
Changes in Existing Law Made by the Bill, as Reported............ 6
Purpose and Summary
H.R. 5388, the Support for Rapid Innovation Act of 2016,
requires the Under Secretary for Science and Technology (S&T)
to support cybersecurity research, development, testing,
evaluation and transition and to coordinate those activities
with other Federal agencies, industry, and academia. In service
to the components of the Department of Homeland Security (DHS),
the Under Secretary is required to: 1) advance the development
and deployment of secure information systems; 2) improve and
create technologies to detect attacks or intrusions; 3) improve
and create mitigation and recovery methodologies; 4) support
the review of source code that underpins critical
infrastructure information systems in coordination with the
private sector; 5) develop and support tools to support
cybersecurity research and development efforts; 6) assist the
development of technologies to reduce vulnerabilities in
industrial control systems; and 7) develop and support
forensics and attack attribution capabilities.
In addition, the bill requires the Under Secretary to
support the full life cycle of cyber research and development
projects, identify mature technologies that address existing or
imminent cybersecurity gaps, and introduce new cybersecurity
technologies throughout the homeland security enterprise
through partnerships and commercialization. The Under Secretary
is directed to target Federally funded cybersecurity research
that demonstrates a high probability of successful transition
to the commercial market within two years.
This bill also extends the timeframe for the Secretary to
exercise Other Transaction Authority (OTA) until the year 2020.
In the event that the head of a component seeks to have funds
expended under OTA, the Secretary must provide prior approval
after evaluating the component's proposal which must include
the rationale, funds to be spent, and expected outcomes of the
project. The Secretary is required to submit an annual report
to Congress detailing those projects for which OTA was
authorized.
Background and Need for Legislation
The S&T Directorate was established by Congress in Title
III of the Homeland Security Act of 2002 (Pub. L. 107-296), and
is DHS's primary research and development arm. This Directorate
manages basic and applied research and development of science
and technology, including cybersecurity research and
development, for the Department's operational components and
first responders that protect the homeland. OTA allows the
Department to engage with nontraditional entities outside the
regular government contracting mechanisms. Ensuring there are
mechanisms in place like S&T's cybersecurity research and
development programs and OTA to support the dynamic nature of
cybersecurity R&D is essential for addressing homeland security
capability gaps.
Hearings
No hearings were held on H.R. 5388, however the Committee
held the following overight hearings.
On February 12, 2015, the Subcommittee on Cybersecurity,
Infrastructure Protection, and Security Technologies held a
hearing entitled ``Emerging Threats and Technologies to Protect
the Homeland.'' The Subcommittee received testimony from Mr.
Andy Ozment, Assistant Secretary, Office of Cybersecurity and
Communications, National Protection and Programs Directorate,
U.S. Department of Homeland Security; Dr. Huban Gowadia,
Director, Domestic Nuclear Detection Office, U.S. Department of
Homeland Security; Mr. Joseph Martin, Acting Director, Homeland
Security Enterprise and First Responders Group, Science and
Technology Directorate, U.S. Department of Homeland Security;
Mr. William Noonan, Deputy Special Agent in Charge, Criminal
Investigative Division, Cyber Operations Branch, United States
Secret Service, U.S. Department of Homeland Security; and Mr.
William Painter, Analyst, Government and Finance Division,
Congressional Research Service, Library of Congress.
On May 19, 2015, the Subcommittee on Cybersecurity,
Infrastructure Protection, and Security Technologies held a
hearing entitled ``Examining DHS Science and Technology
Directorate's Engagement with Academia and Industry.'' The
Subcommittee received testimony from Mr. Jake Parker, Director
Government Relations, Security Industry Association; Mr. Marc
Pearl, President and Chief Executive Officer, Homeland Security
and Defense Business Council; and Dr. Samuel H. Aronson,
President, American Physical Society.
Committee Consideration
The Committee met on June 8, 2016, to consider H.R. 5388,
and ordered the measure to be reported to the House with a
favorable recommendation, without amendment, by voice vote.
Committee Votes
Clause 3(b) of Rule XIII of the Rules of the House of
Representatives requires the Committee to list the recorded
votes on the motion to report legislation and amendments
thereto.
No recorded votes were requested during consideration of
H.R. 5388.
Committee Oversight Findings
Pursuant to clause 3(c)(1) of Rule XIII of the Rules of the
House of Representatives, the Committee has held oversight
hearings and made findings that are reflected in this report.
New Budget Authority, Entitlement Authority, and Tax Expenditures
In compliance with clause 3(c)(2) of Rule XIII of the Rules
of the House of Representatives, the Committee finds that H.R.
5388, the Support for Rapid Innovation Act of 2016, would
result in no new or increased budget authority, entitlement
authority, or tax expenditures or revenues.
Congressional Budget Office Estimate
Pursuant to clause 3(c)(3) of Rule XIII of the Rules of the
House of Representatives, a cost estimate provided by the
Congressional Budget Office pursuant to section 402 of the
Congressional Budget Act of 1974 was not made available to the
Committee in time for the filing of this report. The Chairman
of the Committee shall cause such estimate to be printed in the
Congressional Record upon its receipt by the Committee.
Statement of General Performance Goals and Objectives
Pursuant to clause 3(c)(4) of Rule XIII of the Rules of the
House of Representatives, H.R. 5388 contains the following
general performance goals and objectives, including outcome
related goals and objectives authorized.
This legislation provides for the Secretary of Homeland
Security to report to Congress on the projects for which OTA is
used, the rationale for use, the funds spent, the extent of
cost-sharing, the extent to which the use of the authority
addresses a homeland security capability gap, the outcome of
the project and any audits of each project.
Duplicative Federal Programs
Pursuant to clause 3(c) of Rule XIII, the Committee finds
that H.R. 5388 does not contain any provision that establishes
or reauthorizes a program known to be duplicative of another
Federal program.
Congressional Earmarks, Limited Tax Benefits, and Limited Tariff
Benefits
In compliance with Rule XXI of the Rules of the House of
Representatives, this bill, as reported, contains no
congressional earmarks, limited tax benefits, or limited tariff
benefits as defined in clause 9(e), 9(f), or 9(g) of the Rule
XXI.
Federal Mandates Statement
Pursuant to clause 3(c)(3) of Rule XIII of the Rules of the
House of Representatives, a cost estimate provided by the
Congressional Budget Office pursuant to section 402 of the
Congressional Budget Act of 1974 was not made available to the
Committee in time for the filing of this report. The Chairman
of the Committee shall cause such estimate to be printed in the
Congressional Record upon its receipt by the Committee.
Preemption Clarification
In compliance with section 423 of the Congressional Budget
Act of 1974, requiring the report of any Committee on a bill or
joint resolution to include a statement on the extent to which
the bill or joint resolution is intended to preempt State,
local, or Tribal law, the Committee finds that H.R. 5388 does
not preempt any State, local, or Tribal law.
Disclosure of Directed Rule Makings
The Committee estimates that H.R. 5388 would require no
directed rule makings.
Advisory Committee Statement
No advisory committees within the meaning of section 5(b)
of the Federal Advisory Committee Act were created by this
legislation.
Applicability to Legislative Branch
The Committee finds that the legislation does not relate to
the terms and conditions of employment or access to public
services or accommodations within the meaning of section
102(b)(3) of the Congressional Accountability Act.
Section-by-Section Analysis of the Legislation
Section 1. Short Title.
This section provides that this bill may be cited as the
``Support for Rapid Innovation Act of 2016''.
Sec. 2. Cybersecurity Research and Development Projects.
This section amends the Homeland Security Act of 2002 to
insert a new section entitled ``Sec. 319. Cybersecurity
Research and Development.''
This section requires the Under Secretary for Science and
Technology to support research, development, testing,
evaluation, and transition of cybersecurity technologies that
will: 1) advance the development and deployment of secure
information systems; 2) improve and create technologies to
detect attacks or intrusions; 3) improve and create mitigation
and recovery methodologies; 4) support the review of source
code that underpins critical infrastructure information systems
in coordination with the private sector; 5) develop and support
tools to support cybersecurity research and development
efforts; 6) assist the development of technologies to reduce
vulnerabilities in industrial control systems; and 7) develop
and support forensics and attack attribution capabilities. This
section also requires the Under Secretary to coordinate these
cybersecurity activities with other relevant Federal agencies,
and industry and academia. The Committee intends for this
coordination to include inter-agency Federal programs like the
Networking and Information Technology Research and Development
program as well as technology-based small businesses and
startup ventures.
Additionally, this section codifies in law the Transition
to Practice program that currently is being administered by the
Under Secretary to support the life cycle of projects,
including research, development, testing, evaluation, pilots,
and transitions. This section requires the Under Secretary to
target federally funded research that demonstrates a high
probability of successful transition to the commercial market
within two years that is expected to have a notable impact on
public or private information systems and networks.
The Committee intends for the research and development to
support the development of technologies targeted at detecting
and analyzing known and unknown intrusions and anomalous
behavior, as well as managing data loss and manipulation with
attention to insider threats. These efforts shall seek to
enhance capabilities to identify emerging methods of carrying
out cyber attacks and to mitigate the effects of cyber attacks
and intrusions.
The Committee is supportive of the Transition to Practice
program, which takes advantage of research already conducted
and funds already spent to support robust cyber tools
nationwide. Where appropriate, the Committee encourages the
Under Secretary to utilize the Department of Energy and
Federally Funded Research and Development Centers and academic
institutions funded by the National Science Foundation (NSF).
The Committee intends for the Under Secretary to introduce new
technologies and capabilities throughout the homeland security
enterprise.
This section also amends section 831 of the HSA, extending
Other Transaction Authority (OTA) until 2020 and requiring the
Secretary to approve OTA prior to its use. This section updates
existing reporting requirements and requires training of
acquisition staff in the use of OTA.
The Committee encourages the Under Secretary to support the
transition of innovative or emerging cyber technologies that
currently are not procured by the Federal government but may
offer novel or groundbreaking methods to address cyber
capability gaps. The Committee intends for the Secretary to
engage the Under Secretary for Science and Technology in the
evaluation of OTA requests not involving the Science and
Technology Directorate.
No additional funds are authorized to be appropriated to
carry out this Act or the amendments made by this Act.
Changes in Existing Law Made by the Bill, as Reported
In compliance with clause 3(e) of rule XIII of the Rules of
the House of Representatives, changes in existing law made by
the bill, as reported, are shown as follows (existing law
proposed to be omitted is enclosed in black brackets, new
matter is printed in italics, and existing law in which no
change is proposed is shown in roman):
HOMELAND SECURITY ACT OF 2002
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Homeland
Security Act of 2002''.
(b) Table of Contents.--The table of contents for this Act is
as follows:
* * * * * * *
TITLE III--SCIENCE AND TECHNOLOGY IN SUPPORT OF HOMELAND SECURITY
* * * * * * *
Sec. 319. Cybersecurity research and development.
* * * * * * *
TITLE III--SCIENCE AND TECHNOLOGY IN SUPPORT OF HOMELAND SECURITY
* * * * * * *
SEC. 319. CYBERSECURITY RESEARCH AND DEVELOPMENT.
(a) In General.--The Under Secretary for Science and
Technology shall support the research, development, testing,
evaluation, and transition of cybersecurity technologies,
including fundamental research to improve the sharing of
information, analytics, and methodologies related to
cybersecurity risks and incidents, consistent with current law.
(b) Activities.--The research and development supported under
subsection (a) shall serve the components of the Department and
shall--
(1) advance the development and accelerate the
deployment of more secure information systems;
(2) improve and create technologies for detecting
attacks or intrusions, including real-time continuous
diagnostics and real-time analytic technologies;
(3) improve and create mitigation and recovery
methodologies, including techniques and policies for
real-time containment of attacks, and development of
resilient networks and information systems;
(4) support, in coordination with non-Federal
entities, the review of source code that underpins
critical infrastructure information systems;
(5) develop and support infrastructure and tools to
support cybersecurity research and development efforts,
including modeling, testbeds, and data sets for
assessment of new cybersecurity technologies;
(6) assist the development and support of
technologies to reduce vulnerabilities in industrial
control systems; and
(7) develop and support cyber forensics and attack
attribution capabilities.
(c) Coordination.--In carrying out this section, the Under
Secretary for Science and Technology shall coordinate
activities with--
(1) the Under Secretary appointed pursuant to section
103(a)(1)(H);
(2) the heads of other relevant Federal departments
and agencies, as appropriate; and
(3) industry and academia.
(d) Transition to Practice.--The Under Secretary for Science
and Technology shall support projects carried out under this
title through the full life cycle of such projects, including
research, development, testing, evaluation, pilots, and
transitions. The Under Secretary shall identify mature
technologies that address existing or imminent cybersecurity
gaps in public or private information systems and networks of
information systems, identify and support necessary
improvements identified during pilot programs and testing and
evaluation activities, and introduce new cybersecurity
technologies throughout the homeland security enterprise
through partnerships and commercialization. The Under Secretary
shall target federally funded cybersecurity research that
demonstrates a high probability of successful transition to the
commercial market within two years and that is expected to have
a notable impact on the public or private information systems
and networks of information systems.
(e) Definitions.--In this section:
(1) Cybersecurity risk.--The term ``cybersecurity
risk'' has the meaning given such term in section 227.
(2) Homeland security enterprise.--The term
``homeland security enterprise'' means relevant
governmental and nongovernmental entities involved in
homeland security, including Federal, State, local, and
tribal government officials, private sector
representatives, academics, and other policy experts.
(3) Incident.--The term ``incident'' has the meaning
given such term in section 227.
(4) Information system.--The term ``information
system'' has the meaning given such term in section
3502(8) of title 44, United States Code.
* * * * * * *
TITLE VIII--COORDINATION WITH NON-FEDERAL ENTITIES; INSPECTOR GENERAL;
UNITED STATES SECRET SERVICE; COAST GUARD; GENERAL PROVISIONS
* * * * * * *
Subtitle D--Acquisitions
SEC. 831. RESEARCH AND DEVELOPMENT PROJECTS.
(a) Authority.--Until September 30, [2016] 2020, and subject
to subsection (d), the Secretary may carry out a pilot program
under which the Secretary may exercise the following
authorities:
(1) In general.--When the Secretary carries out
basic, applied, and advanced research and development
projects, including the expenditure of funds for such
projects, the Secretary may exercise the same authority
(subject to the same limitations and conditions) with
respect to such research and projects as the Secretary
of Defense may exercise under section 2371 of title 10,
United States Code (except for subsections (b) and
(f)), after making a determination that the use of a
contract, grant, or cooperative agreement for such
project is not feasible or appropriate. [The annual
report required under subsection (b) of this section,
as applied to the Secretary by this paragraph, shall be
submitted to the President of the Senate and the
Speaker of the House of Representatives.]
(2) Prototype projects.--The Secretary may, under the
authority of paragraph (1), carry out prototype
projects in accordance with the requirements and
conditions provided for carrying out prototype projects
under section 845 of the National Defense Authorization
Act for Fiscal Year 1994 (Public Law 103-160). In
applying the authorities of that section 845,
subsection (c) of that section shall apply with respect
to prototype projects under this paragraph, and the
Secretary shall perform the functions of the Secretary
of Defense under subsection (d) thereof.
(3) Prior approval.--In any case in which the head of
a component or office of the Department seeks to
utilize the authority under this section, such head
shall first receive prior approval from the Secretary
by providing to the Secretary a proposal that includes
the rationale for the utilization of such authority,
the funds to be spent on the use of such authority, and
the expected outcome for each project that is the
subject of the use of such authority. In such a case,
the authority for evaluating the proposal may not be
delegated by the Secretary to anyone other than the
Under Secretary for Management.
(b) Procurement of Temporary and Intermittent Services.--The
Secretary may--
(1) procure the temporary or intermittent services of
experts or consultants (or organizations thereof) in
accordance with section 3109(b) of title 5, United
States Code; and
(2) whenever necessary due to an urgent homeland
security need, procure temporary (not to exceed 1 year)
or intermittent personal services, including the
services of experts or consultants (or organizations
thereof), without regard to the pay limitations of such
section 3109.
(c) Additional Requirements.--
(1) In general.--The authority of the Secretary under
this section shall terminate September 30, [2016] 2020,
unless before that date the Secretary--
(A) issues policy guidance detailing the
appropriate use of that authority; and
(B) provides training to each employee that
is authorized to exercise that authority.
[(2) Report.--The Secretary shall provide an annual
report to the Committees on Appropriations of the
Senate and the House of Representatives, the Committee
on Homeland Security and Governmental Affairs of the
Senate, and the Committee on Homeland Security of the
House of Representatives detailing the projects for
which the authority granted by subsection (a) was used,
the rationale for its use, the funds spent using that
authority, the outcome of each project for which that
authority was used, and the results of any audits of
such projects.]
(2) Report.--The Secretary shall annually submit to
the Committee on Homeland Security and the Committee on
Science, Space, and Technology of the House of
Representatives and the Committee on Homeland Security
and Governmental Affairs of the Senate a report
detailing the projects for which the authority granted
by subsection (a) was utilized, the rationale for such
utilizations, the funds spent utilizing such authority,
the extent of cost-sharing for such projects among
Federal and non-Federal sources, the extent to which
utilization of such authority has addressed a homeland
security capability gap or threat to the homeland
identified by the Department, the total amount of
payments, if any, that were received by the Federal
Government as a result of the utilization of such
authority during the period covered by each such
report, the outcome of each project for which such
authority was utilized, and the results of any audits
of such projects.
(d) Definition of Nontraditional Government Contractor.--In
this section, the term ``nontraditional Government contractor''
has the same meaning as the term ``nontraditional defense
contractor'' as defined in section 845(e) of the National
Defense Authorization Act for Fiscal Year 1994 (Public Law 103-
160; 10 U.S.C. 2371 note).
(e) Training.--The Secretary shall develop a training program
for acquisitions staff on the utilization of the authority
provided under subsection (a).
* * * * * * *