[Senate Report 115-151]
[From the U.S. Government Publishing Office]
�
�
Calendar No. 207
115th Congress } { Report
SENATE
1st Session } { 115-151
======================================================================
INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 2018
_______
September 7, 2017.--Ordered to be printed
_______
Mr. Burr, from the Select Committee on Intelligence,
submitted the following
R E P O R T
together with
ADDITIONAL AND MINORITY VIEWS
[To accompany S. 1761]
The Select Committee on Intelligence, having considered an
original bill (S. 1761) to authorize appropriations for fiscal
year 2018 for intelligence and intelligence-related activities
of the United States Government, the Community Management
Account, and the Central Intelligence Agency Retirement and
Disability System, and for other purposes, reports favorably
thereon and recommends that the bill do pass.
Classified Annex to the Committee Report
On June 12, 2017, acting pursuant to Section 364 of the
Intelligence Authorization Act for Fiscal Year 2010 (Public Law
111-259), the Director of National Intelligence (DNI) publicly
disclosed that the President's aggregate request for the
National Intelligence Program for Fiscal Year 2018 is $57.7
billion. Other than for limited unclassified appropriations,
primarily the Intelligence Community Management Account, the
classified nature of United States intelligence activities
precludes any further disclosure, including by the Committee,
of the details of its budgetary recommendations. Accordingly,
the Committee has prepared a classified annex to this report
that contains a classified Schedule of Authorizations. The
classified Schedule of Authorizations is incorporated by
reference in the Intelligence Authorization Act (the ``Act'')
and has the legal status of public law. The classified annex is
made available to the Committees on Appropriations of the
Senate and the House of Representatives and to the President.
It is also available for review by any Member of the Senate
subject to the provisions of Senate Resolution 400 of the 94th
Congress (1976).
Section-by-Section Analysis and Explanation
The following is a section-by-section analysis and
explanation of the Intelligence Authorization Act for Fiscal
Year 2018 that is being reported by the Committee.
TITLE I--INTELLIGENCE ACTIVITIES
Section 101. Authorization of appropriations
Section 101 lists the United States Government departments,
agencies, and other elements for which the Act authorizes
appropriations for intelligence and intelligence-related
activities for Fiscal Year 2018.
Section 102. Classified Schedule of Authorizations
Section 102 provides that the details of the amounts
authorized to be appropriated for intelligence and
intelligence-related activities for Fiscal Year 2018 are
contained in the classified Schedule of Authorizations and that
the classified Schedule of Authorizations shall be made
available to the Committees on Appropriations of the Senate and
House of Representatives and to the President.
Section 103. Personnel ceiling adjustments
Section 103 provides that the DNI may authorize employment
of civilian personnel in Fiscal Year 2018 in excess of the
number of authorized positions by an amount not exceeding three
percent of the total limit applicable to each Intelligence
Community (IC) element under Section 102, and ten percent of
the number of civilian personnel authorized under such schedule
for the purposes of contractor conversions. The DNI may do so
only if necessary to the performance of important intelligence
functions.
Section 104. Intelligence Community Management Account
Section 104 authorizes appropriations in the amount of
$550,200,000 for the Intelligence Community Management Account
(ICMA) of the Office of the Director of National Intelligence
(ODNI) for the elements within the ICMA for Fiscal Year 2018.
TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
Section 201. Authorization of appropriations
Section 201 authorizes appropriations in the amount of
$514,000,000 for the Central Intelligence Agency Retirement and
Disability Fund for Fiscal Year 2018.
TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
Section 301. Restriction on conduct of intelligence activities
Section 301 provides that the authorization of
appropriations by the Act shall not be deemed to constitute
authority for the conduct of any intelligence activity that is
not otherwise authorized by the Constitution or laws of the
United States.
Section 302. Increase in employee compensation and benefits authorized
by law
Section 302 provides that funds authorized to be
appropriated by the Act for salary, pay, retirement, and other
benefits for federal employees may be increased by such
additional or supplemental amounts as may be necessary for
increases in compensation or benefits authorized by law.
Section 303. Modification of special pay authority for science,
technology, engineering, or mathematics positions and addition
of special pay authority for cyber positions
Section 303 provides an increased yearly cap for Science,
Technology, Engineering, or Mathematics (STEM) employee
positions in the IC who perform critical cyber missions.
Section 304. Director of National Intelligence review of placement of
positions within the intelligence community on the Executive
Schedule
Section 304 requires the DNI to conduct a review of the
positions within the IC that may be appropriate for inclusion
on the Executive Schedule, and the appropriate levels for
inclusion.
Section 305. Modification of appointment of Chief Information Officer
of the Intelligence Community
Section 305 changes the position of IC Chief Information
Officer from being subject to presidential appointment to being
subject to appointment by the DNI.
Section 306. Supply Chain and Counterintelligence Risk Management Task
Force
Section 306 requires the DNI to establish a task force to
standardize information sharing between the IC and the United
States Government acquisition community with respect to supply
chain and counterintelligence risks. Section 306 further
provides requirements for membership, security clearances, and
annual reports.
Section 307. Inspector General of the Intelligence Community auditing
authority
Section 307 permits the IC IG to hire contractor or expert
auditors to meet audit requirements, similar to other Federal
IGs. Section 307 responds to the Committee's concerns that the
IC Inspector General (IC IG) is at risk of failing to meet its
legislative requirements due to its inability to hire qualified
auditors by granting the IC IG independent hiring practices
identical to other IGs.
Section 308. Inspectors General studies on classification
Section 308 requires each designated IG to carry out and
submit to the congressional intelligence committees a report on
the application of classification and handling markings on a
representative sample of finished products, to include
compartments. Section 308 also directs an analysis of
compliance with declassification procedures and a review of the
process for identifying topics of public or historical
importance that merit prioritization for declassification
review.
TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
Subtitle A--Office of the Director of National Intelligence
Section 401. Authority for the protection of current and former
employees of the Office of the Director of National
Intelligence
Section 401 amends Title 50, section 3506, to provide
protection for current and former ODNI personnel and designated
immediate family members, if there is a national security
threat that warrants such protection.
Section 402. Information sharing with State election officials
Section 402 requires the DNI, within 30 days of enactment,
to sponsor a security clearance for each eligible chief
election official of a State, territory, or the District of
Columbia (and up to one eligible designee), up to the top
secret level. Section 402 also requires the DNI to share
appropriate classified information-related threats to election
systems and to the integrity of the election process with chief
election officials and their designees who possess the
aforementioned security clearances.
Section 403. Technical modification to the Executive Schedule
Section 403 amends Title 50, section 5313, to add the
Director of the National Counterintelligence and Security
Center.
Section 404. Modification to the designation of the program manager-
information sharing environment
Section 404 changes the status of the Program Manager for
the Information Sharing Environment from being subject to
presidential appointment to being subject to appointment by the
DNI.
Subtitle B--Other Elements
Section 411. Repeal of foreign language proficiency requirement for
certain senior level positions in the Central Intelligence
Agency
Section 411 repeals Title 50, section 3036(g), with
conforming amendments to section 611 of the Intelligence
Authorization Act for Fiscal Year 2005 (Public Law 108-487).
Subtitle C--Other Elements
Section 421. Designation of the Counterintelligence Directorate of the
Defense Security Service as an element of the intelligence
community
Section 421 adds the Defense Security Service's (DSS's)
Counterintelligence (CI) Directorate to the IC elements in 50
U.S.C. 3003(4), and requires all IC requirements that apply to
IC elements to apply to the DSS CI as of the date of enactment.
TITLE V--SECURING ENERGY INFRASTRUCTURE
Section 501. Short title
Section 501 provides that this title may be cited as the
``Securing Energy Infrastructure Act of 2017.''
Section 502. Definitions
Section 502 provides the relevant definitions as cited
throughout this title.
Section 503. Pilot program for securing energy infrastructure
Section 503 requires the Director of Intelligence and
Counterintelligence of the Department of Energy (hereinafter in
this title, ``Director''), within 180 days of enactment, to
establish a two-year control systems implementation pilot
program within the National Labs. This pilot program will
partner with covered entities in the energy sector to identify
new security vulnerabilities, and for purposes of researching,
developing, testing, and implementing technology platforms and
standards in partnership with such entities.
Section 504. Working group to evaluate program standards and develop
strategy
Section 504 requires the Director to establish a working
group composed of identified private and public sector
entities, to evaluate the technology platforms and standards
for the pilot program specified in Section 503 and develop a
national cyber-informed engineering strategy to isolate and
defend covered entities from security vulnerabilities.
Section 505. Reports on the program
Section 505 requires the Director within 180 days after the
date on which funds are first disbursed to submit to the
congressional intelligence committees, the Committee on Energy
and Natural Resources of the Senate, and the Committee on
Energy and Commerce of the House of Representatives, an interim
report that describes the pilot program's results, provides a
feasibility analysis, and describes the working group's
evaluations. Section 505 further requires the Director, within
two years of funding, to submit to the aforementioned
committees a progress report on the pilot program specified in
Section 503, an analysis of the feasibility of the methods
studied, and a description of the working group's evaluation
results.
Section 506. No new regulatory authority for Federal agencies
Section 506 provides that nothing in this title permits the
Director or the head of any other Federal agency to issue new
regulations.
Section 507. Exemption from disclosure
Section 507 provides that information shared by or with the
Federal Government or a State, tribal, or local government
under this title shall be deemed to be voluntarily shared and
exempt from disclosure under relevant laws requiring such
disclosure.
Section 508. Protection from liability
Section 508 provides covered entities participating in the
pilot program with protection from causes of action. Section
508 further provides that covered entities cannot be subject to
causes of action for refraining from participation.
Section 509. Authorization of appropriations
Section 509 authorizes $10,000,000 to carry out the pilot
program specified in Section 503, and $1,500,000 to carry out
the working group and reporting provisions.
TITLE VI--REPORTS AND OTHER MATTERS
Section 601. Technical correction to Inspector General study
Section 601 amends Title 50, section 11001(d), by replacing
the IC IG's ``audit'' requirement for Inspectors General with
employees having classified material access, with a ``review''
requirement.
Section 602. Governance for security clearance, suitability and fitness
for employment, and credentialing
Section 602 establishes an interagency council comprised of
representatives from the ODNI, Office of Management and Budget,
Office of Personnel Management, Under Secretary of Defense for
Intelligence, and National Background Investigation Bureau, to
govern decisions and processes related to security clearances,
suitability and fitness for employment, and credentialing.
Section 602 further establishes the DNI as the government's
Security Executive Agent and the Director of the Officer of
Personnel Management as the government's Suitability Executive
Agent and the Credentialing Executive Agent, specifying roles
and responsibilities for each.
Section 603. Process for security clearances
Section 603 incorporates several provisions relating to the
security clearance process. Section 603 requires the following
reviews: of the alignment among the Standard Form 86 background
investigation questionnaire, the Federal Investigative
Standards, and the adjudicative guidelines contained in
Security Executive Agent Directive 4 (``National Security
Adjudicative Guidelines''), as well as their collective utility
in anticipating future insider threats; of certain methods to
improve the background investigation process; and of the
utility of the timelines for processing security clearances, as
contained in the Intelligence Reform and Terrorism Prevention
Act of 2004.
Section 603 also directs the DNI, as the government's
Security Executive Agent, to establish a policy on the issuance
of interim security clearances; establish a policy for
consistent treatment in the security clearance process between
government and contractor personnel; issue a strategy and
implementation plan for conducting periodic reinvestigations
based on risk, not a specified time interval; issue a policy
for the government's use of automated records checks conducted
for prior employment purposes; and establish a policy and issue
an implementation plan for sharing information between and
among government agencies and industry related to security
clearances, consistent with privacy concerns.
Section 604. Reports on the vulnerabilities equities policy and process
of the Federal Government
Section 604 requires the head of each IC element to submit
within 90 days of enactment to the congressional intelligence
committees a report detailing the process and criteria the head
of each IC element uses for determining to submit a
vulnerability for review under the Federal Government's
vulnerabilities equities policy and process. Section 604
further requires the report to contain information about
vulnerability disclosures to vendors, how many vulnerabilities
have been patched, and when a patch or mitigation has been made
publicly available.
Section 605. Bug bounty programs
Section 605 directs the Under Secretary for Intelligence
and Analysis of the Department of Homeland Security to submit
to congressional leadership and the congressional intelligence
committees a strategic plan to implement bug bounty programs at
appropriate agencies and departments of the United States
Government. Section 605 further requires the plan to include an
assessment of the ``Hack the Pentagon'' pilot program and
subsequent bug bounty programs. Section 605 also requires the
plan to provide recommendations on the feasibility of
initiating bug bounty programs across the United States
Government.
Section 606. Report on cyber attacks by foreign governments against
United States election infrastructure
Section 606 directs the Under Secretary for Intelligence
and Analysis of the Department of Homeland Security to submit
to congressional leadership and the congressional intelligence
committees a report on cyber attacks and attempted cyber
attacks by foreign governments on United States election
infrastructure, in connection with the 2016 Presidential
election. Section 606 further requires this report to include
identification of the States and localities affected and
include efforts to attack voter registration databases, voting
machines, voting-related computer networks, and the networks of
secretaries of State and other election officials.
Section 607. Review of intelligence community's posture to collect
against and analyze Russian efforts to influence the
presidential election
Section 607 requires the DNI to submit to the congressional
intelligence committees within one year of enactment a report
on the Director's review of the IC's posture to collect against
and analyze Russian efforts to interfere with the 2016 United
States presidential election. Section 607 further requires the
review to include assessments of IC resources, information
sharing, and legal authorities.
Section 608. Assessment of foreign intelligence threats to Federal
elections
Section 608 requires the DNI, in coordination with the
Director of the CIA, the Director of the NSA, the Director of
the FBI, the Secretary of Homeland Security, and the heads of
other relevant IC elements, to commence assessments of security
vulnerabilities of State election systems one year before
regularly scheduled Federal elections. Section 608 further
requires the DNI to submit a report on such assessments to
congressional leadership and to the congressional intelligence
committees 180 days before regularly scheduled Federal
elections, and an updated assessment 90 days before regularly
scheduled Federal election.
Section 609. Strategy for countering Russian cyber threats to United
States elections
Section 609 requires the DNI, in coordination with the
Secretary of Homeland Security, the Director of FBI, the
Director of CIA, the Secretary of State, the Secretary of
Defense, and the Secretary of the Treasury, to develop a whole-
of-government strategy for countering Russian cyber threats
against United States electoral systems and processes. Section
609 further requires this strategy to include input from
solicited Secretaries of State and chief election officials.
Section 609 requires the DNI and the Secretary of Homeland
Security to brief the congressional intelligence committees on
the required strategy within 90 days of enactment.
Section 610. Limitation relating to establishment or support of cyber
security unit with the Government of Russia
Section 610 prohibits the Federal Government from expending
any funds to establish or support a cybersecurity unit or other
cyber agreement that is jointly established or otherwise
implemented by the United States Government and the Russian
Government, unless the DNI submits a report to the
congressional intelligence committees at least 30 days prior to
any such agreement. The report shall include the agreement's
purpose, intended shared intelligence, value to national
security, counterintelligence concerns, and any measures taken
to mitigate such concerns.
Section 611. Report on returning Russian compounds
Section 611 requires the IC to produce, within 180 days of
enactment of this Act, both classified and unclassified reports
on the intelligence risks of returning the two diplomatic
compounds--one in New York and one in Maryland--taken from
Russia as a reprisal for Russian meddling in the 2016 United
States presidential election. Section 611 also establishes an
ongoing requirement for producing similar assessments for
future assignment of diplomatic compounds within the United
States.
Section 612. Intelligence community assessment on threat of Russian
money laundering to the United States
Section 612 requires the DNI, in coordination with the
Secretary of the Treasury, to submit to the congressional
intelligence committees within 180 days of enactment an IC
assessment on the threat of Russian money laundering to the
United States. Section 612 requires the assessment to be based
on all-source intelligence from both the IC and the Office of
Terrorism and Financial Intelligence of the Treasury Department
and cover global nodes and entry points; vulnerabilities;
connections between oligarchs, organized crime, and/or the
Russian Government; counterintelligence threats to the United
States; and challenges to United States Government efforts to
enforce sanctions and combat organized crime.
Section 613. Notification of an active measures campaign
Section 613 requires the DNI to notify the Chairman and
Vice Chairman or Ranking Member of the congressional
intelligence committees each time the DNI has determined there
is credible information that a foreign power has, is, or will
attempt to employ a covert influence or active measures
campaign with regard to the modernization, employment,
doctrine, or force posture of the nuclear deterrent or missile
defense. Section 613 further requires that such notification
must include information about the actions that the United
States has taken to expose or halt such attempts.
Section 614. Notification of travel by accredited diplomatic and
consular personnel of the Russian Federation in the United
States
Section 614 requires the Secretary of State, in executing
the advance notification requirements of the Intelligence
Authorization Act for Fiscal Year 2017, to ensure the Russian
Federation provides two business days of advance notice to the
Secretary prior to Russian diplomatic or consular travel, and
to ensure that the Secretary provides further notification of
this travel within one hour to the DNI and the Director of the
Federal Bureau of Investigation.
Section 615. Modification of certain reporting requirement on travel of
foreign diplomats
Section 615 amends a provision in the Intelligence
Authorization Act for Fiscal Year 2017, to require reporting of
``a best estimate'' of known or suspected violations of certain
travel requirements by accredited diplomatic and consular
personnel of the Russian Federation.
Section 616. Semiannual report on referrals to Department of Justice by
elements of the intelligence community regarding unauthorized
disclosure of classified information
Section 616 requires the Assistant Attorney General of the
Department of Justice, in consultation with the Director of the
FBI, to submit to the congressional intelligence committees a
semiannual report on the status of IC referrals to the
Department regarding unauthorized disclosures of classified
information.
Section 617. Notifications on designation of an intelligence officer as
a persona non grata
Section 617 requires the DNI, in consultation with the
Secretary of State, to submit to the congressional intelligence
committees a notification within 30 days of an intelligence
officer--either of the United States or of a foreign
intelligence service stationed in the United States--being
designated as a persona non grata. Section 617 further requires
the notifications to include the basis for the designation and
a justification for the expulsion.
Section 618. Biennial report on foreign investment risks
Section 618 requires the DNI to establish an IC working
group on foreign investment risks and prepare a biennial report
to the congressional intelligence committees. Section 618
further requires the report to include an identification,
analysis, and explanation of national security vulnerabilities,
foreign investment trends, foreign countries' strategies to
exploit vulnerabilities, and market distortions caused by
foreign countries.
Section 619. Report on surveillance by foreign governments against
United States telecommunications networks
Section 619 requires the DNI, in coordination with the
Director of the CIA, the Director of the NSA, the Director of
the FBI, and the Secretary of Homeland Security, to submit to
the congressional intelligence committees within 180 days of
enactment a report on known attempts by foreign governments to
exploit cybersecurity vulnerabilities in United States
telecommunications networks to target for surveillance United
States persons, and any actions that the IC has taken to
protect United States Government agencies and personnel from
such surveillance.
Section 620. Reports on authorities of the Chief Intelligence Officer
of the Department of Homeland Security
Section 620 requires the Secretary of Homeland Security, in
consultation with the Under Secretary for Intelligence and
Analysis, to submit to the congressional intelligence
committees a report on the adequacy of the Under Secretary's
authorities required as the Chief Intelligence Officer to
organize the Homeland Security Intelligence Enterprise, and the
legal and policy changes necessary to coordinate, organize, and
lead Department of Homeland Security intelligence activities.
Section 621. Report on geospatial commercial activities for basic and
applied research and development
Section 621 requires the Director of the National
Geospatial-Intelligence Agency to submit, within 30 days of
enactment, to the congressional intelligence committees and the
armed services committees a report on the authorities that the
Director deems necessary to conduct certain commercial
activities to engage in specified basic and applied research,
data transfers, and development projects. This report should
address how the Director would use such authorities, consistent
with applicable laws and procedures to protect sources and
methods.
Section 622. Technical amendments related to the Department of Energy
Section 622 provides technical corrections to certain
provisions regarding the Department of Energy's Office of
Intelligence and Counterintelligence.
Section 623. Sense of Congress on WikiLeaks
Section 623 provides a Sense of Congress that WikiLeaks and
its senior leadership resemble a non-state hostile intelligence
service, often abetted by state actors, and should be treated
as such.
Committee Comments
Management of intelligence community workforce
The Committee repeats direction from the Intelligence
Authorization Act for Fiscal Year 2017 that IC elements should
build, develop, and maintain a workforce appropriately balanced
among its civilian, military, and contractor workforce sectors
to meet the missions assigned to it in law and by the
president. Starting in fiscal year 2019, the Committee will no
longer authorize position ceiling levels in the annual Schedule
of Authorizations.
The bill, in Section 103, again includes authority for IC
elements to adjust personnel ceilings by three percent, and by
ten percent specifically for the purposes of contractor
conversions. These flexibilities are temporary management tools
to optimize the workforce this year that will cease in fiscal
year 2019 when the IC can benefit from full implementation of
the multi-sector workforce initiative.
The Committee looks forward to working with the ODNI as it
develops an implementation strategy and sets standards for
workforce cost analysis tools.
Protection of the supply chain in intelligence community acquisition
decisions
The Committee continues to have significant concerns about
risks to the supply chain in IC acquisitions. The report to
accompany the Intelligence Authorization Act for Fiscal Year
2017 directed the DNI to review and consider changes to
Intelligence Community Directive (ICD) 801 (``Acquisition'') to
reflect issuance in 2013 of ICD 731 (``Supply Chain Risk
Management'') and issues associated with cybersecurity. It
specifically recommended the review examine whether to: expand
risk management criteria in the acquisition process to include
cyber and supply chain threats; require counterintelligence and
security assessments as part of the acquisition and procurement
process; propose and adopt new education requirements for
acquisition professionals on cyber and supply chain threats;
and factor in the cost of cyber and supply chain security. This
review is due in November 2017, with a report on the process
for updating ICD 801 due in December 2017.
As part of this review, the Committee directs three other
considerations to be addressed: changes in the Federal
Acquisition Regulation that may be necessary; how changes
should apply to all acquisition programs; and how security
risks must be addressed across development, procurement, and
operational phases of acquisition. The Committee further
directs the DNI to submit a plan to implement necessary changes
within 60 days of completion of this review.
National Geospatial-Intelligence Agency use of VERA and VSIP
Authorities
The Committee encourages the use by the National
Geospatial-Intelligence Agency (NGA) of Voluntary Early
Retirement Authority (VERA) and Voluntary Separation Incentive
Program (VSIP) offers to meet its future goals of building a
workforce more attuned to automation of data production,
automation of analytic processes, and establishment of
development and operations (``DevOps'') software development
processes.
Therefore, the Committee directs the NGA to report to the
congressional intelligence committees within 120 days of
enactment of this Act on its plan for further use of VERA and
VSIP incentives, to include how they can be used to develop an
acquisition cadre skilled in ``DevOps'' software development
processes. The report should specify metrics for retooling its
workforce, including how it measures data literacy and
computational skills in potential hires, and an accounting of
the numbers of new hires who have met these higher standards.
Report on engagement of National Reconnaissance Office with university
community
The Committee recognizes that the survivability and
resiliency of United States satellites is critically important
to the United States intelligence and defense communities.
While the National Reconnaissance Office (NRO) engages with the
university community in support of basic research and
developing an education workforce pipeline to help advance new
technologies and produce skilled professionals, it can do more
in this regard to focus on space survivability.
Therefore, the Committee directs the NRO to report within
120 days of enactment of this Act on NRO's current efforts and
future strategies to engage with university partners that are
strategically located, host secure information facilities, and
offer a strong engineering curriculum, with a particular focus
on space survivability and resiliency. This report should
provide a summary of NRO's current and planned university
engagement programs, levels of funding, and program research
and workforce objectives and metrics. The report should also
include an assessment of the strategic utility of chartering a
University Affiliated Research Center (UARC) in this domain.
Clarification of oversight responsibilities
The Committee reinforces the requirement for all IC
agencies funded by the National Intelligence Program to respond
in a full, complete, and timely manner to any request made by a
member of the congressional intelligence committees. In
addition, the Committee directs the DNI to issue guidelines
within 90 days to ensure that this provision is carried out.
Clarification on cooperation with investigation on Russian influence in
the 2016 election
The Committee reinforces the obligation for all IC agencies
to cooperate in a full, complete, and timely manner with the
Committee's investigation into Russian meddling in the 2016
Presidential election and all related inquiries being conducted
by the Committee.
Supervisory feedback as part of continuous evaluation program
The Committee directs the DNI to review the results of
ongoing pilots regarding the use of supervisory feedback as
part of the periodic reinvestigation and continuous evaluation
process and report within 180 days of enactment of this Act on
the establishment of a policy for its use across the IC.
National security threats to critical infrastructure
The Committee is aware of significant threats to our
critical infrastructure and industrial control systems posed by
foreign adversaries. The sensitive nature of the information
related to these threats make the role of the IC of vital
importance to United States defensive efforts. The Committee
has grave concerns that current IC resources dedicated to these
threats and their analysis are neither sufficient nor closely
coordinated. The Committee includes provisions within this
legislation to address these concerns.
Inspector General of the Intelligence Community role and
responsibilities
The Inspector General of the Intelligence Community (IC IG)
was established by the Intelligence Authorization Act for
Fiscal Year 2010 to initiate and ``conduct independent reviews
investigations, inspections, audits, and reviews on programs
and activities within the responsibility and authority of the
Director of National Intelligence'' and to lead the IG
community in its activities. The Committee is concerned that
this intent is not fully exercised by the IC IG and reiterates
the Congress's intent that it consider its role as an IG over
all IC-wide activities in addition to the ODNI. To support this
intent, the Committee has directed a number of requirements to
strengthen the IC IG's role and expects full cooperation from
all Offices of Inspector General across the IC.
The Committee remains concerned about the level of
protection afforded to whistleblowers within the IC and the
level of insight congressional committees have into their
disclosures. It is the Committee's expectation that all Offices
of Inspector General across the IC will fully cooperate with
the direction provided elsewhere in the bill to ensure both the
Director of National Intelligence and the congressional
committees have more complete awareness of the disclosures made
to any IG about any National Intelligence Program funded
activity.
Space launch facilities
The Committee continues to believe it is critical to
preserve a variety of launch range capabilities to support
national security space missions, and encourages planned
launches such as the U.S. Air Force Orbital/Sub-Orbital Program
(OSP)-3 National Reconnaissance Office (NRO-111) mission, to be
launched in 2018 on a Minotaur 1 from the Mid-Atlantic Regional
Spaceport at Wallops Flight Facility. In the Fiscal Year 2017
Intelligence Authorization Act, the Committee directed a brief
from the ODNI, in consultation with the Department of Defense
and the U.S. Air Force, on their plans to utilize state-owned
and operated spaceports, which leverage non-federal public and
private investments to bolster United States launch
capabilities and provide access to mid-to-low or polar-to-high
inclination orbits for national security missions.
The Committee directs that the ODNI supplement this brief
to consider how state investments in these spaceports may
support infrastructure improvements, such as payload
integration and launch capabilities, for national security
launches.
Committee Action
On July 27, 2017, a quorum being present, the Committee met
to consider the bill and amendments. The Committee took the
following actions:
Votes on amendments to committee bill, this report and the classified
annex
By unanimous consent, the Committee made the Chairman and
Vice Chairman's bill, together with the classified annex, the
base text for purposes of amendment.
By voice vote, the Committee adopted en bloc eight
amendments to the classified annex, as sponsored by: (1)
Chairman Burr and Vice Chairman Warner, as modified by a
second-degree amendment by Chairman Burr and Senator Cotton;
(2) Chairman Burr and Vice Chairman Warner; (3) Chairman Burr
and Vice Chairman Warner; (4) Vice Chairman Warner and Senator
Manchin; (5) Senator Manchin, as modified by a second-degree
amendment by Chairman Burr; (6) Senator Lankford, as modified
by a second-degree amendment by Senator Lankford and Vice
Chairman Warner; (7) Senator Rubio, as modified by a second-
degree amendment also by Senator Rubio; and (8) Senator Rubio,
Senator Cornyn, and Senator Manchin.
By voice vote, the Committee adopted en bloc the following
eleven amendments to the bill: (1) an amendment by Chairman
Burr and Vice Chairman Warner to Section 505, regarding reports
on an energy infrastructure pilot program; (2) an amendment by
Vice Chairman Warner and Senator Heinrich, regarding Russia
cyber threat strategy; (3) an amendment by Chairman Burr and
Senator Rubio to Section 402, regarding information sharing
with state election officials; (4) an amendment by Senator
Collins, Senator Lankford, and Senator Manchin that requires
the Department of Justice to report on Intelligence Community
leaks; (5) an amendment by Senator Cotton that modifies a
report requirement on certain Russia travel violations; (6) an
amendment by Senator Heinrich, Senator King, and Senator Harris
that requires reporting on the government's Vulnerabilities
Equities Policy and Process; (7) an amendment by Senator
Lankford to Section 608, regarding an assessment of foreign
intelligence threats to federal elections; (8) an amendment by
Senator Harris requiring an Intelligence Community review on
Russian influence; (9) an amendment by Senator Wyden and
Senator Manchin requiring a report on Russian money laundering;
(10) an amendment by Senator Wyden prohibiting a United States-
Russia cyber unit; and (11) an amendment by Senator Wyden
requiring a report on foreign government surveillance against
United States telecommunications networks.
By voice vote, the Committee adopted a second-degree
amendment by Senator King to an amendment by Senator Wyden that
would have stricken Section 623 of the bill. Section 623
originally provided a Sense of Congress that WikiLeaks and its
senior leadership constitute a non-state hostile intelligence
service.
By a vote of 13 ayes to 2 noes, the Committee adopted the
amendment by Senator Wyden that would have stricken Section 623
of the bill, as modified by the second-degree amendment by
Senator King, to provide a Sense of Congress that WikiLeaks and
its senior leadership resemble a non-state hostile intelligence
service. The votes in person or by proxy were as follows:
Chairman Burr--aye; Senator Risch--aye; Senator Rubio--aye;
Senator Collins--aye; Senator Blunt--aye; Senator Lankford--
aye; Senator Cotton--aye; Senator Cornyn--aye; Vice Chairman
Warner--aye; Senator Feinstein--aye; Senator Wyden--no; Senator
Heinrich--aye; Senator King--aye; Senator Manchin--aye; and
Senator Harris--no.
Senator Feinstein offered an amendment regarding civil
injunction actions and an amendment to require reports on
terrorist activities, both of which she subsequently withdrew.
Senator Wyden offered an amendment regarding whistleblower
protections for Intelligence Community contractors, which he
subsequently withdrew.
Senator Cotton offered three amendments, which he
subsequently withdrew, as follows: (1) an amendment to require
a declassification review of materials relating to the Iran
Joint Comprehensive Plan of Action; (2) an amendment to make a
conforming edit to 18 U.S.C. 2709, to clarify that the
government is permitted to obtain non-content electronic
communications transactional records; and (3) an amendment to
reauthorize Title VII of the Foreign Intelligence Surveillance
Act.
Vote to report the committee bill
The Committee voted to report the bill, as amended, by a
vote of 14 ayes and 1 no. The votes in person or by proxy were
as follows: Chairman Burr--aye; Senator Risch--aye; Senator
Rubio--aye; Senator Collins--aye; Senator Blunt--aye; Senator
Lankford--aye; Senator Cotton--aye; Senator Cornyn--aye; Vice
Chairman Warner--aye; Senator Feinstein--aye; Senator Wyden--
no; Senator Heinrich--aye; Senator King--aye; Senator Manchin--
aye; and Senator Harris--aye.
By unanimous consent, the Committee authorized the staff to
make technical and conforming changes, following the completion
of the mark-up.
Compliance With Rule XLIV
Rule XLIV of the Standing Rules of the Senate requires
publication of a list of any ``congressionally directed
spending item, limited tax benefit, and limited tariff
benefit'' that is included in the bill or the committee report
accompanying the bill. Consistent with the determination of the
Committee not to create any congressionally directed spending
items or earmarks, none have been included in the bill, the
report to accompany it, or the classified schedule of
authorizations. The bill, report, and classified schedule also
contain no limited tax benefits or limited tariff benefits.
Estimate of Costs
Pursuant to paragraph 11(a)(3) of rule XXVI of the Standing
Rules of the Senate, the Committee deems it impractical to
include an estimate of the costs incurred in carrying out the
provisions of this report due to the classified nature of the
operations conducted pursuant to this legislation. On July 27,
2017, the Committee transmitted this bill to the Congressional
Budget Office and requested an estimate of the costs incurred
in carrying out the unclassified provisions.
Evaluation of Regulatory Impact
In accordance with paragraph 11(b) of rule XXVI of the
Standing Rules of the Senate, the Committee finds that no
substantial regulatory impact will be incurred by implementing
the provisions of this legislation.
ADDITIONAL VIEWS OF SENATOR HARRIS
I support the Senate Select Committee on Intelligence's
Fiscal Year 2018 Intelligence Authorization Act because it
advances a number of important intelligence oversight goals
ranging from transparency on cyber vulnerabilities to tracking
foreign threats to our elections. Nevertheless, despite my
overall support for the bill, it is not perfect.
In particular, I have reservations about Section 623, which
establishes a Sense of Congress that WikiLeaks and the senior
leadership of WikiLeaks resemble a non-state hostile
intelligence service. The Committee's bill offers no definition
of ``non-state hostile intelligence service'' to clarify what
this term is and is not. Section 623 also directs the United
States to treat WikiLeaks as such a service, without offering
further clarity.
To be clear, I am no supporter of WikiLeaks, and believe
that the organization and its leadership have done considerable
harm to this country. This issue needs to be addressed.
However, the ambiguity in the bill is dangerous because it
fails to draw a bright line between WikiLeaks and legitimate
journalistic organizations that play a vital role in our
democracy.
I supported efforts to remove this language in Committee
and look forward to working with my colleagues as the bill
proceeds to address my concerns.
Kamala D. Harris.
MINORITY VIEWS OF SENATOR WYDEN
The Fiscal Year 2018 Intelligence Authorization bill
includes three important amendments I offered.
The first amendment requires that the Director of National
Intelligence, in coordination with the Secretary of the
Treasury, produce a report on the threat to the United States
from Russian money laundering. It has become apparent that
following the trail of illicit Russian money is a central
component of any counterintelligence investigation related to
Russia. Russian money laundering also threatens the U.S.
financial system as well as efforts to enforce sanctions and
fight organized crime. This report will bring together the
resources of the Intelligence Community and elements of the
Treasury Department under the Office of Terrorism and Financial
Intelligence, such as the Financial Crimes Enforcement Network
(FinCEN), so that the government and the Congress can
understand the complex and hidden networks of shell companies
and other money laundering instruments overseas and here in the
United States.
The second amendment prohibits the U.S.-Russia cyber
security unit announced by the President on July 9, 2017, or
any other U.S.-Russia cyber agreement, unless Congress has full
information about what the administration intends. The
President's statement that this unit will ensure that
``election hacking, & many other negative things, will be
guarded and safe'' raises numerous counterintelligence
concerns, given Russia's hacking in connection with the 2016
U.S. election. My amendment thus requires the DNI, at least 30
days prior to any such agreement, to report on what
intelligence will be shared with Russia, the
counterintelligence concerns associated with any such
agreement, and what will be done to mitigate those concerns.
The third amendment requires a report on the threat that
cyber security vulnerabilities in telecommunications networks,
including Signaling System No. 7 (SS7), could result in foreign
government surveillance of Americans, including U.S. government
personnel. A Department of Homeland Security report from April
highlighted the risks of SS7 vulnerabilities. My amendment will
require the whole of the Intelligence Community to report on
whether foreign government surveillance is occurring as a
result of this known vulnerability, and what the IC is doing
about it.
One important reform lacking from the bill is whistleblower
protections for Intelligence Community contractors, who are not
afforded the protections provided either to Intelligence
Community employees or to contractors outside the Intelligence
Community. By addressing this gap, Congress potentially could
save the taxpayers millions of dollars. Extending whistleblower
protections to IC contractors also helps discourage leaks by
granting potential leakers protected classified channels to
express concerns. It is my intent to continue to work with
colleagues to address this shortcoming in whistleblower
protections in the near future.
My opposition to the bill is based on a provision stating
that it is the Sense of Congress ``that WikiLeaks and the
senior leadership of WikiLeaks resemble a non-state hostile
intelligence service often abetted by state actors and should
be treated as such a service by the United States.'' My concern
with this language does not relate to the actions of WikiLeaks,
which, as I have stressed in the past, was part of a direct
attack on our democracy. My concern is that the use of the
novel phrase ``non-state hostile intelligence service'' may
have legal, constitutional, and policy implications,
particularly should it be applied to journalists inquiring
about secrets. The language in the bill suggesting that the
U.S. government has some unstated course of action against
``non-state hostile intelligence services'' is equally
troubling.
The damage done by WikiLeaks to the United States is clear.
But with any new challenge to our country, Congress ought not
react in a manner that could have negative consequences,
unforeseen or not, for our constitutional principles. The
introduction of vague, undefined new categories of enemies
constitutes such an ill-considered reaction.
Ron Wyden.
[all]