| 1 | 1 | | I |
|---|
| 2 | 2 | | 118THCONGRESS |
|---|
| 3 | 3 | | 1 |
|---|
| 4 | 4 | | STSESSION H. R. 5786 |
|---|
| 5 | 5 | | To establish in the National Nuclear Security Administration a Cybersecurity |
|---|
| 6 | 6 | | Risk Inventory, Assessment, and Mitigation Working Group. |
|---|
| 7 | 7 | | IN THE HOUSE OF REPRESENTATIVES |
|---|
| 8 | 8 | | SEPTEMBER28, 2023 |
|---|
| 9 | 9 | | Mr. C |
|---|
| 10 | 10 | | ARBAJAL(for himself, Mr. BACON, and Mr. GALLAGHER) introduced the |
|---|
| 11 | 11 | | following bill; which was referred to the Committee on Armed Services |
|---|
| 12 | 12 | | A BILL |
|---|
| 13 | 13 | | To establish in the National Nuclear Security Administration |
|---|
| 14 | 14 | | a Cybersecurity Risk Inventory, Assessment, and Mitiga- |
|---|
| 15 | 15 | | tion Working Group. |
|---|
| 16 | 16 | | Be it enacted by the Senate and House of Representa-1 |
|---|
| 17 | 17 | | tives of the United States of America in Congress assembled, 2 |
|---|
| 18 | 18 | | SECTION 1. CYBERSECURITY RISK INVENTORY, ASSESS-3 |
|---|
| 19 | 19 | | MENT, AND MITIGATION WORKING GROUP. 4 |
|---|
| 20 | 20 | | Subtitle A of title XXXII of the National Defense Au-5 |
|---|
| 21 | 21 | | thorization Act for Fiscal Year 2000 (Public Law 106– 6 |
|---|
| 22 | 22 | | 65) is amended by adding at the end the following new 7 |
|---|
| 23 | 23 | | section: 8 |
|---|
| 24 | 24 | | VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H5786.IH H5786 |
|---|
| 25 | 25 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 2 |
|---|
| 26 | 26 | | •HR 5786 IH |
|---|
| 27 | 27 | | ‘‘SEC. 3222. CYBERSECURITY RISK INVENTORY, ASSESS-1 |
|---|
| 28 | 28 | | MENT, AND MITIGATION WORKING GROUP. 2 |
|---|
| 29 | 29 | | ‘‘(a) E |
|---|
| 30 | 30 | | STABLISHMENT.—There is in the Administra-3 |
|---|
| 31 | 31 | | tion a working group, to be known as the ‘Cybersecurity 4 |
|---|
| 32 | 32 | | Risk Inventory, Assessment, and Mitigation Working 5 |
|---|
| 33 | 33 | | Group’. 6 |
|---|
| 34 | 34 | | ‘‘(b) M |
|---|
| 35 | 35 | | EMBERSHIP.—Members of the working group 7 |
|---|
| 36 | 36 | | shall include the Deputy Administrator for Defense Pro-8 |
|---|
| 37 | 37 | | grams, the Associate Administrator for Information Man-9 |
|---|
| 38 | 38 | | agement and Chief Information Officer, and staff from 10 |
|---|
| 39 | 39 | | other offices as determined appropriate by the Deputy Ad-11 |
|---|
| 40 | 40 | | ministrator and Associate Administrator. 12 |
|---|
| 41 | 41 | | ‘‘(c) C |
|---|
| 42 | 42 | | OMPREHENSIVE STRATEGY.—The working 13 |
|---|
| 43 | 43 | | group shall prepare a comprehensive strategy for 14 |
|---|
| 44 | 44 | | inventorying the range of National Nuclear Security Ad-15 |
|---|
| 45 | 45 | | ministration systems that are potentially at risk in the 16 |
|---|
| 46 | 46 | | operational technology and nuclear weapons information 17 |
|---|
| 47 | 47 | | technology environments, assessing the systems at risk, 18 |
|---|
| 48 | 48 | | and implementing risk mitigation actions. Such strategy 19 |
|---|
| 49 | 49 | | shall incorporate key elements of effective cybersecurity 20 |
|---|
| 50 | 50 | | risk management strategies, as identified by the Govern-21 |
|---|
| 51 | 51 | | ment Accountability Office, including the specification 22 |
|---|
| 52 | 52 | | of— 23 |
|---|
| 53 | 53 | | ‘‘(1) goals, objectives, activities, and perform-24 |
|---|
| 54 | 54 | | ance measures; 25 |
|---|
| 55 | 55 | | VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H5786.IH H5786 |
|---|
| 56 | 56 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB 3 |
|---|
| 57 | 57 | | •HR 5786 IH |
|---|
| 58 | 58 | | ‘‘(2) organizational roles, responsibilities, and 1 |
|---|
| 59 | 59 | | coordination; 2 |
|---|
| 60 | 60 | | ‘‘(3) necessary resources needed to implement 3 |
|---|
| 61 | 61 | | the strategy over the next ten years; and 4 |
|---|
| 62 | 62 | | ‘‘(4) detailed milestones and schedules for com-5 |
|---|
| 63 | 63 | | pletion of tasks. 6 |
|---|
| 64 | 64 | | ‘‘(d) S |
|---|
| 65 | 65 | | UBMISSION TOCONGRESS.— 7 |
|---|
| 66 | 66 | | ‘‘(1) B |
|---|
| 67 | 67 | | RIEFING.—Not later than 120 days after 8 |
|---|
| 68 | 68 | | the date of the enactment of this Act, the members 9 |
|---|
| 69 | 69 | | of the working group shall provide to the congres-10 |
|---|
| 70 | 70 | | sional defense committees a briefing on the plan of 11 |
|---|
| 71 | 71 | | the working group plan to develop the strategy re-12 |
|---|
| 72 | 72 | | quired under subsection (c). 13 |
|---|
| 73 | 73 | | ‘‘(2) S |
|---|
| 74 | 74 | | UBMISSION OF STRATEGY .—Not later 14 |
|---|
| 75 | 75 | | than April 1, 2025, the working group shall submit 15 |
|---|
| 76 | 76 | | the congressional defense committees a copy of the 16 |
|---|
| 77 | 77 | | completed strategy. 17 |
|---|
| 78 | 78 | | ‘‘(e) T |
|---|
| 79 | 79 | | ERMINATION.—The working group shall termi-18 |
|---|
| 80 | 80 | | nate on the date that is five years after the date of the 19 |
|---|
| 81 | 81 | | enactment of this section.’’. 20 |
|---|
| 82 | 82 | | Æ |
|---|
| 83 | 83 | | VerDate Sep 11 2014 04:16 Oct 01, 2023 Jkt 039200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6301 E:\BILLS\H5786.IH H5786 |
|---|
| 84 | 84 | | kjohnson on DSK7ZCZBW3PROD with $$_JOB |
|---|