Us Congress 2023-2024 Regular Session

Us Congress Senate Bill SB903 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	II
2	2	118THCONGRESS
3	3	1
4	4	STSESSION S. 903
5	5	To require the Secretary of the Army to carry out a pilot project to establish
6	6	a Civilian Cybersecurity Reserve, and for other purposes.
7	7	IN THE SENATE OF THE UNITED STATES
8	8	MARCH21, 2023
9	9	Ms. R
10	10	OSEN(for herself and Mrs. BLACKBURN) introduced the following bill;
11	11	which was read twice and referred to the Committee on Armed Services
12	12	A BILL
13	13	To require the Secretary of the Army to carry out a pilot
14	14	project to establish a Civilian Cybersecurity Reserve, and
15	15	for other purposes.
16	16	Be it enacted by the Senate and House of Representa-1
17	17	tives of the United States of America in Congress assembled, 2
18	18	SECTION 1. SHORT TITLE. 3
19	19	This Act may be cited as the ‘‘Department of Defense 4
20	20	Civilian Cybersecurity Reserve Act’’. 5
21	21	SEC. 2. CIVILIAN CYBERSECURITY RESERVE PILOT 6
22	22	PROJECT. 7
23	23	(a) D
24	24	EFINITIONS.—In this Act: 8
25	25	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
26	26	kjohnson on DSK79L0C42PROD with BILLS 2
27	27	•S 903 IS
28	28	(1) APPROPRIATE CONGRESSIONAL COMMIT -1
29	29	TEES.—The term ‘‘appropriate congressional com-2
30	30	mittees’’ means— 3
31	31	(A) the Committee on Homeland Security 4
32	32	and Governmental Affairs of the Senate; 5
33	33	(B) the Committee on Armed Services of 6
34	34	the Senate; 7
35	35	(C) the Committee on Homeland Security 8
36	36	of the House of Representatives; and 9
37	37	(D) the Committee on Armed Services of 10
38	38	the House of Representatives. 11
39	39	(2) C
40	40	OMPETITIVE SERVICE.—The term ‘‘com-12
41	41	petitive service’’ has the meaning given the term in 13
42	42	section 2102 of title 5, United States Code. 14
43	43	(3) E
44	44	XCEPTED SERVICE.—The term ‘‘excepted 15
45	45	service’’ has the meaning given the term in section 16
46	46	2103 of title 5, United States Code. 17
47	47	(4) T
48	48	EMPORARY POSITION .—The term ‘‘tem-18
49	49	porary position’’ means a position in the competitive 19
50	50	or excepted service for a period of 180 days or less. 20
51	51	(b) P
52	52	ILOTPROJECT.— 21
53	53	(1) I
54	54	N GENERAL.—The Secretary of the Army 22
55	55	shall carry out a pilot project to establish a Civilian 23
56	56	Cybersecurity Reserve. 24
57	57	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
58	58	kjohnson on DSK79L0C42PROD with BILLS 3
59	59	•S 903 IS
60	60	(2) PURPOSE.—The purpose of the Civilian Cy-1
61	61	bersecurity Reserve is to enable the Army to provide 2
62	62	manpower to the United States Cyber Command to 3
63	63	effectively— 4
64	64	(A) preempt, defeat, deter, or respond to 5
65	65	malicious cyber activity; 6
66	66	(B) conduct cyberspace operations; 7
67	67	(C) secure information and systems of the 8
68	68	Department of Defense against malicious cyber 9
69	69	activity; and 10
70	70	(D) assist in solving cyber workforce-re-11
71	71	lated challenges. 12
72	72	(3) A
73	73	LTERNATIVE METHODS .—Consistent with 13
74	74	section 4703 of title 5, United States Code, in car-14
75	75	rying out the pilot project required under paragraph 15
76	76	(1), the Secretary may, without further authoriza-16
77	77	tion from the Office of Personnel Management, pro-17
78	78	vide for alternative methods of— 18
79	79	(A) establishing qualifications require-19
80	80	ments for, recruitment of, and appointment to 20
81	81	positions; and 21
82	82	(B) classifying positions. 22
83	83	(4) A
84	84	PPOINTMENTS.—Under the pilot project 23
85	85	required under paragraph (1), in order to fulfill the 24
86	86	purpose under paragraph (2), the Secretary— 25
87	87	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
88	88	kjohnson on DSK79L0C42PROD with BILLS 4
89	89	•S 903 IS
90	90	(A) may activate members of the Civilian 1
91	91	Cybersecurity Reserve by— 2
92	92	(i) noncompetitively appointing mem-3
93	93	bers of the Civilian Cybersecurity Reserve 4
94	94	to temporary positions in the competitive 5
95	95	service; or 6
96	96	(ii) appointing members of the Civil-7
97	97	ian Cybersecurity Reserve to temporary po-8
98	98	sitions in the excepted service; 9
99	99	(B) shall notify Congress whenever a mem-10
100	100	ber is activated under subparagraph (A); and 11
101	101	(C) may appoint not more than 50 mem-12
102	102	bers to the Civilian Cybersecurity Reserve 13
103	103	under subparagraph (A) at any time. 14
104	104	(5) S
105	105	TATUS AS EMPLOYEES .—An individual ap-15
106	106	pointed under paragraph (4) shall be considered a 16
107	107	Federal civil service employee under section 2105 of 17
108	108	title 5, United States Code. 18
109	109	(6) A
110	110	DDITIONAL EMPLOYEES .—Individuals ap-19
111	111	pointed under paragraph (4) shall be in addition to 20
112	112	any employees of the United States Cyber Command 21
113	113	who provide cybersecurity services. 22
114	114	(7) E
115	115	MPLOYMENT PROTECTIONS .—The Sec-23
116	116	retary of Labor shall prescribe such regulations as 24
117	117	necessary to ensure the reemployment, continuation 25
118	118	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
119	119	kjohnson on DSK79L0C42PROD with BILLS 5
120	120	•S 903 IS
121	121	of benefits, and non-discrimination in reemployment 1
122	122	of individuals appointed under paragraph (4), pro-2
123	123	vided that such regulations shall include, at a min-3
124	124	imum, those rights and obligations set forth under 4
125	125	chapter 43 of title 38, United States Code. 5
126	126	(8) S
127	127	TATUS IN RESERVE .—During the period 6
128	128	beginning on the date on which an individual is re-7
129	129	cruited to serve in the Civilian Cybersecurity Reserve 8
130	130	and ending on the date on which the individual is 9
131	131	appointed under paragraph (4), and during any pe-10
132	132	riod in between any such appointments, the indi-11
133	133	vidual shall not be considered a Federal employee. 12
134	134	(c) E
135	135	LIGIBILITY; APPLICATION ANDSELECTION.— 13
136	136	(1) I
137	137	N GENERAL.—Under the pilot project re-14
138	138	quired under subsection (b)(1), the Secretary of the 15
139	139	Army shall establish criteria for— 16
140	140	(A) individuals to be eligible for the Civil-17
141	141	ian Cybersecurity Reserve; and 18
142	142	(B) the application and selection processes 19
143	143	for the Civilian Cybersecurity Reserve. 20
144	144	(2) R
145	145	EQUIREMENTS FOR INDIVIDUALS .—The 21
146	146	criteria established under paragraph (1)(A) with re-22
147	147	spect to an individual shall include— 23
148	148	(A) if the individual has previously served 24
149	149	as a member of the Civilian Cybersecurity Re-25
150	150	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
151	151	kjohnson on DSK79L0C42PROD with BILLS 6
152	152	•S 903 IS
153	153	serve, that the previous appointment ended not 1
154	154	less than 60 days before the individual may be 2
155	155	appointed for a subsequent temporary position 3
156	156	in the Civilian Cybersecurity Reserve; and 4
157	157	(B) cybersecurity expertise. 5
158	158	(3) P
159	159	RESCREENING.—The Secretary shall— 6
160	160	(A) conduct a prescreening of each indi-7
161	161	vidual prior to appointment under subsection 8
162	162	(b)(4) for any topic or product that would cre-9
163	163	ate a conflict of interest; and 10
164	164	(B) require each individual appointed 11
165	165	under subsection (b)(4) to notify the Secretary 12
166	166	if a potential conflict of interest arises during 13
167	167	the appointment. 14
168	168	(4) A
169	169	GREEMENT REQUIRED .—An individual 15
170	170	may become a member of the Civilian Cybersecurity 16
171	171	Reserve only if the individual enters into an agree-17
172	172	ment with the Secretary to become such a member, 18
173	173	which shall set forth the rights and obligations of 19
174	174	the individual and the Army. 20
175	175	(5) E
176	176	XCEPTION FOR CONTINUING MILITARY 21
177	177	SERVICE COMMITMENTS .—A member of the Selected 22
178	178	Reserve under section 10143 of title 10, United 23
179	179	States Code, may not be a member of the Civilian 24
180	180	Cybersecurity Reserve. 25
181	181	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
182	182	kjohnson on DSK79L0C42PROD with BILLS 7
183	183	•S 903 IS
184	184	(6) PROHIBITION.—Any individual who is an 1
185	185	employee of the executive branch may not be re-2
186	186	cruited or appointed to serve in the Civilian Cyberse-3
187	187	curity Reserve. 4
188	188	(d) S
189	189	ECURITYCLEARANCES.— 5
190	190	(1) I
191	191	N GENERAL.—The Secretary of the Army 6
192	192	shall ensure that all members of the Civilian Cyber-7
193	193	security Reserve undergo the appropriate personnel 8
194	194	vetting and adjudication commensurate with the du-9
195	195	ties of the position, including a determination of eli-10
196	196	gibility for access to classified information where a 11
197	197	security clearance is necessary, according to applica-12
198	198	ble policy and authorities. 13
199	199	(2) C
200	200	OST OF SPONSORING CLEARANCES .—If a 14
201	201	member of the Civilian Cybersecurity Reserve re-15
202	202	quires a security clearance in order to carry out the 16
203	203	duties of the member, the Army shall be responsible 17
204	204	for the cost of sponsoring the security clearance of 18
205	205	the member. 19
206	206	(e) I
207	207	MPLEMENTATION PLAN.— 20
208	208	(1) I
209	209	N GENERAL.—Not later than 180 days 21
210	210	after the date on which the Secretary of Defense 22
211	211	submits to the Committee on Armed Services of the 23
212	212	Senate and the Committee on Armed Services of the 24
213	213	House of Representatives the report required under 25
214	214	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
215	215	kjohnson on DSK79L0C42PROD with BILLS 8
216	216	•S 903 IS
217	217	section 1540(d)(2) of the James M. Inhofe National 1
218	218	Defense Authorization Act for Fiscal Year 2023 2
219	219	(Public Law 117–263) on the feasibility and advis-3
220	220	ability of creating and maintaining a civilian cyber-4
221	221	security reserve corps, the Secretary of the Army 5
222	222	shall— 6
223	223	(A) submit to the appropriate congres-7
224	224	sional committees an implementation plan for 8
225	225	the pilot project required under subsection 9
226	226	(b)(1); and 10
227	227	(B) provide to the appropriate congres-11
228	228	sional committees a briefing on the implementa-12
229	229	tion plan. 13
230	230	(2) P
231	231	ROHIBITION.—The Secretary of the Army 14
232	232	may not take any action to begin implementation of 15
233	233	the pilot project required under subsection (b)(1) 16
234	234	until the Secretary fulfills the requirements under 17
235	235	paragraph (1). 18
236	236	(f) P
237	237	ROJECTGUIDANCE.—Not later than two years 19
238	238	after the date of the enactment of this Act, the Secretary 20
239	239	of the Army shall, in consultation with the Office of Per-21
240	240	sonnel Management and the Office of Government Ethics, 22
241	241	issue guidance establishing and implementing the pilot 23
242	242	project required under subsection (b)(1). 24
243	243	(g) B
244	244	RIEFINGS ANDREPORT.— 25
245	245	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
246	246	kjohnson on DSK79L0C42PROD with BILLS 9
247	247	•S 903 IS
248	248	(1) BRIEFINGS.—Not later than one year after 1
249	249	the date on which the guidance required under sub-2
250	250	section (f) is issued, and every year thereafter until 3
251	251	the date on which the pilot project required under 4
252	252	subsection (b)(1) terminates under subsection (i), 5
253	253	the Secretary of the Army shall provide to the ap-6
254	254	propriate congressional committees a briefing on ac-7
255	255	tivities carried out under the pilot project, includ-8
256	256	ing— 9
257	257	(A) participation in the Civilian Cybersecu-10
258	258	rity Reserve, including the number of partici-11
259	259	pants, the diversity of participants, and any 12
260	260	barriers to recruitment or retention of mem-13
261	261	bers; 14
262	262	(B) an evaluation of the ethical require-15
263	263	ments of the pilot project; 16
264	264	(C) whether the Civilian Cybersecurity Re-17
265	265	serve has been effective in providing additional 18
266	266	capacity to the Army; and 19
267	267	(D) an evaluation of the eligibility require-20
268	268	ments for the pilot project. 21
269	269	(2) R
270	270	EPORT.—Not earlier than 180 days and 22
271	271	not later than 90 days before the date on which the 23
272	272	pilot project required under subsection (b)(1) termi-24
273	273	nates under subsection (i), the Secretary shall sub-25
274	274	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
275	275	kjohnson on DSK79L0C42PROD with BILLS 10
276	276	•S 903 IS
277	277	mit to the appropriate congressional committees a 1
278	278	report and provide a briefing on recommendations 2
279	279	relating to the pilot project, including recommenda-3
280	280	tions for— 4
281	281	(A) whether the pilot project should be 5
282	282	modified, extended in duration, or established 6
283	283	as a permanent program, and if so, an appro-7
284	284	priate scope for the program; 8
285	285	(B) how to attract participants, ensure a 9
286	286	diversity of participants, and address any bar-10
287	287	riers to recruitment or retention of members of 11
288	288	the Civilian Cybersecurity Reserve; 12
289	289	(C) the ethical requirements of the pilot 13
290	290	project and the effectiveness of mitigation ef-14
291	291	forts to address any conflict of interest con-15
292	292	cerns; and 16
293	293	(D) an evaluation of the eligibility require-17
294	294	ments for the pilot project. 18
295	295	(h) E
296	296	VALUATION.—Not later than three years after 19
297	297	the pilot project required under subsection (b)(1) is estab-20
298	298	lished, the Comptroller General of the United States 21
299	299	shall— 22
300	300	(1) conduct a study evaluating the pilot project; 23
301	301	and 24
302	302	(2) submit to Congress— 25
303	303	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\S903.IS S903
304	304	kjohnson on DSK79L0C42PROD with BILLS 11
305	305	•S 903 IS
306	306	(A) a report on the results of the study; 1
307	307	and 2
308	308	(B) a recommendation with respect to 3
309	309	whether the pilot project should be modified. 4
310	310	(i) S
311	311	UNSET.—The pilot project required under sub-5
312	312	section (b)(1) shall terminate on the date that is four 6
313	313	years after the date on which the pilot project is estab-7
314	314	lished. 8
315	315	(j) N
316	316	OADDITIONALFUNDS.— 9
317	317	(1) I
318	318	N GENERAL.—No additional funds are au-10
319	319	thorized to be appropriated for the purpose of car-11
320	320	rying out this Act. 12
321	321	(2) E
322	322	XISTING AUTHORIZED AMOUNTS .—Funds 13
323	323	to carry out this Act may, as provided in advance in 14
324	324	appropriations Acts, only come from amounts au-15
325	325	thorized to be appropriated to the Army. 16
326	326	Æ
327	327	VerDate Sep 11 2014 01:00 Mar 31, 2023 Jkt 039200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6301 E:\BILLS\S903.IS S903
328	328	kjohnson on DSK79L0C42PROD with BILLS