[House Report 114-826] [From the U.S. Government Publishing Office] 114th Congress } { Report HOUSE OF REPRESENTATIVES 2d Session } { 114-826 ====================================================================== UNITED STATES-ISRAEL CYBERSECURITY COOPERATION ENHANCEMENT ACT OF 2016 _______ November 15, 2016.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. McCaul, from the Committee on Homeland Security, submitted the following R E P O R T [To accompany H.R. 5843] [Including cost estimate of the Congressional Budget Office] The Committee on Homeland Security, to whom was referred the bill (H.R. 5843) to establish a grant program at the Department of Homeland Security to promote cooperative research and development between the United States and Israel on cybersecurity, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page Purpose and Summary.............................................. 3 Background and Need for Legislation.............................. 3 Hearings......................................................... 4 Committee Consideration.......................................... 4 Committee Votes.................................................. 4 Committee Oversight Findings..................................... 4 New Budget Authority, Entitlement Authority, and Tax Expenditures 4 Congressional Budget Office Estimate............................. 5 Statement of General Performance Goals and Objectives............ 6 Duplicative Federal Programs..................................... 6 Congressional Earmarks, Limited Tax Benefits, and Limited Tariff Benefits....................................................... 6 Federal Mandates Statement....................................... 6 Preemption Clarification......................................... 6 Disclosure of Directed Rule Makings.............................. 6 Advisory Committee Statement..................................... 6 Applicability to Legislative Branch.............................. 6 Section-by-Section Analysis of the Legislation................... 7 Changes in Existing Law Made by the Bill, as Reported............ 7 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE. This Act may be cited as the ``United States-Israel Cybersecurity Cooperation Enhancement Act of 2016''. SEC. 2. UNITED STATES-ISRAEL CYBERSECURITY COOPERATION. (a) Grant Program.-- (1) Establishment.--The Secretary, in accordance with the agreement entitled the ``Agreement between the Government of the United States of America and the Government of the State of Israel on Cooperation in Science and Technology for Homeland Security Matters'', dated May 29, 2008 (or successor agreement), and the requirements specified in paragraph (2), shall establish a grant program at the Department to support-- (A) cybersecurity research and development; and (B) demonstration and commercialization of cybersecurity technology. (2) Requirements.-- (A) Applicability.--Notwithstanding any other provision of law, in carrying out a research, development, demonstration, or commercial application program or activity that is authorized under this section, the Secretary shall require cost sharing in accordance with this paragraph. (B) Research and development.-- (i) In general.--Except as provided in clause (ii), the Secretary shall require not less than 50 percent of the cost of a research, development, demonstration, or commercial application program or activity described in subparagraph (A) to be provided by a non- Federal source. (ii) Reduction.--The Secretary may reduce or eliminate, on a case-by-case basis, the percentage requirement specified in clause (i) if the Secretary determines that such reduction or elimination is necessary and appropriate. (C) Merit review.--In carrying out a research, development, demonstration, or commercial application program or activity that is authorized under this section, awards shall be made only after an impartial review of the scientific and technical merit of the proposals for such awards has been carried out by or for the Department. (D) Review processes.--In carrying out a review under subparagraph (C), the Secretary may use merit review processes developed under section 302(14) of the Homeland Security Act of 2002 (6 U.S.C. 182(14)). (3) Eligible applicants.--An applicant shall be eligible to receive a grant under this subsection if the project of such applicant-- (A) addresses a requirement in the area of cybersecurity research or cybersecurity technology, as determined by the Secretary; and (B) is a joint venture between-- (i)(I) a for-profit business entity, academic institution, National Laboratory (as defined in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801)), or nonprofit entity in the United States; and (II) a for-profit business entity, academic institution, or nonprofit entity in Israel; or (ii)(I) the Federal Government; and (II) the Government of Israel. (4) Applications.--To be eligible to receive a grant under this subsection, an applicant shall submit to the Secretary an application for such grant in accordance with procedures established by the Secretary, in consultation with the advisory board established under paragraph (5). (5) Advisory board.-- (A) Establishment.--The Secretary shall establish an advisory board to-- (i) monitor the method by which grants are awarded under this subsection; and (ii) provide to the Secretary periodic performance reviews of actions taken to carry out this subsection. (B) Composition.--The advisory board established under subparagraph (A) shall be composed of three members, to be appointed by the Secretary, of whom-- (i) one shall be a representative of the Federal Government; (ii) one shall be selected from a list of nominees provided by the United States-Israel Binational Science Foundation; and (iii) one shall be selected from a list of nominees provided by the United States-Israel Binational Industrial Research and Development Foundation. (6) Contributed funds.--Notwithstanding any other provision of law, the Secretary may accept, retain, and use funds contributed by any person, government entity, or organization for purposes of carrying out this subsection-- (A) without further appropriation; and (B) without fiscal year limitation. (7) Report.--Not later than 180 days after the date of completion of a project for which a grant is provided under this subsection, the grant recipient shall submit to the Secretary a report that contains-- (A) a description of how the grant funds were used by the recipient; and (B) an evaluation of the level of success of each project funded by the grant. (8) Classification.--Grants shall be awarded under this subsection only for projects that are considered to be unclassified by both the United States and Israel. (b) Termination.--The grant program and the advisory committee established under this section terminate on the date that is seven years after the date of the enactment of this Act. (c) Prohibition on Additional Funding.--No additional funds are authorized to be appropriated to carry out this Act. (d) Definitions.--In this section-- (1) the term ``cybersecurity research'' means research, including social science research, into ways to identify, protect against, detect, respond to, and recover from cybersecurity threats; (2) the term ``cybersecurity technology'' means technology intended to identify, protect against, detect, respond to, and recover from cybersecurity threats; (3) the term ``cybersecurity threat'' has the meaning given such term in section 102 of the Cybersecurity Information Sharing Act of 2015 (enacted as title I of the Cybersecurity Act of 2015 (division N of the Consolidated Appropriations Act, 2016 (Public Law 114-113))); (4) the term ``Department'' means the Department of Homeland Security; and (5) the term ``Secretary'' means the Secretary of Homeland Security. PURPOSE AND SUMMARY H.R. 5843 the United States-Israel Cybersecurity Cooperation Enhancement Act of 2016 authorizes the Secretary of Homeland Security to carry out a grant program at the U.S. Department of Homeland Security (DHS) to support cybersecurity research and development and the demonstration and commercialization of cybersecurity technologies with the State of Israel. Additionally, H.R. 5843 requires cost sharing (with at least 50 percent of program costs provided by a non-Federal source) but the requirement may be reduced or waived by the Secretary of DHS on a case-by-case basis. Funds may be contributed to the grant program by any person, government entity or organization. The Secretary must utilize an advisory board to oversee and monitor the grants that are awarded and report to Congress on the use of grant funds. BACKGROUND AND NEED FOR LEGISLATION Currently, the United States and Israel are parties to an ``Agreement on Cooperation in Science and Technology for Homeland Security Matters.'' The Agreement, which covers mutual interest in research, development, testing and evaluation relating to homeland security, authorizes the Under Secretary of Science and Technology to initiate, encourage, develop and facilitate bilateral Cooperative Activities with the State of Israel in a myriad of homeland security-related science and technology capabilities.\1\ H.R. 5843 builds on this established relationship between the U.S. and Israel. --------------------------------------------------------------------------- \1\Agreement between the Government of the United States of America and the Government of the State of Israel on Cooperation in Science and Technology for Homeland Security Matters. May 29, 2008. Accessed at: https://www.dhs.gov/xlibrary/assets/ agreement_us_israel_sciencetech_cooperation_2008-05-29.pdf. --------------------------------------------------------------------------- In particular, H.R. 5843 encourages innovation responsive to homeland security needs. The pace of change in the cybersecurity landscape--from increasing use of vulnerable technologies to more sophisticated threat actors--requires enhanced cybersecurity research and development. Protecting critical networks will require commercialization of products for the national security market as well as a better understanding of the human element of cybersecurity through social science research. As two leading destinations for private cybersecurity investment\2\, both the United States and Israel have the capacity to address national cybersecurity challenges. Collaborative activities leverage the existing infrastructure in both countries to drive original solutions to shared security concerns in this new domain. --------------------------------------------------------------------------- \2\Reed, J. (2016, January 12). Israel cyber-security expertise lures growing share of investment. The Financial Times. Retrieved from https://www.ft.com/content/dfa5c916-b90e-11e5-b151-8e15c9a029fb. --------------------------------------------------------------------------- HEARINGS No hearings were held on H.R. 5843 in the 114th Congress. COMMITTEE CONSIDERATION The Committee met on September 13, 2016, to consider H.R. 5843, and ordered the measure to be reported to the House with a favorable recommendation, as amended, by voice vote. The Committee took the following actions: The following amendment was offered: An Amendment in the Nature of a Substitute offered by Mr. Langevin (#1); was AGREED TO by voice vote. COMMITTEE VOTES Clause 3(b) of rule XIII of the Rules of the House of Representatives requires the Committee to list the recorded votes on the motion to report legislation and amendments thereto. No recorded votes were requested during consideration of H.R. 5843. COMMITTEE OVERSIGHT FINDINGS Pursuant to clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the Committee has held oversight hearings and made findings that are reflected in this report. NEW BUDGET AUTHORITY, ENTITLEMENT AUTHORITY, AND TAX EXPENDITURES In compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee finds that H.R. 5843, the United States-Israel Cybersecurity Cooperation Enhancement Act of 2016, would result in no new or increased budget authority, entitlement authority, or tax expenditures or revenues. CONGRESSIONAL BUDGET OFFICE ESTIMATE The Committee adopts as its own the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974. U.S. Congress, Congressional Budget Office, Washington, DC, September 23, 2016. Hon. Michael McCaul, Chairman, Committee on Homeland Security, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 5843, the United States-Israel Cybersecurity Cooperation Enhancement Act of 2016. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Mark Grabowicz. Sincerely, Mark P. Hadley (for Keith Hall). Enclosure. H.R. 5843--United States-Israel Cybersecurity Cooperation Enhancement Act of 2016 H.R. 5843 would direct the Department of Homeland Security (DHS) to establish a grant program to support cybersecurity research and development and the commercialization of cybersecurity technology over a seven-year period. Grant recipients would have to initiate joint ventures that would include both U.S. and Israeli participants (such as academic institutions). Based on information from DHS about the potential scope of the program and its relationship with other cybersecurity research being done at DHS, CBO estimates that the new grant program would cost about $1 million annually; such spending would be subject to the availability of appropriated funds. Enacting H.R. 5843 could affect direct spending if non- federal partners contribute funds for DHS to provide cybersecurity grants; therefore, pay-as-you-go procedures do apply. However, the net effect of collecting and spending those contributions would be negligible. Enacting H.R. 5843 would not affect revenues. CBO estimates that enacting H.R. 5843 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2027. H.R. 5843 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act. Academic institutions would benefit from grants established in the bill for cybersecurity research and technology commercialization. Any costs incurred, including matching contributions, would result from complying with conditions of federal assistance. The CBO staff contact for this estimate is Mark Grabowicz. The estimate was approved by H. Samuel Papenfuss, Deputy Assistant Director for Budget Analysis. STATEMENT OF GENERAL PERFORMANCE GOALS AND OBJECTIVES Pursuant to clause 3(c)(4) of rule XIII of the Rules of the House of Representatives, H.R. 5843 contains the following general performance goals and objectives, including outcome related goals and objectives authorized. This legislation authorizes the Secretary of Homeland Security to carry out a grant program at the Department of Homeland Security to support cybersecurity research and development and the demonstration and commercialization of cybersecurity technologies with the State of Israel. DUPLICATIVE FEDERAL PROGRAMS Pursuant to clause 3(c) of rule XIII, the Committee finds that H.R. 5843 does not contain any provision that establishes or reauthorizes a program known to be duplicative of another Federal program. CONGRESSIONAL EARMARKS, LIMITED TAX BENEFITS, AND LIMITED TARIFF BENEFITS In compliance with rule XXI of the Rules of the House of Representatives, this bill, as reported, contains no congressional earmarks, limited tax benefits, or limited tariff benefits as defined in clause 9(e), 9(f), or 9(g) of the rule XXI. FEDERAL MANDATES STATEMENT The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. PREEMPTION CLARIFICATION In compliance with section 423 of the Congressional Budget Act of 1974, requiring the report of any Committee on a bill or joint resolution to include a statement on the extent to which the bill or joint resolution is intended to preempt State, local, or Tribal law, the Committee finds that H.R. 5843 does not preempt any State, local, or Tribal law. DISCLOSURE OF DIRECTED RULE MAKINGS The Committee estimates that H.R. 5843 would require no directed rule makings. ADVISORY COMMITTEE STATEMENT No advisory committees within the meaning of section 5(b) of the Federal Advisory Committee Act were created by this legislation. APPLICABILITY TO LEGISLATIVE BRANCH The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. SECTION-BY-SECTION ANALYSIS OF THE LEGISLATION Section 1. Short title This section provides that this bill may be cited as the ``United States-Israel Cybersecurity Cooperation Enhancement Act of 2016''. Sec. 2. United States-Israel cybersecurity cooperation This section establishes a grant program at the U.S. Department of Homeland Security (DHS) to support cybersecurity research and development and demonstration and commercialization of cybersecurity technologies. This grant program is in accordance with the ``Agreement between the Government of the United States and the Government of the State of Israel on Cooperation in Science and Technology for Homeland Security Matters'' signed on May 29, 2008 or any successor agreement. This section defines cost sharing as one of the requirements of the grant program. Under those requirements the Secretary shall require cost sharing at not less than 50 percent to be provided by a non-Federal source. The Secretary may reduce or waive the percentage requirement on a case-by- case basis. This section also requires grant awards to be made only after an impartial review of the scientific and technical merit of the proposals, but allows the Secretary to utilize the merit review processes developed under section 302(14) of the Homeland Security Act of 2002.\3\ --------------------------------------------------------------------------- \3\Codified at 6 U.S.C. 182(14) (requiring the Under Secretary for Science and Technology to develop and oversee the administration of guidelines for merit review of research and development throughout DHS). --------------------------------------------------------------------------- This section also defines an eligible applicant as one which addresses a requirement in the arena of ``cybersecurity research'' or ``cybersecurity technology'' (as defined in the proposed legislation) and is comprised of either: 1) a U.S. non-governmental and an Israeli non-governmental entity; or 2) the Governments of the United States and Israel. In order to be eligible for a grant the applicant must submit an application to the Secretary, who will consult with an advisory board charged with monitoring the method by which grants are awarded. The advisory board shall be comprised of a member of the Federal Government, a selectee from the United States-Israel Binational Science Foundation and a selectee from the United States-Israel Binational Industrial Research and Development Foundation. This section further outlines the reporting requirements grant recipients must meet within 180 days of completing a grant-funded project and requires all projects to be unclassified. Lastly, this section specifies that the grant program and advisory committee established herein shall terminate seven years from the date of enactment and authorizes no additional funds to carry out this program. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED As reported, H.R. 5843 makes no changes to existing law. [all]