(a) Definitions.—In this section:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Homeland Security and Governmental Affairs of the Senate;

(C) the Committee on Homeland Security of the House of Representatives;

(D) the Committee on Foreign Relations of the Senate; and

(E) the Committee on Foreign Affairs of the House of Representatives.

(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:

(A) The majority leader of the Senate.

(B) The minority leader of the Senate.

(C) The Speaker of the House of Representatives.

(D) The minority leader of the House of Representatives.

(3) STATE.—The term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

(b) Report required.—Not later than 60 days after the date of the enactment of this Act, the Under Secretary of Homeland Security for Intelligence and Analysis shall submit to congressional leadership and the appropriate congressional committees a report on cyber attacks and attempted cyber attacks by foreign governments on United States election infrastructure in States and localities in connection with the 2016 Presidential election in the United States and such cyber attacks or attempted cyber attacks as the Under Secretary anticipates against such infrastructure. Such report shall identify the States and localities affected and shall include cyber attacks and attempted cyber attacks against voter registration databases, voting machines, voting-related computer networks, and the networks of Secretaries of State and other election officials of the various States.

(c) Form.—The report submitted under subsection (b) shall be submitted in unclassified form, but may include a classified annex.

(a) Review required.—Not later than 1 year after the date of the enactment of this Act, the Director of National Intelligence shall—

(1) complete an after action review of the posture of the intelligence community to collect against and analyze efforts of the Government of Russia to interfere in the 2016 Presidential election in the United States; and

(2) submit to the congressional intelligence committees a report on the findings of the Director with respect to such review.

(b) Elements.—The review required by subsection (a) shall include, with respect to the posture and efforts described in paragraph (1) of such subsection, the following:

(1) An assessment of whether the resources of the intelligence community were properly aligned to detect and respond to the efforts described in subsection (a)(1).

(2) An assessment of the information sharing that occurred within elements of the intelligence community.

(3) An assessment of the information sharing that occurred between elements of the intelligence community.

(4) An assessment of applicable authorities necessary to collect on any such efforts and any deficiencies in those authorities.

(5) A review of the use of open source material to inform analysis and warning of such efforts.

(6) A review of the use of alternative and predictive analysis.

(c) Form of report.—The report required by subsection (a)(2) shall be submitted to the congressional intelligence committees in a classified form.

(a) Definitions.—In this section:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Homeland Security and Governmental Affairs of the Senate; and

(C) the Committee on Homeland Security of the House of Representatives.

(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:

(A) The majority leader of the Senate.

(B) The minority leader of the Senate.

(C) The Speaker of the House of Representatives.

(D) The minority leader of the House of Representatives.

(3) SECURITY VULNERABILITY.—The term “security vulnerability” has the meaning given such term in section 102 of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1501).

(b) In general.—The Director of National Intelligence, in coordination with the Director of the Central Intelligence Agency, the Director of the National Security Agency, the Director of the Federal Bureau of Investigation, the Secretary of Homeland Security, and the heads of other relevant elements of the intelligence community, shall—

(1) commence not later than 1 year before any regularly scheduled Federal election occurring after December 31, 2018, and complete not later than 180 days before such election, an assessment of security vulnerabilities of State election systems; and

(2) not later than 180 days before any regularly scheduled Federal election occurring after December 31, 2018, submit a report on such security vulnerabilities and an assessment of foreign intelligence threats to the election to—

(A) congressional leadership; and

(B) the appropriate congressional committees.

(c) Update.—Not later than 90 days before any regularly scheduled Federal election occurring after December 31, 2018, the Director of National Intelligence shall—

(1) update the assessment of foreign intelligence threats to that election; and

(2) submit the updated assessment to—

(A) congressional leadership; and

(B) the appropriate congressional committees.

(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means the following:

(1) The congressional intelligence committees.

(2) The Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate.

(3) The Committee on Armed Services and the Committee on Homeland Security of the House of Representatives.

(4) The Committee on Foreign Relations of the Senate.

(5) The Committee on Foreign Affairs of the House of Representatives.

(b) Requirement for a strategy.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Secretary of Homeland Security, the Director of the Federal Bureau of Investigation, the Director of the Central Intelligence Agency, the Secretary of State, the Secretary of Defense, and the Secretary of the Treasury, shall develop a whole-of-government strategy for countering the threat of Russian cyber attacks and attempted cyber attacks against electoral systems and processes in the United States, including Federal, State, and local election systems, voter registration databases, voting tabulation equipment, and equipment and processes for the secure transmission of election results.

(c) Elements of the strategy.—The strategy required by subsection (b) shall include the following elements:

(1) A whole-of-government approach to protecting United States electoral systems and processes that includes the agencies and departments indicated in subsection (b) as well as any other agencies and departments of the United States, as determined appropriate by the Director of National Intelligence and the Secretary of Homeland Security.

(2) Input solicited from Secretaries of State of the various States and the chief election officials of the States.

(3) Technical security measures, including auditable paper trails for voting machines, securing wireless and internet connections, and other technical safeguards.

(4) Detection of cyber threats, including attacks and attempted attacks by Russian government or nongovernment cyber threat actors.

(5) Improvements in the identification and attribution of Russian government or nongovernment cyber threat actors.

(6) Deterrence, including actions and measures that could or should be undertaken against or communicated to the Government of Russia or other entities to deter attacks against, or interference with, United States election systems and processes.

(7) Improvements in Federal Government communications with State and local election officials.

(8) Public education and communication efforts.

(9) Benchmarks and milestones to enable the measurement of concrete steps taken and progress made in the implementation of the strategy.

(d) Congressional briefing.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence and the Secretary of Homeland Security shall jointly brief the appropriate congressional committees on the strategy developed under subsection (b).

(a) Russian influence campaign defined.—In this section, the term “Russian influence campaign” means any effort, covert or overt, and by any means, attributable to the Russian Federation directed at an election, referendum, or similar process in a country other than the Russian Federation or the United States.

(b) Assessment required.—Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report containing an analytical assessment of the most significant Russian influence campaigns, if any, conducted during the 3-year period preceding the date of the enactment of this Act, as well as the most significant current or planned such Russian influence campaigns, if any. Such assessment shall include—

(1) a summary of such significant Russian influence campaigns, including, at a minimum, the specific means by which such campaigns were conducted, are being conducted, or likely will be conducted, as appropriate, and the specific goal of each such campaign;

(2) a summary of any defenses against or responses to such Russian influence campaigns by the foreign state holding the elections or referenda;

(3) a summary of any relevant activities by elements of the intelligence community undertaken for the purpose of assisting the government of such foreign state in defending against or responding to such Russian influence campaigns; and

(4) an assessment of the effectiveness of such defenses and responses described in paragraphs (2) and (3).

(c) Form.—The report required by subsection (b) may be submitted in classified form, but if so submitted, shall contain an unclassified summary.

(a) Reports required.—

(1) IN GENERAL.—As provided in paragraph (2), for each Federal election, the Director of National Intelligence, in coordination with the Under Secretary of Homeland Security for Intelligence and Analysis and the Director of the Federal Bureau of Investigation, shall make publicly available on an internet website an advisory report on foreign counterintelligence and cybersecurity threats to election campaigns for Federal offices. Each such report shall include, consistent with the protection of sources and methods, each of the following:

(A) A description of foreign counterintelligence and cybersecurity threats to election campaigns for Federal offices.

(B) A summary of best practices that election campaigns for Federal offices can employ in seeking to counter such threats.

(C) An identification of any publicly available resources, including United States Government resources, for countering such threats.

(2) SCHEDULE FOR SUBMITTAL.—A report under this subsection shall be made available as follows:

(A) In the case of a report regarding an election held for the office of Senator or Member of the House of Representatives during 2018, not later than the date that is 60 days after the date of the enactment of this Act.

(B) In the case of a report regarding an election for a Federal office during any subsequent year, not later than the date that is 1 year before the date of the election.

(3) INFORMATION TO BE INCLUDED.—A report under this subsection shall reflect the most current information available to the Director of National Intelligence regarding foreign counterintelligence and cybersecurity threats.

(b) Treatment of campaigns subject to heightened threats.—If the Director of the Federal Bureau of Investigation and the Under Secretary of Homeland Security for Intelligence and Analysis jointly determine that an election campaign for Federal office is subject to a heightened foreign counterintelligence or cybersecurity threat, the Director and the Under Secretary, consistent with the protection of sources and methods, may make available additional information to the appropriate representatives of such campaign.

(a) State defined.—In this section, the term “State” means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, and any territory or possession of the United States.

(b) Security clearances.—

(1) IN GENERAL.—Not later than 30 days after the date of the enactment of this Act, the Director of National Intelligence shall support the Under Secretary of Homeland Security for Intelligence and Analysis, and any other official of the Department of Homeland Security designated by the Secretary of Homeland Security, in sponsoring a security clearance up to the top secret level for each eligible chief election official of a State or the District of Columbia, and additional eligible designees of such election official as appropriate, at the time that such election official assumes such position.

(2) INTERIM CLEARANCES.—Consistent with applicable policies and directives, the Director of National Intelligence may issue interim clearances, for a period to be determined by the Director, to a chief election official as described in paragraph (1) and up to 1 designee of such official under such paragraph.

(c) Information sharing.—

(1) IN GENERAL.—The Director of National Intelligence shall assist the Under Secretary of Homeland Security for Intelligence and Analysis and the Under Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and other related programs of the Department (as specified in section 103(a)(1)(H) of the Homeland Security Act of 2002 (6 U.S.C. 113(a)(1)(H))) with sharing any appropriate classified information related to threats to election systems and to the integrity of the election process with chief election officials and such designees who have received a security clearance under subsection (b).

(2) COORDINATION.—The Under Secretary of Homeland Security for Intelligence and Analysis shall coordinate with the Director of National Intelligence and the Under Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and other related programs of the Department (as specified in section 103(a)(1)(H) of the Homeland Security Act of 2002 (6 U.S.C. 113(a)(1)(H))) to facilitate the sharing of information to the affected Secretaries of State or States.

(a) Definitions.—In this section:

(1) ACTIVE MEASURES CAMPAIGN.—The term “active measures campaign” means a foreign semi-covert or covert intelligence operation.

(2) CANDIDATE, ELECTION, AND POLITICAL PARTY.—The terms “candidate”, “election”, and “political party” have the meanings given those terms in section 301 of the Federal Election Campaign Act of 1971 (52 U.S.C. 30101).

(3) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:

(A) The majority leader of the Senate.

(B) The minority leader of the Senate.

(C) The Speaker of the House of Representatives.

(D) The minority leader of the House of Representatives.

(4) CYBER INTRUSION.—The term “cyber intrusion” means an electronic occurrence that actually or imminently jeopardizes, without lawful authority, electronic election infrastructure, or the integrity, confidentiality, or availability of information within such infrastructure.

(5) ELECTRONIC ELECTION INFRASTRUCTURE.—The term “electronic election infrastructure” means an electronic information system of any of the following that is related to an election for Federal office:

(A) The Federal Government.

(B) A State or local government.

(C) A political party.

(D) The election campaign of a candidate.

(6) FEDERAL OFFICE.—The term “Federal office” has the meaning given that term in section 301 of the Federal Election Campaign Act of 1971 (52 U.S.C. 30101).

(7) HIGH CONFIDENCE.—The term “high confidence”, with respect to a determination, means that the determination is based on high-quality information from multiple sources.

(8) MODERATE CONFIDENCE.—The term “moderate confidence”, with respect to a determination, means that a determination is credibly sourced and plausible but not of sufficient quality or corroborated sufficiently to warrant a higher level of confidence.

(9) OTHER APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “other appropriate congressional committees” means—

(A) the Committee on Armed Services, the Committee on Homeland Security and Governmental Affairs, and the Committee on Appropriations of the Senate; and

(B) the Committee on Armed Services, the Committee on Homeland Security, and the Committee on Appropriations of the House of Representatives.

(b) Determinations of significant foreign cyber intrusions and active measures campaigns.—The Director of National Intelligence, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security shall jointly carry out subsection (c) if such Directors and the Secretary jointly determine—

(1) that on or after the date of the enactment of this Act, a significant foreign cyber intrusion or active measures campaign intended to influence an upcoming election for any Federal office has occurred or is occurring; and

(2) with moderate or high confidence, that such intrusion or campaign can be attributed to a foreign state or to a foreign nonstate person, group, or other entity.

(c) Briefing.—

(1) IN GENERAL.—Not later than 14 days after making a determination under subsection (b), the Director of National Intelligence, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security shall jointly provide a briefing to the congressional leadership, the congressional intelligence committees and, consistent with the protection of sources and methods, the other appropriate congressional committees. The briefing shall be classified and address, at a minimum, the following:

(A) A description of the significant foreign cyber intrusion or active measures campaign, as the case may be, covered by the determination.

(B) An identification of the foreign state or foreign nonstate person, group, or other entity, to which such intrusion or campaign has been attributed.

(C) The desirability and feasibility of the public release of information about the cyber intrusion or active measures campaign.

(D) Any other information such Directors and the Secretary jointly determine appropriate.

(2) ELECTRONIC ELECTION INFRASTRUCTURE BRIEFINGS.—With respect to a significant foreign cyber intrusion covered by a determination under subsection (b), the Secretary of Homeland Security, in consultation with the Director of National Intelligence and the Director of the Federal Bureau of Investigation, shall offer to the owner or operator of any electronic election infrastructure directly affected by such intrusion, a briefing on such intrusion, including steps that may be taken to mitigate such intrusion. Such briefing may be classified and made available only to individuals with appropriate security clearances.

(3) PROTECTION OF SOURCES AND METHODS.—This subsection shall be carried out in a manner that is consistent with the protection of sources and methods.

(a) In general.—The Director of National Intelligence shall designate a national counterintelligence officer within the National Counterintelligence and Security Center to lead, manage, and coordinate counterintelligence matters relating to election security.

(b) Additional responsibilities.—The person designated under subsection (a) shall also lead, manage, and coordinate counterintelligence matters relating to risks posed by interference from foreign powers (as defined in section 101 of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801)) to the following:

(1) The Federal Government election security supply chain.

(2) Election voting systems and software.

(3) Voter registration databases.

(4) Critical infrastructure related to elections.

(5) Such other Government goods and services as the Director of National Intelligence considers appropriate.

In this title:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Armed Services of the Senate;

(C) the Committee on Appropriations of the Senate;

(D) the Committee on Homeland Security and Governmental Affairs of the Senate;

(E) the Committee on Armed Services of the House of Representatives;

(F) the Committee on Appropriations of the House of Representatives;

(G) the Committee on Homeland Security of the House of Representatives; and

(H) the Committee on Oversight and Reform of the House of Representatives.

(2) APPROPRIATE INDUSTRY PARTNERS.—The term “appropriate industry partner” means a contractor, licensee, or grantee (as defined in section 101(a) of Executive Order 12829 (50 U.S.C. 3161 note; relating to National Industrial Security Program)) that is participating in the National Industrial Security Program established by such Executive order.

(3) CONTINUOUS VETTING.—The term “continuous vetting” has the meaning given such term in Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for government employment, fitness for contractor employees, and eligibility for access to classified national security information).

(4) COUNCIL.—The term “Council” means the Security, Suitability, and Credentialing Performance Accountability Council established pursuant to such Executive order, or any successor entity.

(5) SECURITY EXECUTIVE AGENT.—The term “Security Executive Agent” means the officer serving as the Security Executive Agent pursuant to section 803 of the National Security Act of 1947, as added by section 605.

(6) SUITABILITY AND CREDENTIALING EXECUTIVE AGENT.—The term “Suitability and Cre­den­tial­ing Executive Agent” means the Director of the Office of Personnel Management acting as the Suitability and Credentialing Executive Agent in accordance with Executive Order 13467 (50 U.S.C. 3161 note; relating to reforming processes related to suitability for government employment, fitness for contractor employees, and eligibility for access to classified national security information), or any successor entity.

(a) Sense of Congress.—It is the sense of Congress that—

(1) ensuring the trustworthiness and security of the workforce, facilities, and information of the Federal Government is of the highest priority to national security and public safety;

(2) the President and Congress should pri­or­i­tize the modernization of the personnel security framework to improve its efficiency, effectiveness, and accountability;

(3) the current system for security clearance, suitability and fitness for employment, and credentialing lacks efficiencies and capabilities to meet the current threat environment, recruit and retain a trusted workforce, and capitalize on modern technologies; and

(4) changes to policies or processes to improve this system should be vetted through the Council to ensure standardization, portability, and reciprocity in security clearances across the Federal Government.

(b) Accountability plans and reports.—

(1) PLANS.—Not later than 90 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners the following:

(A) A plan, with milestones, to reduce the background investigation inventory to 200,000, or an otherwise sustainable steady-level, by the end of year 2020. Such plan shall include notes of any required changes in investigative and adjudicative standards or resources.

(B) A plan to consolidate the conduct of background investigations associated with the processing for security clearances in the most effective and efficient manner between the National Background Investigation Bureau and the Defense Security Service, or a successor organization. Such plan shall address required funding, personnel, contracts, information technology, field office structure, policy, governance, schedule, transition costs, and effects on stakeholders.

(2) REPORT ON THE FUTURE OF PERSONNEL SECURITY.—

(A) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report on the future of personnel security to reflect changes in threats, the workforce, and technology.

(B) CONTENTS.—The report submitted under subparagraph (A) shall include the following:

(i) A risk framework for granting and renewing access to classified information.

(ii) A discussion of the use of technologies to prevent, detect, and monitor threats.

(iii) A discussion of efforts to address reciprocity and portability.

(iv) A discussion of the characteristics of effective insider threat programs.

(v) An analysis of how to integrate data from continuous evaluation, insider threat programs, and human resources data.

(vi) Recommendations on interagency governance.

(3) PLAN FOR IMPLEMENTATION.—Not later than 180 days after the date of the enactment of this Act, the Chairman of the Council, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to implement the report’s framework and recommendations submitted under paragraph (2)(A).

(4) CONGRESSIONAL NOTIFICATIONS.—Not less frequently than quarterly, the Security Executive Agent shall make available to the public a report regarding the status of the disposition of requests received from departments and agencies of the Federal Government for a change to, or approval under, the Federal investigative standards, the national adjudicative guidelines, continuous evaluation, or other national policy regarding personnel security.

(a) Reviews.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent, in coordination with the members of the Council, shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that includes the following:

(1) A review of whether the information requested on the Questionnaire for National Security Positions (Standard Form 86) and by the Federal Investigative Standards prescribed by the Office of Personnel Management and the Office of the Director of National Intelligence appropriately supports the adjudicative guidelines under Security Executive Agent Directive 4 (known as the “National Security Adjudicative Guidelines”). Such review shall include identification of whether any such information currently collected is unnecessary to support the adjudicative guidelines.

(2) An assessment of whether such questionnaire, standards, and guidelines should be revised to account for the prospect of a holder of a security clearance becoming an insider threat.

(3) Recommendations to improve the background investigation process by—

(A) simplifying the Questionnaire for National Security Positions (Standard Form 86) and increasing customer support to applicants completing such questionnaire;

(B) using remote techniques and centralized locations to support or replace field investigation work;

(C) using secure and reliable digitization of information obtained during the clearance process;

(D) building the capacity of the background investigation labor sector; and

(E) replacing periodic reinvestigations with continuous evaluation techniques in all appropriate circumstances.

(b) Policy, strategy, and implementation.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the members of the Council, establish the following:

(1) A policy and implementation plan for the issuance of interim security clearances.

(2) A policy and implementation plan to ensure contractors are treated consistently in the security clearance process across agencies and departments of the United States as compared to employees of such agencies and departments. Such policy shall address—

(A) prioritization of processing security clearances based on the mission the contractors will be performing;

(B) standardization in the forms that agencies issue to initiate the process for a security clearance;

(C) digitization of background investigation-related forms;

(D) use of the polygraph;

(E) the application of the adjudicative guidelines under Security Executive Agent Directive 4 (known as the “National Security Adjudicative Guidelines”);

(F) reciprocal recognition of clearances across agencies and departments of the United States, regardless of status of periodic reinvestigation;

(G) tracking of clearance files as individuals move from employment with an agency or department of the United States to employment in the private sector;

(H) collection of timelines for movement of contractors across agencies and departments;

(I) reporting on security incidents and job performance, consistent with section 552a of title 5, United States Code (commonly known as the “Privacy Act of 1974”), that may affect the ability to hold a security clearance;

(J) any recommended changes to the Federal Acquisition Regulations (FAR) necessary to ensure that information affecting contractor clearances or suitability is appropriately and expeditiously shared between and among agencies and contractors; and

(K) portability of contractor security clearances between or among contracts at the same agency and between or among contracts at different agencies that require the same level of clearance.

(3) A strategy and implementation plan that—

(A) provides for periodic reinvestigations as part of a security clearance determination only on an as-needed, risk-based basis;

(B) includes actions to assess the extent to which automated records checks and other continuous evaluation methods may be used to expedite or focus reinvestigations; and

(C) provides an exception for certain populations if the Security Executive Agent—

(i) determines such populations require reinvestigations at regular intervals; and

(ii) provides written justification to the appropriate congressional committees for any such determination.

(4) A policy and implementation plan for agencies and departments of the United States, as a part of the security clearance process, to accept automated records checks generated pursuant to a security clearance applicant’s employment with a prior employer.

(5) A policy for the use of certain background materials on individuals collected by the private sector for background investigation purposes.

(6) Uniform standards for agency continuous evaluation programs to ensure quality and reciprocity in accepting enrollment in a continuous vetting program as a substitute for a periodic investigation for continued access to classified information.

(a) Reciprocity defined.—In this section, the term “reciprocity” means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.

(b) In general.—The Council shall reform the security clearance process with the objective that, by December 31, 2021, 90 percent of all determinations, other than determinations regarding populations identified under section 603(b)(3)(C), regarding—

(1) security clearances—

(A) at the secret level are issued in 30 days or fewer; and

(B) at the top secret level are issued in 90 days or fewer; and

(2) reciprocity of security clearances at the same level are recognized in 2 weeks or fewer.

(c) Certain reinvestigations.—The Council shall reform the security clearance process with the goal that by December 31, 2021, reinvestigation on a set periodicity is not required for more than 10 percent of the population that holds a security clearance.

(d) Equivalent metrics.—

(1) IN GENERAL.—If the Council develops a set of performance metrics that it certifies to the appropriate congressional committees should achieve substantially equivalent outcomes as those outlined in subsections (b) and (c), the Council may use those metrics for purposes of compliance within this provision.

(2) NOTICE.—If the Council uses the authority provided by paragraph (1) to use metrics as described in such paragraph, the Council shall, not later than 30 days after communicating such metrics to departments and agencies, notify the appropriate congressional committees that it is using such authority.

(e) Plan.—Not later than 180 days after the date of the enactment of this Act, the Council shall submit to the appropriate congressional committees and make available to appropriate industry partners a plan to carry out this section. Such plan shall include recommended interim milestones for the goals set forth in subsections (b) and (c) for 2019, 2020, and 2021.

(a) In general.—Title VIII of the National Security Act of 1947 (50 U.S.C. 3161 et seq.) is amended—

(1) by redesignating sections 803 and 804 as sections 804 and 805, respectively; and

(2) by inserting after section 802 the following:

(b) Report on recommendations for revising authorities.—Not later than 30 days after the date on which the Chairman of the Council submits to the appropriate congressional committees the report required by section 602(b)(2)(A), the Chairman shall submit to the appropriate congressional committees such recommendations as the Chairman may have for revising the authorities of the Security Executive Agent.

(c) Conforming amendment.—Section 103H(j)(4)(A) of such Act (50 U.S.C. 3033(j)(4)(A)) is amended by striking “in section 804” and inserting “in section 805”.

(d) Clerical amendment.—The table of contents in the matter preceding section 2 of such Act (50 U.S.C. 3002) is amended by striking the items relating to sections 803 and 804 and inserting the following:

“Sec. 803. Security Executive Agent.
“Sec. 804. Exceptions.
“Sec. 805. Definitions.”.

Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent, in coordination with the other members of the Council, shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a report regarding the advisability and the risks, benefits, and costs to the Government and to industry of consolidating to not more than 3 tiers for positions of trust and security clearances.

(a) Sense of Congress.—It is the sense of Congress that to reflect the greater mobility of the modern workforce, alternative methodologies merit analysis to allow greater flexibility for individuals moving in and out of positions that require access to classified information, while still preserving security.

(b) Report required.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent shall submit to the appropriate congressional committees and make available to appropriate industry partners a report that describes the requirements, feasibility, and advisability of implementing a clearance in person concept described in subsection (c).

(c) Clearance in person concept.—The clearance in person concept—

(1) permits an individual who once held a security clearance to maintain his or her eligibility for access to classified information, networks, and facilities for up to 3 years after the individual’s eligibility for access to classified information would otherwise lapse; and

(2) recognizes, unless otherwise directed by the Security Executive Agent, an individual’s security clearance and background investigation as current, regardless of employment status, contingent on enrollment in a continuous vetting program.

(d) Contents.—The report required under subsection (b) shall address—

(1) requirements for an individual to voluntarily remain in a continuous evaluation program validated by the Security Executive Agent even if the individual is not in a position requiring access to classified information;

(2) appropriate safeguards for privacy;

(3) advantages to government and industry;

(4) the costs and savings associated with implementation;

(5) the risks of such implementation, including security and counterintelligence risks;

(6) an appropriate funding model; and

(7) fairness to small companies and independent contractors.

(a) In general.—As part of the fiscal year 2020 budget request submitted to Congress pursuant to section 1105(a) of title 31, United States Code, the President shall include exhibits that identify the resources expended by each agency during the prior fiscal year for processing background investigations and continuous evaluation programs, disaggregated by tier and whether the individual was a Government employee or contractor.

(b) Contents.—Each exhibit submitted under subsection (a) shall include details on—

(1) the costs of background investigations or reinvestigations;

(2) the costs associated with background investigations for Government or contract personnel;

(3) costs associated with continuous evaluation initiatives monitoring for each person for whom a background investigation or reinvestigation was conducted, other than costs associated with adjudication;

(4) the average per person cost for each type of background investigation; and

(5) a summary of transfers and re­pro­gram­mings that were executed in the previous year to support the processing of security clearances.

(a) Reciprocally recognized defined.—In this section, the term “reciprocally recognized” means reciprocal recognition by Federal departments and agencies of eligibility for access to classified information.

(b) Reports to Security Executive Agent.—The head of each Federal department or agency shall submit an annual report to the Security Executive Agent that—

(1) identifies the number of individuals whose security clearances take more than 2 weeks to be reciprocally recognized after such individuals move to another part of such department or agency; and

(2) breaks out the information described in paragraph (1) by type of clearance and the reasons for any delays.

(c) Annual report.—Not less frequently than once each year, the Security Executive Agent shall submit to the appropriate congressional committees and make available to industry partners an annual report that summarizes the information received pursuant to subsection (b) during the period covered by such report.

Section 506H of the National Security Act of 1947 (50 U.S.C. 3104) is amended—

(1) in subsection (a)(1)—

(A) in subparagraph (A)(ii), by adding “and” at the end;

(B) in subparagraph (B)(ii), by striking “; and” and inserting a period; and

(C) by striking subparagraph (C);

(2) by redesignating subsection (b) as subsection (c);

(3) by inserting after subsection (a) the following:

“(b) Intelligence community reports.— (1) (A) Not later than March 1 of each year, the Director of National Intelligence shall submit a report to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, the Committee on Homeland Security of the House of Representatives, and the Committee on Oversight and Reform of the House of Representatives regarding the security clearances processed by each element of the intelligence community during the preceding fiscal year.

“(B) The Director shall submit to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives such portions of the report submitted under subparagraph (A) as the Director determines address elements of the intelligence community that are within the Department of Defense.

“(C) Each report submitted under this paragraph shall separately identify security clearances processed for Federal employees and contractor employees sponsored by each such element.

“(2) Each report submitted under paragraph (1)(A) shall include, for each element of the intelligence community for the fiscal year covered by the report, the following:

“(A) The total number of initial security clearance background investigations sponsored for new applicants.

“(B) The total number of security clearance periodic reinvestigations sponsored for existing employees.

“(C) The total number of initial security clearance background investigations for new applicants that were adjudicated with notice of a determination provided to the prospective applicant, including—

“(i) the total number of such adjudications that were adjudicated favorably and granted access to classified information; and

“(ii) the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.

“(D) The total number of security clearance periodic background investigations that were adjudicated with notice of a determination provided to the existing employee, including—

“(i) the total number of such adjudications that were adjudicated favorably; and

“(ii) the total number of such adjudications that were adjudicated unfavorably and resulted in a denial or revocation of a security clearance.

“(E) The total number of pending security clearance background investigations, including initial applicant investigations and periodic reinvestigations, that were not adjudicated as of the last day of such year and that remained pending, categorized as follows:

“(i) For 180 days or shorter.

“(ii) For longer than 180 days, but shorter than 12 months.

“(iii) For 12 months or longer, but shorter than 18 months.

“(iv) For 18 months or longer, but shorter than 24 months.

“(v) For 24 months or longer.

“(F) For any security clearance determinations completed or pending during the year preceding the year for which the report is submitted that have taken longer than 12 months to complete—

“(i) an explanation of the causes for the delays incurred during the period covered by the report; and

“(ii) the number of such delays involving a polygraph requirement.

“(G) The percentage of security clearance investigations, including initial and periodic reinvestigations, that resulted in a denial or revocation of a security clearance.

“(H) The percentage of security clearance investigations that resulted in incomplete information.

“(I) The percentage of security clearance investigations that did not result in enough information to make a decision on potentially adverse information.

“(3) The report required under this subsection shall be submitted in unclassified form, but may include a classified annex.”; and

(4) in subsection (c), as redesignated, by striking “subsection (a)(1)” and inserting “subsections (a)(1) and (b)”.

Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 5 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a report that reviews the intelligence community for which positions can be conducted without access to classified information, networks, or facilities, or may only require a security clearance at the secret level.

(a) Program required.—

(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Cre­den­tial­ing Executive Agent shall establish and implement a program to share between and among agencies of the Federal Government and industry partners of the Federal Government relevant background information regarding individuals applying for and currently occupying national security positions and positions of trust, in order to ensure the Federal Government maintains a trusted workforce.

(2) DESIGNATION.—The program established under paragraph (1) shall be known as the “Trusted Information Provider Program” (in this section referred to as the “Program”).

(b) Privacy safeguards.—The Security Executive Agent and the Suitability and Credentialing Executive Agent shall ensure that the Program includes such safeguards for privacy as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate.

(c) Provision of information to the Federal Government.—The Program shall include requirements that enable investigative service providers and agencies of the Federal Government to leverage certain pre-employment information gathered during the employment or military recruiting process, and other relevant security or human resources information obtained during employment with or for the Federal Government, that satisfy Federal investigative standards, while safeguarding personnel privacy.

(d) Information and records.—The information and records considered under the Program shall include the following:

(1) Date and place of birth.

(2) Citizenship or immigration and naturalization information.

(3) Education records.

(4) Employment records.

(5) Employment or social references.

(6) Military service records.

(7) State and local law enforcement checks.

(8) Criminal history checks.

(9) Financial records or information.

(10) Foreign travel, relatives, or associations.

(11) Social media checks.

(12) Such other information or records as may be relevant to obtaining or maintaining national security, suitability, fitness, or credentialing eligibility.

(e) Implementation plan.—

(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Cre­den­tial­ing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of the Program.

(2) ELEMENTS.—The plan required by paragraph (1) shall include the following:

(A) Mechanisms that address privacy, national security, suitability or fitness, cre­den­tial­ing, and human resources or military recruitment processes.

(B) Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the Program.

(f) Plan for pilot program on two-Way information sharing.—

(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Cre­den­tial­ing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a plan for the implementation of a pilot program to assess the feasibility and advisability of expanding the Program to include the sharing of information held by the Federal Government related to contract personnel with the security office of the employers of those contractor personnel.

(2) ELEMENTS.—The plan required by paragraph (1) shall include the following:

(A) Mechanisms that address privacy, national security, suitability or fitness, cre­den­tial­ing, and human resources or military recruitment processes.

(B) Such recommendations for legislative or administrative action as the Security Executive Agent and the Suitability and Credentialing Executive Agent consider appropriate to carry out or improve the pilot program.

(g) Review.—Not later than 1 year after the date of the enactment of this Act, the Security Executive Agent and the Suitability and Credentialing Executive Agent shall jointly submit to the appropriate congressional committees and make available to appropriate industry partners a review of the plans submitted under subsections (e)(1) and (f)(1) and utility and effectiveness of the programs described in such plans.

Not later than 180 days after the date of the enactment of this Act, the Security Executive Agent shall, in coordination with the Inspector General of the Intelligence Community, submit to the appropriate congressional committees a report detailing the controls employed by the intelligence community to ensure that continuous vetting programs, including those involving user activity monitoring, protect the confidentiality of whistleblower-related communications.

(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means—

(1) the congressional intelligence committees;

(2) the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and

(3) the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives.

(b) Limitation.—

(1) IN GENERAL.—No amount may be expended by the Federal Government, other than the Department of Defense, to enter into or implement any bilateral agreement between the United States and the Russian Federation regarding cybersecurity, including the establishment or support of any cybersecurity unit, unless, at least 30 days prior to the conclusion of any such agreement, the Director of National Intelligence submits to the appropriate congressional committees a report on such agreement that includes the elements required by subsection (c).

(2) DEPARTMENT OF DEFENSE AGREEMENTS.—Any agreement between the Department of Defense and the Russian Federation regarding cybersecurity shall be conducted in accordance with section 1232 of the National Defense Authorization Act for Fiscal Year 2017 (Public Law 114–328), as amended by section 1231 of the National Defense Authorization Act for Fiscal Year 2018 (Public Law 115–91).

(c) Elements.—If the Director submits a report under subsection (b) with respect to an agreement, such report shall include a description of each of the following:

(1) The purpose of the agreement.

(2) The nature of any intelligence to be shared pursuant to the agreement.

(3) The expected value to national security resulting from the implementation of the agreement.

(4) Such counterintelligence concerns associated with the agreement as the Director may have and such measures as the Director expects to be taken to mitigate such concerns.

(d) Rule of construction.—This section shall not be construed to affect any existing authority of the Director of National Intelligence, the Director of the Central Intelligence Agency, or another head of an element of the intelligence community, to share or receive foreign intelligence on a case-by-case basis.

(a) Covered compounds defined.—In this section, the term “covered compounds” means the real property in New York, the real property in Maryland, and the real property in San Francisco, California, that were under the control of the Government of Russia in 2016 and were removed from such control in response to various transgressions by the Government of Russia, including the interference by the Government of Russia in the 2016 election in the United States.

(b) Requirement for report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees, and the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives (only with respect to the unclassified report), a report on the intelligence risks of returning the covered compounds to Russian control.

(c) Form of report.—The report required by this section shall be submitted in classified and unclassified forms.

(a) Threat finance defined.—In this section, the term “threat finance” means—

(1) the financing of cyber operations, global influence campaigns, intelligence service activities, proliferation, terrorism, or transnational crime and drug organizations;

(2) the methods and entities used to spend, store, move, raise, conceal, or launder money or value, on behalf of threat actors;

(3) sanctions evasion; and

(4) other forms of threat finance activity domestically or internationally, as defined by the President.

(b) Report required.—Not later than 60 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Assistant Secretary of the Treasury for Intelligence and Analysis, shall submit to the congressional intelligence committees a report containing an assessment of Russian threat finance. The assessment shall be based on intelligence from all sources, including from the Office of Terrorism and Financial Intelligence of the Department of the Treasury.

(c) Elements.—The report required by subsection (b) shall include each of the following:

(1) A summary of leading examples from the 3-year period preceding the date of the submittal of the report of threat finance activities conducted by, for the benefit of, or at the behest of—

(A) officials of the Government of Russia;

(B) persons subject to sanctions under any provision of law imposing sanctions with respect to Russia;

(C) Russian nationals subject to sanctions under any other provision of law; or

(D) Russian oligarchs or organized criminals.

(2) An assessment with respect to any trends or patterns in threat finance activities relating to Russia, including common methods of conducting such activities and global nodes of money laundering used by Russian threat actors described in paragraph (1) and associated entities.

(3) An assessment of any connections between Russian individuals involved in money laundering and the Government of Russia.

(4) A summary of engagement and coordination with international partners on threat finance relating to Russia, especially in Europe, including examples of such engagement and coordination.

(5) An identification of any resource and collection gaps.

(6) An identification of—

(A) entry points of money laundering by Russian and associated entities into the United States;

(B) any vulnerabilities within the United States legal and financial system, including specific sectors, which have been or could be exploited in connection with Russian threat finance activities; and

(C) the counterintelligence threat posed by Russian money laundering and other forms of threat finance, as well as the threat to the United States financial system and United States efforts to enforce sanctions and combat organized crime.

(7) Any other matters the Director determines appropriate.

(d) Form of report.—The report required under subsection (b) may be submitted in classified form.

(a) Definitions.—In this section:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives; and

(C) the Committee on Foreign Relations of the Senate and the Committee on Foreign Affairs of the House of Representatives.

(2) CONGRESSIONAL LEADERSHIP.—The term “congressional leadership” includes the following:

(A) The majority leader of the Senate.

(B) The minority leader of the Senate.

(C) The Speaker of the House of Representatives.

(D) The minority leader of the House of Representatives.

(b) Requirement for notification.—The Director of National Intelligence, in cooperation with the Director of the Federal Bureau of Investigation and the head of any other relevant agency, shall notify the congressional leadership and the Chairman and Vice Chairman or Ranking Member of each of the appropriate congressional committees, and of other relevant committees of jurisdiction, each time the Director of National Intelligence determines there is credible information that a foreign power has, is, or will attempt to employ a covert influence or active measures campaign with regard to the modernization, employment, doctrine, or force posture of the nuclear deterrent or missile defense.

(c) Content of notification.—Each notification required by subsection (b) shall include information concerning actions taken by the United States to expose or halt an attempt referred to in subsection (b).

In carrying out the advance notification requirements set out in section 502 of the Intelligence Authorization Act for Fiscal Year 2017 (division N of Public Law 115–31; 131 Stat. 825; 22 U.S.C. 254a note), the Secretary of State shall—

(1) ensure that the Russian Federation provides notification to the Secretary of State at least 2 business days in advance of all travel that is subject to such requirements by accredited diplomatic and consular personnel of the Russian Federation in the United States, and take necessary action to secure full compliance by Russian personnel and address any noncompliance; and

(2) provide notice of travel described in paragraph (1) to the Director of National Intelligence and the Director of the Federal Bureau of Investigation within 1 hour of receiving notice of such travel.

(a) Appropriate committees of Congress defined.—In this section, the term “appropriate committees of Congress” means—

(1) the congressional intelligence committees;

(2) the Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate; and

(3) the Committee on Armed Services, Committee on Homeland Security, and the Committee on Oversight and Reform of the House of Representatives.

(b) Report required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the appropriate committees of Congress a report detailing outreach by the intelligence community and the Defense Intelligence Enterprise to United States industrial, commercial, scientific, technical, and academic communities on matters relating to the efforts of adversaries of the United States to acquire critical United States technology, intellectual property, and research and development information.

(c) Contents.—The report required by subsection (b) shall include the following:

(1) A review of the current outreach efforts of the intelligence community and the Defense Intelligence Enterprise described in subsection (b), including the type of information conveyed in the outreach.

(2) A determination of the appropriate element of the intelligence community to lead such outreach efforts.

(3) An assessment of potential methods for improving the effectiveness of such outreach, including an assessment of the following:

(A) Those critical technologies, infrastructure, or related supply chains that are at risk from the efforts of adversaries described in subsection (b).

(B) The necessity and advisability of granting security clearances to company or community leadership, when necessary and appropriate, to allow for tailored classified briefings on specific targeted threats.

(C) The advisability of partnering with entities of the Federal Government that are not elements of the intelligence community and relevant regulatory and industry groups described in subsection (b), to convey key messages across sectors targeted by United States adversaries.

(D) Strategies to assist affected elements of the communities described in subparagraph (C) in mitigating, deterring, and protecting against the broad range of threats from the efforts of adversaries described in subsection (b), with focus on producing information that enables private entities to justify business decisions related to national security concerns.

(E) The advisability of the establishment of a United States Governmentwide task force to coordinate outreach and activities to combat the threats from efforts of adversaries described in subsection (b).

(F) Such other matters as the Director of National Intelligence may consider necessary.

(d) Consultation encouraged.—In preparing the report required by subsection (b), the Director is encouraged to consult with other government agencies, think tanks, academia, representatives of the financial industry, or such other entities as the Director considers appropriate.

(e) Form.—The report required by subsection (b) shall be submitted in unclassified form, but may include a classified annex as necessary.

(a) Definitions.—In this section:

(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—

(A) the Committee on Armed Services, the Committee on Foreign Relations, and the Select Committee on Intelligence of the Senate; and

(B) the Committee on Armed Services, the Committee on Foreign Affairs, and the Permanent Select Committee on Intelligence of the House of Representatives.

(2) ARMS OR RELATED MATERIAL.—The term “arms or related material” means—

(A) nuclear, biological, chemical, or radiological weapons or materials or components of such weapons;

(B) ballistic or cruise missile weapons or materials or components of such weapons;

(C) destabilizing numbers and types of advanced conventional weapons;

(D) defense articles or defense services, as those terms are defined in paragraphs (3) and (4), respectively, of section 47 of the Arms Export Control Act (22 U.S.C. 2794);

(E) defense information, as that term is defined in section 644 of the Foreign Assistance Act of 1961 (22 U.S.C. 2403); or

(F) items designated by the President for purposes of the United States Munitions List under section 38(a)(1) of the Arms Export Control Act (22 U.S.C. 2778(a)(1)).

(b) Report required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the appropriate committees of Congress a report on Iranian support of proxy forces in Syria and Lebanon and the threat posed to Israel, other United States regional allies, and other specified interests of the United States as a result of such support.

(c) Matters for inclusion.—The report required under subsection (b) shall include information relating to the following matters with respect to both the strategic and tactical implications for the United States and its allies:

(1) A description of arms or related materiel transferred by Iran to Hizballah since March 2011, including the number of such arms or related materiel and whether such transfer was by land, sea, or air, as well as financial and additional technological capabilities transferred by Iran to Hizballah.

(2) A description of Iranian and Iranian-controlled personnel, including Hizballah, Shiite militias, and Iran’s Revolutionary Guard Corps forces, operating within Syria, including the number and geographic distribution of such personnel operating within 30 kilometers of the Israeli borders with Syria and Lebanon.

(3) An assessment of Hizballah’s operational lessons learned based on its recent experiences in Syria.

(4) A description of any rocket-producing facilities in Lebanon for nonstate actors, including whether such facilities were assessed to be built at the direction of Hizballah leadership, Iranian leadership, or in consultation between Iranian leadership and Hizballah leadership.

(5) An analysis of the foreign and domestic supply chains that significantly facilitate, support, or otherwise aid Hizballah’s acquisition or development of missile production facilities, including the geographic distribution of such foreign and domestic supply chains.

(6) An assessment of the provision of goods, services, or technology transferred by Iran or its affiliates to Hizballah to indigenously manufacture or otherwise produce missiles.

(7) An identification of foreign persons that are based on credible information, facilitating the transfer of significant financial support or arms or related materiel to Hizballah.

(8) A description of the threat posed to Israel and other United States allies in the Middle East by the transfer of arms or related material or other support offered to Hizballah and other proxies from Iran.

(d) Form of report.—The report required under subsection (b) shall be submitted in unclassified form, but may include a classified annex.

(a) Annual report required.—Not later than 90 days after the date of the enactment of this Act and not less frequently than once each year thereafter, the Director of National Intelligence shall submit to Congress a report describing Iranian expenditures in the previous calendar year on military and terrorist activities outside the country, including each of the following:

(1) The amount spent in such calendar year on activities by the Islamic Revolutionary Guard Corps, including activities providing support for—

(A) Hizballah;

(B) Houthi rebels in Yemen;

(C) Hamas;

(D) proxy forces in Iraq and Syria; or

(E) any other entity or country the Director determines to be relevant.

(2) The amount spent in such calendar year for ballistic missile research and testing or other activities that the Director determines are destabilizing to the Middle East region.

(b) Form.—The report required under subsection (a) shall be submitted in unclassified form, but may include a classified annex.

(a) Scope of committee To counter active measures.—

(1) IN GENERAL.—Section 501 of the Intelligence Authorization Act for Fiscal Year 2017 (Public Law 115–31; 50 U.S.C. 3001 note) is amended—

(A) in subsections (a) through (h)—

(i) by inserting “, the People's Republic of China, the Islamic Republic of Iran, the Democratic People's Republic of Korea, or other nation state” after “Russian Federation” each place it appears; and

(ii) by inserting “, China, Iran, North Korea, or other nation state” after “Russia” each place it appears; and

(B) in the section heading, by inserting “, the People's Republic of China, the Islamic Republic of Iran, the Democratic People's Republic of Korea, or other nation state” after “Russian Federation”.

(2) CLERICAL AMENDMENT.—The table of contents in section 1(b) of such Act is amended by striking the item relating to section 501 and inserting the following new item:

“Sec. 501. Committee to counter active measures by the Russian Federation, the People's Republic of China, the Islamic Republic of Iran, the Democratic People's Republic of Korea, and other nation states to exert covert influence over peoples and governments.”.

(b) Report required.—

(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with such elements of the intelligence community as the Director considers relevant, shall submit to the congressional intelligence committees a report on the feasibility and advisability of establishing a center, to be known as the “Foreign Malign Influence Response Center”, that—

(A) is comprised of analysts from all appropriate elements of the intelligence community, including elements with related diplomatic and law enforcement functions;

(B) has access to all intelligence and other reporting acquired by the United States Government on foreign efforts to influence, through overt and covert malign activities, United States political processes and elections;

(C) provides comprehensive assessment, and indications and warning, of such activities; and

(D) provides for enhanced dissemination of such assessment to United States policy makers.

(2) CONTENTS.—The Report required by paragraph (1) shall include the following:

(A) A discussion of the desirability of the establishment of such center and any barriers to such establishment.

(B) Such recommendations and other matters as the Director considers appropriate.

Section 11001(d) of title 5, United States Code, is amended—

(1) in the subsection heading, by striking “Audit” and inserting “Review”;

(2) in paragraph (1), by striking “audit” and inserting “review”; and

(3) in paragraph (2), by striking “audit” and inserting “review”.

(a) Definitions.—In this section:

(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—

(A) the congressional intelligence committees;

(B) the Committee on Homeland Security and Governmental Affairs of the Senate; and

(C) the Committee on Homeland Security of the House of Representatives.

(2) HOMELAND SECURITY INTELLIGENCE ENTERPRISE.—The term “Homeland Security Intelligence Enterprise” has the meaning given such term in Department of Homeland Security Instruction Number 264–01–001, or successor authority.

(b) Report required.—Not later than 120 days after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Under Secretary of Homeland Security for Intelligence and Analysis, shall submit to the appropriate committees of Congress a report on the authorities of the Under Secretary.

(c) Elements.—The report required by subsection (b) shall include each of the following:

(1) An analysis of whether the Under Secretary has the legal and policy authority necessary to organize and lead the Homeland Security Intelligence Enterprise, with respect to intelligence, and, if not, a description of—

(A) the obstacles to exercising the authorities of the Chief Intelligence Officer of the Department and the Homeland Security Intelligence Council, of which the Chief Intelligence Officer is the chair; and

(B) the legal and policy changes necessary to effectively coordinate, organize, and lead intelligence activities of the Department of Homeland Security.

(2) A description of the actions that the Secretary has taken to address the inability of the Under Secretary to require components of the Department, other than the Office of Intelligence and Analysis of the Department to—

(A) coordinate intelligence programs; and

(B) integrate and standardize intelligence products produced by such other components.

(a) Report.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the potential establishment of a fully voluntary exchange program between elements of the intelligence community and private technology companies under which—

(1) an employee of an element of the intelligence community with demonstrated expertise and work experience in cybersecurity or related disciplines may elect to be temporarily detailed to a private technology company that has elected to receive the detailee; and

(2) an employee of a private technology company with demonstrated expertise and work experience in cybersecurity or related disciplines may elect to be temporarily detailed to an element of the intelligence community that has elected to receive the detailee.

(b) Elements.—The report under subsection (a) shall include the following:

(1) An assessment of the feasibility of establishing the exchange program described in such subsection.

(2) Identification of any challenges in establishing the exchange program.

(3) An evaluation of the benefits to the intelligence community that would result from the exchange program.

(a) Review of whistleblower matters.—The Inspector General of the Intelligence Community, in consultation with the inspectors general for the Central Intelligence Agency, the National Security Agency, the National Geospatial-Intelligence Agency, the Defense Intelligence Agency, and the National Reconnaissance Office, shall conduct a review of the authorities, policies, investigatory standards, and other practices and procedures relating to intelligence community whistleblower matters, with respect to such inspectors general.

(b) Objective of review.—The objective of the review required under subsection (a) is to identify any discrepancies, inconsistencies, or other issues, which frustrate the timely and effective reporting of intelligence community whistleblower matters to appropriate inspectors general and to the congressional intelligence committees, and the fair and expeditious investigation and resolution of such matters.

(c) Conduct of review.—The Inspector General of the Intelligence Community shall take such measures as the Inspector General determines necessary in order to ensure that the review required by subsection (a) is conducted in an independent and objective fashion.

(d) Report.—Not later than 270 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a written report containing the results of the review required under subsection (a), along with recommendations to improve the timely and effective reporting of intelligence community whistleblower matters to inspectors general and to the congressional intelligence committees and the fair and expeditious investigation and resolution of such matters.

(a) Report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in consultation with the heads of the elements of the intelligence community determined appropriate by the Director, shall submit to the congressional intelligence committees a report on the role of the Director in preparing analytic materials in connection with the evaluation by the Federal Government of national security risks associated with potential foreign investments into the United States.

(b) Elements.—The report under subsection (a) shall include—

(1) a description of the current process for the provision of the analytic materials described in subsection (a);

(2) an identification of the most significant benefits and drawbacks of such process with respect to the role of the Director, including the sufficiency of resources and personnel to prepare such materials; and

(3) recommendations to improve such process.

(a) Appropriate congressional committees defined.—In this section, the term “appropriate congressional committees” means the following:

(1) The congressional intelligence committees.

(2) The Committee on the Judiciary and the Committee on Homeland Security and Governmental Affairs of the Senate.

(3) The Committee on the Judiciary and the Committee on Homeland Security of the House of Representatives.

(b) Report.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall, in coordination with the Director of the Central Intelligence Agency, the Director of the National Security Agency, the Director of the Federal Bureau of Investigation, and the Secretary of Homeland Security, submit to the appropriate congressional committees a report describing—

(1) any attempts known to the intelligence community by foreign governments to exploit cybersecurity vulnerabilities in United States telecommunications networks (including Signaling System No. 7) to target for surveillance United States persons, including employees of the Federal Government; and

(2) any actions, as of the date of the enactment of this Act, taken by the intelligence community to protect agencies and personnel of the United States Government from surveillance conducted by foreign governments.

(a) Intelligence community interagency working group.—

(1) REQUIREMENT TO ESTABLISH.—The Director of National Intelligence shall establish an intelligence community interagency working group to prepare the biennial reports required by subsection (b).

(2) CHAIRPERSON.—The Director of National Intelligence shall serve as the chairperson of such interagency working group.

(3) MEMBERSHIP.—Such interagency working group shall be composed of representatives of each element of the intelligence community that the Director of National Intelligence determines appropriate.

(b) Biennial report on foreign investment risks.—

(1) REPORT REQUIRED.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 2 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives a report on foreign investment risks prepared by the interagency working group established under subsection (a).

(2) ELEMENTS.—Each report required by paragraph (1) shall include identification, analysis, and explanation of the following:

(A) Any current or projected major threats to the national security of the United States with respect to foreign investment.

(B) Any strategy used by a foreign country that such interagency working group has identified to be a country of special concern to use foreign investment to target the acquisition of critical technologies, critical materials, or critical infrastructure.

(C) Any economic espionage efforts directed at the United States by a foreign country, particularly such a country of special concern.

Section 502(d)(2) of the Intelligence Authorization Act for Fiscal Year 2017 (Public Law 115–31) is amended by striking “the number” and inserting “a best estimate”.

(a) In general.—Title XI of the National Security Act of 1947 (50 U.S.C. 3231 et seq.) is amended by adding at the end the following new section:

(b) Clerical amendment.—The table of contents in the first section of the National Security Act of 1947 is amended by inserting after the item relating to section 1104 the following new item:

“Sec. 1105. Semiannual reports on investigations of unauthorized disclosures of classified information.”.

(a) Covered intelligence officer defined.—In this section, the term “covered intelligence officer” means—

(1) a United States intelligence officer serving in a post in a foreign country; or

(2) a known or suspected foreign intelligence officer serving in a United States post.

(b) Requirement for reports.—Not later than 72 hours after a covered intelligence officer is designated as a persona non grata, the Director of National Intelligence, in consultation with the Secretary of State, shall submit to the congressional intelligence committees, the Committee on Foreign Relations of the Senate, and the Committee on Foreign Affairs of the House of Representatives a notification of that designation. Each such notification shall include—

(1) the date of the designation;

(2) the basis for the designation; and

(3) a justification for the expulsion.

(a) Definitions.—In this section:

(1) VULNERABILITIES EQUITIES POLICY AND PROCESS DOCUMENT.—The term “Vulnerabilities Equities Policy and Process document” means the executive branch document entitled “Vulnerabilities Equities Policy and Process” dated November 15, 2017.

(2) VULNERABILITIES EQUITIES PROCESS.—The term “Vulnerabilities Equities Process” means the interagency review of vulnerabilities, pursuant to the Vulnerabilities Equities Policy and Process document or any successor document.

(3) VULNERABILITY.—The term “vulnerability” means a weakness in an information system or its components (for example, system security procedures, hardware design, and internal controls) that could be exploited or could affect confidentiality, integrity, or availability of information.

(b) Reports on process and criteria under Vulnerabilities Equities Policy and Process.—

(1) IN GENERAL.—Not later than 90 days after the date of the enactment of this Act, the Director of National Intelligence shall submit to the congressional intelligence committees a written report describing—

(A) with respect to each element of the intelligence community—

(i) the title of the official or officials responsible for determining whether, pursuant to criteria contained in the Vul­ner­a­bil­i­ties Equities Policy and Process document or any successor document, a vulnerability must be submitted for review under the Vulnerabilities Equities Process; and

(ii) the process used by such element to make such determination; and

(B) the roles or responsibilities of that element during a review of a vulnerability submitted to the Vulnerabilities Equities Process.

(2) CHANGES TO PROCESS OR CRITERIA.—Not later than 30 days after any significant change is made to the process and criteria used by any element of the intelligence community for determining whether to submit a vulnerability for review under the Vulnerabilities Equities Process, such element shall submit to the congressional intelligence committees a report describing such change.

(3) FORM OF REPORTS.—Each report submitted under this subsection shall be submitted in unclassified form, but may include a classified annex.

(c) Annual reports.—

(1) IN GENERAL.—Not less frequently than once each calendar year, the Director of National Intelligence shall submit to the congressional intelligence committees a classified report containing, with respect to the previous year—

(A) the number of vulnerabilities submitted for review under the Vulnerabilities Equities Process;

(B) the number of vulnerabilities described in subparagraph (A) disclosed to each vendor responsible for correcting the vulnerability, or to the public, pursuant to the Vulnerabilities Equities Process; and

(C) the aggregate number, by category, of the vulnerabilities excluded from review under the Vulnerabilities Equities Process, as described in paragraph 5.4 of the Vulnerabilities Equities Policy and Process document.

(2) UNCLASSIFIED INFORMATION.—Each report submitted under paragraph (1) shall include an unclassified appendix that contains—

(A) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process; and

(B) the aggregate number of vulnerabilities disclosed to vendors or the public pursuant to the Vulnerabilities Equities Process known to have been patched.

(3) NON-DUPLICATION.—The Director of National Intelligence may forgo submission of an annual report required under this subsection for a calendar year, if the Director notifies the intelligence committees in writing that, with respect to the same calendar year, an annual report required by paragraph 4.3 of the Vulnerabilities Equities Policy and Process document already has been submitted to Congress, and such annual report contains the information that would otherwise be required to be included in an annual report under this subsection.

(a) Reports required.—Not later than October 1, 2019, each Inspector General listed in subsection (b) shall submit to the congressional intelligence committees a report that includes, with respect to the department or agency of the Inspector General, analyses of the following:

(1) The accuracy of the application of classification and handling markers on a representative sample of finished reports, including such reports that are compartmented.

(2) Compliance with declassification procedures.

(3) The effectiveness of processes for identifying topics of public or historical importance that merit prioritization for a declassification review.

(b) Inspectors General listed.—The Inspectors General listed in this subsection are as follows:

(1) The Inspector General of the Intelligence Community.

(2) The Inspector General of the Central Intelligence Agency.

(3) The Inspector General of the National Security Agency.

(4) The Inspector General of the Defense Intelligence Agency.

(5) The Inspector General of the National Reconnaissance Office.

(6) The Inspector General of the National Geospatial-Intelligence Agency.

(a) Reports on global water insecurity and national security implications.—

(1) REPORTS REQUIRED.—Not later than 180 days after the date of the enactment of this Act and not less frequently than once every 5 years thereafter, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the implications of water insecurity on the national security interest of the United States, including consideration of social, economic, agricultural, and environmental factors.

(2) ASSESSMENT SCOPE AND FOCUS.—Each report submitted under paragraph (1) shall include an assessment of water insecurity described in such subsection with a global scope, but focus on areas of the world—

(A) of strategic, economic, or humanitarian interest to the United States—

(i) that are, as of the date of the report, at the greatest risk of instability, conflict, human insecurity, or mass displacement; or

(ii) where challenges relating to water insecurity are likely to emerge and become significant during the 5-year or the 20-year period beginning on the date of the report; and

(B) where challenges relating to water insecurity are likely to imperil the national security interests of the United States or allies of the United States.

(3) CONSULTATION.—In researching a report required by paragraph (1), the Director shall consult with—

(A) such stakeholders within the intelligence community, the Department of Defense, and the Department of State as the Director considers appropriate; and

(B) such additional Federal agencies and persons in the private sector as the Director considers appropriate.

(4) FORM.—Each report submitted under paragraph (1) shall be submitted in unclassified form, but may include a classified annex.

(b) Briefing on emerging infectious disease and pandemics.—

(1) APPROPRIATE CONGRESSIONAL COMMITTEES DEFINED.—In this subsection, the term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Foreign Affairs, the Committee on Armed Services, and the Committee on Appropriations of the House of Representatives; and

(C) the Committee on Foreign Relations, the Committee on Armed Services, and the Committee on Appropriations of the Senate.

(2) BRIEFING.—Not later than 120 days after the date of the enactment of this Act, the Director of National Intelligence shall provide to the appropriate congressional committees a briefing on the anticipated geopolitical effects of emerging infectious disease (including deliberate, accidental, and naturally occurring infectious disease threats) and pandemics, and their implications on the national security of the United States.

(3) CONTENT.—The briefing under paragraph (2) shall include an assessment of—

(A) the economic, social, political, and security risks, costs, and impacts of emerging infectious diseases on the United States and the international political and economic system;

(B) the economic, social, political, and security risks, costs, and impacts of a major transnational pandemic on the United States and the international political and economic system; and

(C) contributing trends and factors to the matters assessed under subparagraphs (A) and (B).

(4) EXAMINATION OF RESPONSE CAPACITY.—In examining the risks, costs, and impacts of emerging infectious disease and a possible transnational pandemic under paragraph (3), the Director of National Intelligence shall also examine in the briefing under paragraph (2) the response capacity within affected countries and the international system. In considering response capacity, the Director shall include—

(A) the ability of affected nations to effectively detect and manage emerging infectious diseases and a possible transnational pandemic;

(B) the role and capacity of international organizations and nongovernmental organizations to respond to emerging infectious disease and a possible pandemic, and their ability to coordinate with affected and donor nations; and

(C) the effectiveness of current international frameworks, agreements, and health systems to respond to emerging infectious diseases and a possible transnational pandemic.

(5) FORM.—The briefing under paragraph (2) may be classified.

Section 311 of the Intelligence Authorization Act for Fiscal Year 2017 (50 U.S.C. 3313) is amended—

(1) by redesignating subsection (b) as subsection (c); and

(2) by striking subsection (a) and inserting the following:

“(a) In general.—Each year, concurrent with the annual budget request submitted by the President to Congress under section 1105 of title 31, United States Code, each head of an element of the intelligence community shall submit to the congressional intelligence committees a report that lists each memorandum of understanding or other agreement regarding significant operational activities or policy entered into during the most recently completed fiscal year between or among such element and any other entity of the United States Government.

“(b) Provision of documents.—Each head of an element of an intelligence community who receives a request from the Select Committee on Intelligence of the Senate or the Permanent Select Committee on Intelligence of the House of Representatives for a copy of a memorandum of understanding or other document listed in a report submitted by the head under subsection (a) shall submit to such committee the requested copy as soon as practicable after receiving such request.”.

(a) Study required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence shall complete a study on the feasibility of encrypting unclassified wireline and wireless telephone calls between personnel in the intelligence community.

(b) Report.—Not later than 90 days after the date on which the Director completes the study required by subsection (a), the Director shall submit to the congressional intelligence committees a report on the Director's findings with respect to such study.

(a) Expansion of period of report.—Subsection (a) of section 114 of the National Security Act of 1947 (50 U.S.C. 3050) is amended by inserting “and the preceding 5 fiscal years” after “fiscal year”.

(b) Clarification on disaggregation of data.—Subsection (b) of such section is amended, in the matter before paragraph (1), by striking “disaggregated data by category of covered person from each element of the intelligence community” and inserting “data, disaggregated by category of covered person and by element of the intelligence community,”.

(a) Sense of Congress.—It is the sense of Congress that—

(1) there should be established, through the issuing of an Intelligence Community Directive or otherwise, an intelligence community-wide program for student loan repayment, student loan forgiveness, financial counseling, and related matters, for employees of the intelligence community;

(2) creating such a program would enhance the ability of the elements of the intelligence community to recruit, hire, and retain highly qualified personnel, including with respect to mission-critical and hard-to-fill positions;

(3) such a program, including with respect to eligibility requirements, should be designed so as to maximize the ability of the elements of the intelligence community to recruit, hire, and retain highly qualified personnel, including with respect to mission-critical and hard-to-fill positions; and

(4) to the extent possible, such a program should be uniform throughout the intelligence community and publicly promoted by each element of the intelligence community to both current employees of the element as well as to prospective employees of the element.

(b) Report on potential intelligence community-Wide program.—

(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in cooperation with the heads of the elements of the intelligence community and the heads of any other appropriate department or agency of the Federal Government, shall submit to the congressional intelligence committees a report on potentially establishing and carrying out an intelligence community-wide program for student loan repayment, student loan forgiveness, financial counseling, and related matters, as described in subsection (a).

(2) MATTERS INCLUDED.—The report under paragraph (1) shall include, at a minimum, the following:

(A) A description of the financial resources that the elements of the intelligence community would require to establish and initially carry out the program specified in paragraph (1).

(B) A description of the practical steps to establish and carry out such a program.

(C) The identification of any legislative action the Director determines necessary to establish and carry out such a program.

(c) Annual reports on established programs.—

(1) COVERED PROGRAMS DEFINED.—In this subsection, the term “covered programs” means any loan repayment program, loan forgiveness program, financial counseling program, or similar program, established pursuant to title X of the National Security Act of 1947 (50 U.S.C. 3191 et seq.) or any other provision of law that may be administered or used by an element of the intelligence community.

(2) ANNUAL REPORTS REQUIRED.—Not less frequently than once each year, the Director of National Intelligence shall submit to the congressional intelligence committees a report on the covered programs. Each such report shall include, with respect to the period covered by the report, the following:

(A) The number of personnel from each element of the intelligence community who used each covered program.

(B) The total amount of funds each element expended for each such program.

(C) A description of the efforts made by each element to promote each covered program pursuant to both the personnel of the element of the intelligence community and to prospective personnel.

(a) Correcting long-Standing material weaknesses.—Section 368 of the Intelligence Authorization Act for Fiscal Year 2010 (Public Law 110–259; 50 U.S.C. 3051 note) is hereby repealed.

(b) Interagency threat assessment and coordination group.—Section 210D of the Homeland Security Act of 2002 (6 U.S.C. 124k) is amended—

(1) by striking subsection (c);

(2) by redesignating subsections (d) through (i) as subsections (c) through (h), respectively; and

(3) in subsection (c), as so redesignated—

(A) in paragraph (8), by striking “; and” and inserting a period; and

(B) by striking paragraph (9).

(c) Inspector General report.—Section 8H of the Inspector General Act of 1978 (5 U.S.C. App.) is amended—

(1) by striking subsection (g); and

(2) by redesignating subsections (h) and (i) as subsections (g) and (h), respectively.

(a) Senior Executive Service position defined.—In this section, the term “Senior Executive Service position” has the meaning given that term in section 3132(a)(2) of title 5, United States Code, and includes any position above the GS–15, step 10, level of the General Schedule under section 5332 of such title.

(b) Report.—Not later than 90 days after the date of the enactment of this Act, the Inspector General of the Intelligence Community shall submit to the congressional intelligence committees a report on the number of Senior Executive Service positions in the Office of the Director of National Intelligence.

(c) Matters included.—The report under subsection (b) shall include the following:

(1) The number of required Senior Executive Service positions for the Office of the Director of National Intelligence.

(2) Whether such requirements are reasonably based on the mission of the Office.

(3) A discussion of how the number of the Senior Executive Service positions in the Office compare to the number of senior positions at comparable organizations.

(d) Cooperation.—The Director of National Intelligence shall provide to the Inspector General of the Intelligence Community any information requested by the Inspector General of the Intelligence Community that is necessary to carry out this section by not later than 14 calendar days after the date on which the Inspector General of the Intelligence Community makes such request.

Not later than 30 days after the date of the enactment of this Act, the Director of the Federal Bureau of Investigation shall provide to the congressional intelligence committees a briefing on the ability of the Federal Bureau of Investigation to offer, as an inducement to assisting the Bureau, permanent residence within the United States to foreign individuals who are sources or cooperators in counterintelligence or other national security-related investigations. The briefing shall address the following:

(1) The extent to which the Bureau may make such offers, whether independently or in conjunction with other agencies and departments of the United States Government, including a discussion of the authorities provided by section 101(a)(15)(S) of the Immigration and Nationality Act (8 U.S.C. 1101(a)(15)(S)), section 7 of the Central Intelligence Agency Act (50 U.S.C. 3508), and any other provision of law under which the Bureau may make such offers.

(2) An overview of the policies and operational practices of the Bureau with respect to making such offers.

(3) The sufficiency of such policies and practices with respect to inducing individuals to cooperate with, serve as sources for such investigations, or both.

(4) Whether the Director recommends any legislative actions to improve such policies and practices, particularly with respect to the counterintelligence efforts of the Bureau.

(a) Assessment required.—Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Assistant Secretary of State for Intelligence and Research and the Assistant Secretary of the Treasury for Intelligence and Analysis, shall produce an intelligence assessment of the revenue sources of the North Korean regime. Such assessment shall include revenue from the following sources:

(1) Trade in coal, iron, and iron ore.

(2) The provision of fishing rights to North Korean territorial waters.

(3) Trade in gold, titanium ore, vanadium ore, copper, silver, nickel, zinc, or rare earth minerals, and other stores of value.

(4) Trade in textiles.

(5) Sales of conventional defense articles and services.

(6) Sales of controlled goods, ballistic missiles, and other associated items.

(7) Other types of manufacturing for export, as the Director of National Intelligence considers appropriate.

(8) The exportation of workers from North Korea in a manner intended to generate significant revenue, directly or indirectly, for use by the government of North Korea.

(9) The provision of nonhumanitarian goods (such as food, medicine, and medical devices) and services by other countries.

(10) The provision of services, including banking and other support, including by entities located in the Russian Federation, China, and Iran.

(11) Online commercial activities of the Government of North Korea, including online gambling.

(12) Criminal activities, including cyber-enabled crime and counterfeit goods.

(b) Elements.—The assessment required under subsection (a) shall include an identification of each of the following:

(1) The sources of North Korea’s funding.

(2) Financial and non-financial networks, including supply chain management, transportation, and facilitation, through which North Korea accesses the United States and international financial systems and repatriates and exports capital, goods, and services.

(3) The global financial institutions, money services business, and payment systems that assist North Korea with financial transactions.

(c) Submittal to Congress.—Upon completion of the assessment required under subsection (a), the Director of National Intelligence shall submit to the congressional intelligence committees a copy of such assessment.

(a) Short title.—This section may be cited as the “Stop Terrorist Use of Virtual Currencies Act”.

(b) Report.—Not later than 1 year after the date of the enactment of this Act, the Director of National Intelligence, in consultation with the Secretary of the Treasury, shall submit to Congress a report on the possible exploitation of virtual currencies by terrorist actors. Such report shall include the following elements:

(1) An assessment of the means and methods by which international terrorist organizations and State sponsors of terrorism use virtual currencies.

(2) An assessment of the use by terrorist organizations and State sponsors of terrorism of virtual currencies compared to the use by such organizations and States of other forms of financing to support operations, including an assessment of the collection posture of the intelligence community on the use of virtual currencies by such organizations and States.

(3) A description of any existing legal impediments that inhibit or prevent the intelligence community from collecting information on or helping prevent the use of virtual currencies by international terrorist organizations and State sponsors of terrorism and an identification of any gaps in existing law that could be exploited for illicit funding by such organizations and States.

(c) Form of report.—The report required by subsection (b) shall be submitted in unclassified form, but may include a classified annex.

Section 707(b)(1)(G)(ii) of the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1881f(b)(1)(G)(ii)) is amended by inserting before the semicolon the following: “, including whether disciplinary actions were taken as a result of such an incident of noncompliance and the extent of such disciplinary actions”.

Section 710(b) of the Public Interest Declassification Act of 2000 (Public Law 106–567; 50 U.S.C. 3161 note) is amended by striking “December 31, 2018” and inserting “December 31, 2028”.

(a) Definitions.—In this section:

(1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term “appropriate congressional committees” means—

(A) the congressional intelligence committees;

(B) the Committee on Homeland Security and Governmental Affairs and the Committee on Energy and Natural Resources of the Senate; and

(C) the Committee on Homeland Security and the Committee on Energy and Commerce of the House of Representatives.

(2) COVERED ENTITY.—The term “covered entity” means an entity identified pursuant to section 9(a) of Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11742), relating to identification of critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.

(3) EXPLOIT.—The term “exploit” means a software tool designed to take advantage of a security vulnerability.

(4) INDUSTRIAL CONTROL SYSTEM.—The term “industrial control system” means an operational technology used to measure, control, or manage industrial functions, and includes supervisory control and data acquisition systems, distributed control systems, and programmable logic or embedded controllers.

(5) NATIONAL LABORATORY.—The term “National Laboratory” has the meaning given the term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801).

(6) PROGRAM.—The term “Program” means the pilot program established under subsection (b).

(7) SECRETARY.—Except as otherwise specifically provided, the term “Secretary” means the Secretary of Energy.

(8) SECURITY VULNERABILITY.—The term “security vulnerability” means any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control.

(b) Pilot program for securing energy infrastructure.—Not later than 180 days after the date of the enactment of this Act, the Secretary shall establish a 2-year control systems implementation pilot program within the National Laboratories for the purposes of—

(1) partnering with covered entities in the energy sector (including critical component manufacturers in the supply chain) that voluntarily participate in the Program to identify new classes of security vulnerabilities of the covered entities; and

(2) evaluating technology and standards, in partnership with covered entities, to isolate and defend industrial control systems of covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities, including—

(A) analog and nondigital control systems;

(B) purpose-built control systems; and

(C) physical controls.

(c) Working group To evaluate program standards and develop strategy.—

(1) ESTABLISHMENT.—The Secretary shall establish a working group—

(A) to evaluate the technology and standards used in the Program under subsection (b)(2); and

(B) to develop a national cyber-informed engineering strategy to isolate and defend covered entities from security vulnerabilities and exploits in the most critical systems of the covered entities.

(2) MEMBERSHIP.—The working group established under paragraph (1) shall be composed of not fewer than 10 members, to be appointed by the Secretary, at least 1 member of which shall represent each of the following:

(A) The Department of Energy.

(B) The energy industry, including electric utilities and manufacturers recommended by the Energy Sector coordinating councils.

(C) (i) The Department of Homeland Security; or

(ii) the Industrial Control Systems Cyber Emergency Response Team.

(D) The North American Electric Reliability Corporation.

(E) The Nuclear Regulatory Commission.

(F) (i) The Office of the Director of National Intelligence; or

(ii) the intelligence community (as defined in section 3 of the National Security Act of 1947 (50 U.S.C. 3003)).

(G) (i) The Department of Defense; or

(ii) the Assistant Secretary of Defense for Homeland Security and America's Security Affairs.

(H) A State or regional energy agency.

(I) A national research body or academic institution.

(J) The National Laboratories.

(d) Reports on the Program.—

(1) INTERIM REPORT.—Not later than 180 days after the date on which funds are first disbursed under the Program, the Secretary shall submit to the appropriate congressional committees an interim report that—

(A) describes the results of the Program;

(B) includes an analysis of the feasibility of each method studied under the Program; and

(C) describes the results of the evaluations conducted by the working group established under subsection (c)(1).

(2) FINAL REPORT.—Not later than 2 years after the date on which funds are first disbursed under the Program, the Secretary shall submit to the appropriate congressional committees a final report that—

(A) describes the results of the Program;

(B) includes an analysis of the feasibility of each method studied under the Program; and

(C) describes the results of the evaluations conducted by the working group established under subsection (c)(1).

(e) Exemption from disclosure.—Information shared by or with the Federal Government or a State, Tribal, or local government under this section—

(1) shall be deemed to be voluntarily shared information;

(2) shall be exempt from disclosure under section 552 of title 5, United States Code, or any provision of any State, Tribal, or local freedom of information law, open government law, open meetings law, open records law, sunshine law, or similar law requiring the disclosure of information or records; and

(3) shall be withheld from the public, without discretion, under section 552(b)(3) of title 5, United States Code, and any provision of any State, Tribal, or local law requiring the disclosure of information or records.

(f) Protection from liability.—

(1) IN GENERAL.—A cause of action against a covered entity for engaging in the voluntary activities authorized under subsection (b)—

(A) shall not lie or be maintained in any court; and

(B) shall be promptly dismissed by the applicable court.

(2) VOLUNTARY ACTIVITIES.—Nothing in this section subjects any covered entity to liability for not engaging in the voluntary activities authorized under subsection (b).

(g) No new regulatory authority for Federal agencies.—Nothing in this section authorizes the Secretary or the head of any other department or agency of the Federal Government to issue new regulations.

(h) Authorization of appropriations.—

(1) PILOT PROGRAM.—There is authorized to be appropriated $10,000,000 to carry out subsection (b).

(2) WORKING GROUP AND REPORT.—There is authorized to be appropriated $1,500,000 to carry out subsections (c) and (d).

(3) AVAILABILITY.—Amounts made available under paragraphs (1) and (2) shall remain available until expended.

(a) Definitions.—In this section:

(1) APPROPRIATE COMMITTEES OF CONGRESS.—The term “appropriate committees of Congress” means—

(A) the congressional intelligence committees;

(B) the Committee on Armed Services and the Committee on Homeland Security and Governmental Affairs of the Senate; and

(C) the Committee on Armed Services and the Committee on Homeland Security of the House of Representatives.

(2) BUG BOUNTY PROGRAM.—The term “bug bounty program” means a program under which an approved computer security specialist or security researcher is temporarily authorized to identify and report vulnerabilities within the information system of an agency or department of the United States in exchange for compensation.

(3) INFORMATION SYSTEM.—The term “information system” has the meaning given that term in section 3502 of title 44, United States Code.

(b) Bug bounty program plan.—

(1) REQUIREMENT.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security, in consultation with the Secretary of Defense, shall submit to appropriate committees of Congress a strategic plan for appropriate agencies and departments of the United States to implement bug bounty programs.

(2) CONTENTS.—The plan required by paragraph (1) shall include—

(A) an assessment of—

(i) the “Hack the Pentagon” pilot program carried out by the Department of Defense in 2016 and subsequent bug bounty programs in identifying and reporting vulnerabilities within the information systems of the Department of Defense; and

(ii) private sector bug bounty programs, including such programs implemented by leading technology companies in the United States; and

(B) recommendations on the feasibility of initiating bug bounty programs at appropriate agencies and departments of the United States.

(a) Civilian faculty members; employment and compensation.—

(1) IN GENERAL.—Section 1595(c) of title 10, United States Code, is amended by adding at the end the following:

“(5) The National Intelligence University.”.

(2) COMPENSATION PLAN.—The Secretary of Defense shall provide each person employed as a full-time professor, instructor, or lecturer at the National Intelligence University on the date of the enactment of this Act an opportunity to elect to be paid under the compensation plan in effect on the day before the date of the enactment of this Act (with no reduction in pay) or under the authority of section 1595 of title 10, United States Code, as amended by paragraph (1).

(b) Acceptance of faculty research grants.—Section 2161 of such title is amended by adding at the end the following:

“(d) Acceptance of faculty research grants.—The Secretary of Defense may authorize the President of the National Intelligence University to accept qualifying research grants in the same manner and to the same degree as the President of the National Defense University under section 2165(e) of this title.”.

(c) Pilot program on admission of private sector civilians To receive instruction.—

(1) PILOT PROGRAM REQUIRED.—

(A) IN GENERAL.—Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense shall commence carrying out a pilot program to assess the feasability and advisability of permitting eligible private sector employees who work in organizations relevant to national security to receive instruction at the National Intelligence University.

(B) DURATION.—The Secretary shall carry out the pilot program during the 3-year period beginning on the date of the commencement of the pilot program.

(C) EXISTING PROGRAM.—The Secretary shall carry out the pilot program in a manner that is consistent with section 2167 of title 10, United States Code.

(D) NUMBER OF PARTICIPANTS.—No more than the equivalent of 35 full-time student positions may be filled at any one time by private sector employees enrolled under the pilot program.

(E) DIPLOMAS AND DEGREES.—Upon successful completion of the course of instruction in which enrolled, any such private sector employee may be awarded an appropriate diploma or degree under section 2161 of title 10, United States Code.

(2) ELIGIBLE PRIVATE SECTOR EMPLOYEES.—

(A) IN GENERAL.—For purposes of this subsection, an eligible private sector employee is an individual employed by a private firm that is engaged in providing to the Department of Defense, the intelligence community, or other Government departments or agencies significant and substantial intelligence or defense-related systems, products, or services or whose work product is relevant to national security policy or strategy.

(B) LIMITATION.—Under this subsection, a private sector employee admitted for instruction at the National Intelligence University remains eligible for such instruction only so long as that person remains employed by the same firm, holds appropriate security clearances, and complies with any other applicable security protocols.

(3) ANNUAL CERTIFICATION BY SECRETARY OF DEFENSE.—Under the pilot program, private sector employees may receive instruction at the National Intelligence University during any academic year only if, before the start of that academic year, the Secretary of Defense determines, and certifies to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives, that providing instruction to private sector employees under this section during that year will further the national security interests of the United States.

(4) PILOT PROGRAM REQUIREMENTS.—The Secretary of Defense shall ensure that—

(A) the curriculum in which private sector employees may be enrolled under the pilot program is not readily available through other schools and concentrates on national security-relevant issues; and

(B) the course offerings at the National Intelligence University are determined by the needs of the Department of Defense and the intelligence community.

(5) TUITION.—The President of the National Intelligence University shall charge students enrolled under the pilot program a rate that—

(A) is at least the rate charged for employees of the United States outside the Department of Defense, less infrastructure costs; and

(B) considers the value to the school and course of the private sector student.

(6) STANDARDS OF CONDUCT.—While receiving instruction at the National Intelligence University, students enrolled under the pilot program, to the extent practicable, are subject to the same regulations governing academic performance, attendance, norms of behavior, and enrollment as apply to Government civilian employees receiving instruction at the university.

(7) USE OF FUNDS.—

(A) IN GENERAL.—Amounts received by the National Intelligence University for instruction of students enrolled under the pilot program shall be retained by the university to defray the costs of such instruction.

(B) RECORDS.—The source, and the disposition, of such funds shall be specifically identified in records of the university.

(8) REPORTS.—

(A) ANNUAL REPORTS.—Each academic year in which the pilot program is carried out, the Secretary shall submit to the congressional intelligence committees, the Committee on Armed Services of the Senate, and the Committee on Armed Services of the House of Representatives a report on the number of eligible private sector employees participating in the pilot program.

(B) FINAL REPORT.—Not later than 90 days after the date of the conclusion of the pilot program, the Secretary shall submit to the congressional intelligence committees, the Committee on Armed Services of the Senate, and the Committee on Armed Services of the House of Representatives a report on the findings of the Secretary with respect to the pilot program. Such report shall include—

(i) the findings of the Secretary with respect to the feasability and advisability of permitting eligible private sector employees who work in organizations relevant to national security to receive instruction at the National Intelligence University; and

(ii) a recommendation as to whether the pilot program should be extended.

(a) Table of contents.—The table of contents at the beginning of the National Security Act of 1947 (50 U.S.C. 3001 et seq.) is amended—

(1) by inserting after the item relating to section 2 the following new item:

“Sec. 3. Definitions.”;

(2) by striking the item relating to section 107;

(3) by striking the item relating to section 113B and inserting the following new item:

“Sec. 113B. Special pay authority for science, technology, engineering, or mathematics positions.”;

(4) by striking the items relating to sections 202, 203, 204, 208, 209, 210, 211, 212, 213, and 214; and

(5) by inserting after the item relating to section 311 the following new item:

“Sec. 312. Repealing and saving provisions.”.

(b) Other technical corrections.—Such Act is further amended—

(1) in section 102A—

(A) in subparagraph (G) of paragraph (1) of subsection (g), by moving the margins of such subparagraph 2 ems to the left; and

(B) in paragraph (3) of subsection (v), by moving the margins of such paragraph 2 ems to the left;

(2) in section 106—

(A) by inserting “Sec. 106.” before “(a)”; and

(B) in subparagraph (I) of paragraph (2) of subsection (b), by moving the margins of such subparagraph 2 ems to the left;

(3) by striking section 107;

(4) in section 108(c), by striking “in both a classified and an unclassified form” and inserting “to Congress in classified form, but may include an unclassified summary”;

(5) in section 112(c)(1), by striking “section 103(c)(7)” and inserting “section 102A(i)”;

(6) by amending section 201 to read as follows:

(7) in section 205, by redesignating subsections (b) and (c) as subsections (a) and (b), respectively;

(8) in section 206, by striking “(a)”;

(9) in section 207, by striking “(c)”;

(10) in section 308(a), by striking “this Act” and inserting “sections 2, 101, 102, 103, and 303 of this Act”;

(11) by redesignating section 411 as section 312;

(12) in section 503—

(A) in paragraph (5) of subsection (c)—

(i) by moving the margins of such paragraph 2 ems to the left; and

(ii) by moving the margins of subparagraph (B) of such paragraph 2 ems to the left; and

(B) in paragraph (2) of subsection (d), by moving the margins of such paragraph 2 ems to the left; and

(13) in subparagraph (B) of paragraph (3) of subsection (a) of section 504, by moving the margins of such subparagraph 2 ems to the right.

(a) National Nuclear Security Administration Act.—

(1) CLARIFICATION OF FUNCTIONS OF THE ADMINISTRATOR FOR NUCLEAR SECURITY.—Subsection (b) of section 3212 of the National Nuclear Security Administration Act (50 U.S.C. 2402(b)) is amended—

(A) by striking paragraphs (11) and (12); and

(B) by redesignating paragraphs (13) through (19) as paragraphs (11) through (17), respectively.

(2) COUNTERINTELLIGENCE PROGRAMS.—Section 3233(b) of the National Nuclear Security Administration Act (50 U.S.C. 2423(b)) is amended—

(A) by striking “Administration” and inserting “Department”; and

(B) by inserting “Intelligence and” after “the Office of”.

(b) Atomic Energy Defense Act.—Section 4524(b)(2) of the Atomic Energy Defense Act (50 U.S.C. 2674(b)(2)) is amended by inserting “Intelligence and” after “The Director of”.

(c) National Security Act of 1947.—Paragraph (2) of section 106(b) of the National Security Act of 1947 (50 U.S.C. 3041(b)(2)) is amended—

(1) in subparagraph (E), by inserting “and Counterintelligence” after “Office of Intelligence”;

(2) by striking subparagraph (F);

(3) by redesignating subparagraphs (G), (H), and (I) as subparagraphs (F), (G), and (H), respectively; and

(4) in subparagraph (H), as so redesignated, by realigning the margin of such subparagraph 2 ems to the left.

(a) Definitions.—In this section:

(1) ADVERSARY FOREIGN GOVERNMENT.—The term “adversary foreign government” means the government of any of the following foreign countries:

(A) North Korea.

(B) Iran.

(C) China.

(D) Russia.

(E) Cuba.

(2) COVERED CLASSIFIED INFORMATION.—The term “covered classified information” means classified information that was—

(A) collected by an element of the intelligence community; or

(B) provided by the intelligence service or military of a foreign country to an element of the intelligence community.

(3) ESTABLISHED INTELLIGENCE CHANNELS.—The term “established intelligence channels” means methods to exchange intelligence to coordinate foreign intelligence relationships, as established pursuant to law by the Director of National Intelligence, the Director of the Central Intelligence Agency, the Director of the National Security Agency, or other head of an element of the intelligence community.

(4) INDIVIDUAL IN THE EXECUTIVE BRANCH.—The term “individual in the executive branch” means any officer or employee of the executive branch, including individuals—

(A) occupying a position specified in article II of the Constitution;

(B) appointed to a position by an individual described in subparagraph (A); or

(C) serving in the civil service or the Senior Executive Service (or similar service for senior executives of particular departments or agencies).

(b) Findings.—Congress finds that section 502 of the National Security Act of 1947 (50 U.S.C. 3092) requires elements of the intelligence community to keep the congressional intelligence committees “fully and currently informed” about all “intelligence activities” of the United States, and to “furnish to the congressional intelligence committees any information or material concerning intelligence activities * * * which is requested by either of the congressional intelligence committees in order to carry out its authorized responsibilities.”.

(c) Sense of Congress.—It is the sense of Congress that—

(1) section 502 of the National Security Act of 1947 (50 U.S.C. 3092), together with other intelligence community authorities, obligates an element of the intelligence community to submit to the congressional intelligence committees written notification, by not later than 7 days after becoming aware, that an individual in the executive branch has disclosed covered classified information to an official of an adversary foreign government using methods other than established intelligence channels; and

(2) each such notification should include—

(A) the date and place of the disclosure of classified information covered by the notification;

(B) a description of such classified information;

(C) identification of the individual who made such disclosure and the individual to whom such disclosure was made; and

(D) a summary of the circumstances of such disclosure.

It is the sense of the Congress that the Secretary of State, in considering whether or not to provide a visa to a foreign individual to be accredited to a United Nations mission in the United States, should consider—

(1) known and suspected intelligence activities, espionage activities, including activities constituting precursors to espionage, carried out by the individual against the United States, foreign allies of the United States, or foreign partners of the United States; and

(2) the status of an individual as a known or suspected intelligence officer for a foreign adversary.

It is the sense of Congress that WikiLeaks and the senior leadership of WikiLeaks resemble a nonstate hostile intelligence service often abetted by state actors and should be treated as such a service by the United States.