This Act may be cited as the “Secure American Research Act of 2019”.

(a) Definitions.—In this section—

(1) the term “Academies” means the National Academies of Science, Engineering and Medicine;

(2) the term “Federal science agency” means any Federal agency with not less than $100,000,000 in basic and applied research obligations in fiscal year 2018;

(3) the term “grantee” means an entity that is—

(A) a recipient or subrecipient of a Federal grant or cooperative agreement; and

(B) an institution of higher education or a nonprofit organization;

(4) the term “institution of higher education” has the meaning given the term in section 101 of the Higher Education Act of 1965 (20 U.S.C. 1001);

(5) the term “relevant Committees” means—

(A) the Committee on Commerce, Science, and Transportation of the Senate;

(B) the Committee on Science, Space, and Technology of the House of Representatives;

(C) the Committee on Armed Services of the Senate;

(D) the Committee on Armed Services of the House of Representatives;

(E) the Committee on Homeland Security and Governmental Affairs of the Senate;

(F) the Committee on Oversight and Reform of the House of Representatives;

(G) the Committee on Foreign Relations of the Senate; and

(H) the Committee on Foreign Affairs of the House of Representatives;

(6) the term “roundtable” means the National Science, Technology, and Security Roundtable established under subsection (d); and

(7) the term “working group” means the interagency working group established under subsection (b).

(b) Interagency working group for coordination and development of Federal research protection.—

(1) IN GENERAL.—The Director of the Office of Science and Technology Policy, acting through the National Science and Technology Council and in consultation with the National Security Advisor, shall establish an interagency working group to coordinate activities to protect federally funded research and development from foreign interference, cyberattacks, theft, or espionage and to develop common definitions and best practices for Federal science agencies and grantees, while accounting for the importance of the open exchange of ideas and international talent required for scientific progress and American leadership in science and technology.

(2) MEMBERSHIP.—

(A) IN GENERAL.—The working group shall include a representative of—

(i) the National Science Foundation;

(ii) the Department of Energy;

(iii) the National Aeronautics and Space Administration;

(iv) the National Institute of Standards and Technology;

(v) the Department of Commerce;

(vi) the National Institutes of Health;

(vii) the Department of Defense;

(viii) the Department of Agriculture;

(ix) the Department of Education;

(x) the Department of State;

(xi) the Department of the Treasury;

(xii) the Department of Justice;

(xiii) the Department of Homeland Security;

(xiv) the Central Intelligence Agency;

(xv) the Federal Bureau of Investigation;

(xvi) the Office of the Director of National Intelligence;

(xvii) the Office of Management and Budget;

(xviii) the National Economic Council; and

(xix) such other Federal department or agency as the President considers appropriate.

(B) CHAIR.—The working group shall be chaired by the Director of the Office of Science and Technology Policy, or a designee of the Director.

(3) RESPONSIBILITIES OF THE WORKING GROUP.—The working group shall—

(A) identify known and potential cyber, physical, and human intelligence threats and vulnerabilities within the United States scientific and technological enterprise;

(B) coordinate efforts among Federal agencies to update and share important information with grantees, including specific examples of interference, cyberattacks, theft, or espionage directed at federally funded research and development or the integrity of the United States scientific enterprise;

(C) identify effective existing mechanisms for protection of federally funded research and development, including mechanisms grantees are employing to protect federally funded research;

(D) develop an inventory of—

(i) terms and definitions used across Federal science agencies to delineate areas that may require additional protection; and

(ii) policies and procedures at Federal science agencies regarding protection of federally funded research;

(E) develop and periodically update unclassified policy guidance to assist Federal science agencies and grantees in having consistent policies to defend against threats to federally funded research and development and the integrity of the United States scientific enterprise that—

(i) includes—

(I) descriptions of known and potential threats, including organizations of concern, to federally funded research and development and the integrity of the United States scientific enterprise;

(II) common definitions and terminology for categorization of research and technologies that are protected;

(III) identified areas of research or technology that might require additional protection;

(IV) recommendations for how existing frameworks and control mechanisms can be better utilized to protect federally funded research and development from foreign interference, cyberattacks, theft or espionage, including any recommendations for updates to existing frameworks and control mechanisms and any recommendations, as appropriate, for new mechanisms for the protection of federally funded research;

(V) recommendations for best practices for Federal science agencies and grantees to defend against threats to federally funded research and development, including coordination and harmonization of any relevant reporting requirements that Federal science agencies implement for grantees;

(VI) assessments of potential consequences that any proposed practices would have on international collaboration and United States leadership in science and technology; and

(VII) a classified addendum as necessary to further inform Federal science agency decisionmaking; and

(ii) accounts for the range of needs across different sectors of the United States science and technology enterprise;

(F) develop and ensure the implementation of a means for Federal agencies listed in paragraph (2)(A) to aggregate and share Federal agency information regarding completed investigations of researchers that were determined to be knowingly fraudulent in disclosure of foreign interests, investments, or involvement relating to Federal research, which shall—

(i) be shared among agencies listed in paragraph (2)(A);

(ii) not be made available to the public; and

(iii) not be subject to the requirements of section 552 of title 5, United States Code (commonly known as the “Freedom of Information Act”); and

(G) develop guidelines to create a consistent cybersecurity policy across Federal agencies to protect federally funded research and development from foreign interference theft or espionage through cybersecurity breaches, which shall—

(i) be based on the framework the National Institute of Standards and Technology entitled “Framework for Improving Critical Infrastructure Cybersecurity,” and in the case of controlled unclassified information, on Special Publication 800–181 of the National Institutes of Standards and Technology entitled “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations”, or any successor thereto;

(ii) include guidance on specific means Federal agencies can use to ensure grantees are complying with cybersecurity standards that Federal agencies develop consistent with this subparagraph; and

(iii) incorporate input from grantees, including from—

(I) facility security officers;

(II) chief information officers;

(III) vice presidents for research;

(IV) chief technology officers; and

(V) other relevant officers as determined by the working group.

(4) COORDINATION WITH NATIONAL ACADEMIES ROUNDTABLE.—The Director of the Office of Science and Technology Policy shall coordinate with the Academies to ensure that not less than 1 member of the working group is also a member of the roundtable.

(5) INTERIM REPORT.—Not later than 6 months after the date of enactment of this Act, the Director of the Office of Science and Technology Policy shall provide a report to the relevant Committees that includes—

(A) the inventory required under paragraph (3)(D);

(B) an update on progress toward developing the policy guidance required under paragraph (3)(E); and

(C) any additional activities undertaken by the working group in that time.

(6) BIENNIAL REPORTING.—Not later than 2 years after the date of enactment of this Act, and not less frequently than every 2 years thereafter, the Director of the Office of Science and Technology Policy shall provide to the relevant Committees a summary report on the activities of the working group and the most current version of the policy guidance required under subparagraphs (E) and (G) of paragraph (3).

(c) Cyber standards.—

(1) IN GENERAL.—Each Federal research agency shall—

(A) issue standards consistent with those developed under subsection (b)(3)(G); and

(B) ensure that grantees are employing cybersecurity practices that meet those agency standards using means consistent with those developed under subsection (b)(3)(G)(ii).

(2) COOPERATIVE AGREEMENTS.—Each Federal research agency shall make compliance with the standards described in paragraph (1), as determined by the means described in that paragraph, a requirement in each grant to or cooperative agreement with a grantee.

(d) National science, technology, and security roundtable.—

(1) IN GENERAL.—The National Science Foundation, the Department of Energy, and the Department of Defense, and any other Federal agency as determined by the Director of the Office of Science and Technology Policy, shall enter into a joint agreement with the Academies to create a National Science, Technology, and Security Roundtable.

(2) PARTICIPANTS.—The roundtable shall include senior representatives and practitioners from Federal science, intelligence, national security agencies, and law enforcement agencies, as well as key stakeholders in the United States scientific enterprise, including institutions of higher education, Federal research laboratories, industry, and nonprofit research organizations.

(3) PURPOSE.—The purpose of the roundtable is to facilitate among participants—

(A) exploration of critical issues related to protecting United States national and economic security while ensuring the open exchange of ideas and international talent required for scientific progress and the leadership of the United States in science and technology;

(B) identification and consideration of security threats and risks involving federally funded research and development, including foreign interference, cyber attacks, theft, or espionage;

(C) identification of effective approaches for communicating the threats and risks identified in subparagraph (B) to the academic and scientific community, including through the sharing of unclassified data and relevant case studies;

(D) sharing of best practices for addressing and mitigating the threats and risks identified in subparagraph (B); and

(E) examination of potential near- and long-term responses by the Federal Government and the academic and scientific community to mitigate and address the risks associated with foreign threats.

(4) REPORT AND BRIEFING.—The joint agreement under paragraph (1) shall specify that—

(A) the roundtable shall periodically organize workshops and issue publicly available reports on the topics described in paragraph (3) and the activities of the roundtable; and

(B) not later than March 1, 2020, the Academies shall provide a briefing to relevant Committees on the progress and activities of the roundtable.

(e) Savings clause.—Nothing in this Act may be construed to alter the jurisdiction, authority, or procedural responsibilities of any Federal agency.