Union Calendar No. 287
117th CONGRESS 2d Session |
[Report No. 117–376, Part I]
To amend the Homeland Security Act of 2002 to reauthorize the National Computer Forensics Institute of the United States Secret Service, and for other purposes.
March 18, 2022
Ms. Slotkin (for herself, Mr. Palmer, and Ms. Sewell) introduced the following bill; which was referred to the Committee on Homeland Security, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned
June 17, 2022
Additional sponsors: Mr. Thompson of Mississippi, Mr. Rogers of Alabama, Mr. Langevin, Mr. Aderholt, Mr. Swalwell, Mr. Brooks, Mrs. Demings, Ms. Clarke of New York, Mr. Torres of New York, Mr. Carl, Mr. Malinowski, Mr. Moore of Alabama, Mr. Pappas, Mr. Garbarino, Mr. Fleischmann, Mr. Moulton, and Mr. Case
June 17, 2022
Reported from the Committee on Homeland Security with an amendment
[Strike out all after the enacting clause and insert the part printed in italic]
June 17, 2022
Committee on the Judiciary discharged; committed to the Committee of the Whole House on the State of the Union and ordered to be printed
To amend the Homeland Security Act of 2002 to reauthorize the National Computer Forensics Institute of the United States Secret Service, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “National Computer Forensics Institute Reauthorization Act of 2022”.
SEC. 2. Reauthorization of the National Computer Forensics Institute of the Department of Homeland Security.
(a) In general.—Section 822 of the Homeland Security Act of 2002 (6 U.S.C. 383) is amended—
(1) in subsection (a)—
(C) by striking the second sentence and inserting “The Institute’s mission shall be to educate, train, and equip State, local, territorial, and Tribal law enforcement officers, prosecutors, judges, participants in the United States Secret Service’s network of cyber fraud task forces, and other appropriate individuals regarding the investigation and prevention of cybersecurity incidents, electronic crimes, and related cybersecurity threats, including through the dissemination of homeland security information, in accordance with relevant Department guidance regarding privacy, civil rights, and civil liberties protections.”;
(3) by striking subsection (b) and inserting the following new subsections:
“(b) Curriculum.—In furtherance of subsection (a), all education and training of the Institute shall be conducted in accordance with relevant Federal law and policy regarding privacy, civil rights, and civil liberties protections, including best practices for safeguarding data privacy and fair information practice principles. Education and training provided pursuant to subsection (a) shall relate to the following:
“(1) Investigating and preventing cybersecurity incidents, electronic crimes, and related cybersecurity threats, including relating to instances involving illicit use of digital assets and emerging trends in cybersecurity and electronic crime.
“(c) Research and development.—In furtherance of subsection (a), the Institute shall research, develop, and share information relating to investigating cybersecurity incidents, electronic crimes, and related cybersecurity threats that prioritize best practices for forensic examinations of computers, mobile devices, and other information systems. Such information may include training on methods to investigate ransomware and other threats involving the use of digital assets.”;
(4) in subsection (d), as so redesignated—
(A) by striking “cyber and electronic crime and related threats is shared with State, local, tribal, and territorial law enforcement officers and prosecutors” and inserting “cybersecurity incidents, electronic crimes, and related cybersecurity threats is shared with recipients of education and training provided pursuant to subsection (a)”; and
(5) in subsection (e), as so redesignated—
(A) by striking “State, local, tribal, and territorial law enforcement officers” and inserting “recipients of education and training provided pursuant to subsection (a)”; and
(B) by striking “necessary to conduct cyber and electronic crime and related threat investigations and computer and mobile device forensic examinations” and inserting “for investigating and preventing cybersecurity incidents, electronic crimes, related cybersecurity threats, and for forensic examinations of computers, mobile devices, and other information systems”;
(6) in subsection (f), as so redesignated—
(7) by redesignating subsection (g), as redesignated pursuant to paragraph (2), as subsection (j); and
(8) by inserting after subsection (f), as so redesignated, the following new subsections:
“(g) Expenses.—The Director of the United States Secret Service may pay for all or a part of the education, training, or equipment provided by the Institute, including relating to the travel, transportation, and subsistence expenses of recipients of education and training provided pursuant to subsection (a).
“(h) Annual reports to Congress.—The Secretary shall include in the annual report required pursuant to section 1116 of title 31, United States Code, information regarding the activities of the Institute, including relating to the following:
“(1) Activities of the Institute, including, where possible, an identification of jurisdictions with recipients of education and training provided pursuant to subsection (a) of this section during such year and information relating to the costs associated with such education and training.
“(3) Impacts of the Institute’s activities on jurisdictions’ capability to investigate and prevent cybersecurity incidents, electronic crimes, and related cybersecurity threats.
“(4) A description of the nomination process for State, local, territorial, and Tribal law enforcement officers, prosecutors, judges, participants in the United States Secret Service’s network of cyber fraud task forces, and other appropriate individuals to receive the education and training provided pursuant to subsection (a).
“(i) Definitions.—In this section—
“(1) CYBERSECURITY THREAT.—The term ‘cybersecurity threat’ has the meaning given such term in section 102 of the Cybersecurity Act of 2015 (enacted as division N of the Consolidated Appropriations Act, 2016 (Public Law 114–113; 6 U.S.C. 1501))
“(3) INFORMATION SYSTEM.—The term ‘information system’ has the meaning given such term in section 102 of the Cybersecurity Act of 2015 (enacted as division N of the Consolidated Appropriations Act, 2016 (Public Law 114–113; 6 U.S.C. 1501(9))).”.
(b) Guidance from the Privacy Officer and Civil Rights and Civil Liberties Officer.—The Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security shall provide guidance, upon the request of the Director of the United States Secret Service, regarding the functions specified in subsection (b) of section 822 of the Homeland Security Act of 2002 (6 U.S.C. 383), as amended by subsection (a).
(c) Template for information collection from participating jurisdictions.—Not later than 180 days after the date of the enactment of this Act, the Director of the United States Secret Service shall develop and disseminate to jurisdictions that are recipients of education and training provided by the National Computer Forensics Institute pursuant to subsection (a) of section 822 of the Homeland Security Act of 2002 (6 U.S.C. 383), as amended by subsection (a), a template to permit each such jurisdiction to submit to the Director reports on the impacts on such jurisdiction of such education and training, including information on the number of digital forensics exams conducted annually. The Director shall, as appropriate, revise such template and disseminate to jurisdictions described in this subsection any such revised templates.
(d) Requirements analysis.—
(1) IN GENERAL.—Not later than one year after the date of the enactment of this Act, the Director of the United States Secret Service shall carry out a requirements analysis of approaches to expand capacity of the National Computer Forensics Institute to carry out the Institute’s mission as set forth in subsection (a) of section 822 of the Homeland Security Act of 2002 (6 U.S.C. 383), as amended by subsection (a).
(2) SUBMISSION.—Not later than 90 days after completing the requirements analysis under paragraph (1), the Director of the United States Secret Service shall submit to Congress such analysis, together with a plan to expand the capacity of the National Computer Forensics Institute to provide education and training described in such subsection. Such analysis and plan shall consider the following:
(e) Research and development.—The Director of the United States Secret Service may coordinate with the Under Secretary for Science and Technology of the Department of Homeland Security to carry out research and development of systems and procedures to enhance the National Computer Forensics Institute’s capabilities and capacity to carry out the Institute’s mission as set forth in subsection (a) of section 822 of the Homeland Security Act of 2002 (6 U.S.C. 383), as amended by subsection (a).
Union Calendar No. 287 | |||||
| |||||
[Report No. 117–376, Part I] | |||||
A BILL | |||||
To amend the Homeland Security Act of 2002 to reauthorize the National Computer Forensics Institute of the United States Secret Service, and for other purposes. | |||||
June 17, 2022 | |||||
Committee on the Judiciary discharged; committed to the Committee of the Whole House on the State of the Union and ordered to be printed |