FY2021 NDAA, Division A, Title XCIV, Section 9407 ("National cybersecurity challenges")

SEC. 9407. NATIONAL CYBERSECURITY CHALLENGES. (a) IN GENERAL.—Title II of the Cybersecurity Enhancement Act of 2014 (15 U.S.C. 7431 et seq.) is amended by adding at the end the following: ‘‘SEC. 205. NATIONAL CYBERSECURITY CHALLENGES. ‘‘(a) ESTABLISHMENT OF NATIONAL CYBERSECURITY CHALLENGES.— ‘‘(1) IN GENERAL.—To achieve high-priority breakthroughs in cybersecurity by 2028, the Secretary of Commerce shall establish the following national cybersecurity challenges: ‘‘(A) ECONOMICS OF A CYBER ATTACK.—Building more resilient systems that measurably and exponentially raise adversary costs of carrying out common cyber attacks. ‘‘(B) CYBER TRAINING.— ‘‘(i) Empowering the people of the United States with an appropriate and measurably sufficient level of digital literacy to make safe and secure decisions online. ‘‘(ii) Developing a cybersecurity workforce with measurable skills to protect and maintain information systems. ‘‘(C) EMERGING TECHNOLOGY.—Advancing cybersecurity efforts in response to emerging technology, such as artificial intelligence, quantum science, next generation communications, autonomy, data science, and computational technologies. ‘‘(D) REIMAGINING DIGITAL IDENTITY.—Maintaining a high sense of usability while improving the privacy, security, and safety of online activity of individuals in the United States. ‘‘(E) FEDERAL AGENCY RESILIENCE.—Reducing cybersecurity risks to Federal networks and systems, and improving the response of Federal agencies to cybersecurity incidents on such networks and systems. ‘‘(2) COORDINATION.—In establishing the challenges under paragraph (1), the Secretary shall coordinate with the Secretary of Homeland Security on the challenges under subparagraphs (B) and (E) of such paragraph.

‘‘(b) PURSUIT OF NATIONAL CYBERSECURITY CHALLENGES.— ‘‘(1) IN GENERAL.—Not later than 180 days after the date of the enactment of this section, the Secretary, acting through the Under Secretary of Commerce for Standards and Technology, shall commence efforts to pursue the national cybersecurity challenges established under subsection (a). ‘‘(2) COMPETITIONS.—The efforts required by paragraph (1) shall include carrying out programs to award prizes, including cash and noncash prizes, competitively pursuant to the authorities and processes established under section 24 of the Steven.son-Wydler Technology Innovation Act of 1980 (15 U.S.C. 3719) or any other applicable provision of law. ‘‘(3) ADDITIONAL AUTHORITIES.—In carrying out paragraph (1), the Secretary may enter into and perform such other transactions as the Secretary considers necessary and on such terms as the Secretary considers appropriate. ‘‘(4) COORDINATION.—In pursuing national cybersecurity challenges under paragraph (1), the Secretary shall coordinate with the following: ‘‘(A) The Director of the National Science Foundation. ‘‘(B) The Secretary of Homeland Security. ‘‘(C) The Director of the Defense Advanced Research Projects Agency. ‘‘(D) The Director of the Office of Science and Technology Policy. ‘‘(E) The Director of the Office of Management and Budget. ‘‘(F) The Administrator of the General Services Administration. ‘‘(G) The Federal Trade Commission. ‘‘(H) The heads of such other Federal agencies as the Secretary of Commerce considers appropriate for purposes of this section. ‘‘(5) SOLICITATION OF ACCEPTANCE OF FUNDS.— ‘‘(A) IN GENERAL.—Pursuant to section 24 of the Stevenson-Wydler Technology Innovation Act of 1980 (15 U.S.C. 3719), the Secretary shall request and accept funds from other Federal agencies, State, United States territory, local, or Tribal government agencies, private sector for-profit entities, and nonprofit entities to support efforts to pursue a national cybersecurity challenge under this section. ‘‘(B) RULE OF CONSTRUCTION.—Nothing in subparagraph (A) may be construed to require any person or entity to provide funds or otherwise participate in an effort or competition under this section.

‘‘(c) RECOMMENDATIONS.— ‘‘(1) IN GENERAL.—In carrying out this section, the Secretary of Commerce shall designate an advisory council to seek recommendations. ‘‘(2) ELEMENTS.—The recommendations required by paragraph (1) shall include the following: ‘‘(A) A scope for efforts carried out under subsection (b). ‘‘(B) Metrics to assess submissions for prizes under competitions carried out under subsection (b) as the submissions pertain to the national cybersecurity challenges established under subsection (a). ‘‘(3) NO ADDITIONAL COMPENSATION.—The Secretary may not provide any additional compensation, except for travel expenses, to a member of the advisory council designated under paragraph (1) for participation in the advisory council.’’.

(b) CONFORMING AMENDMENTS.—Section 201(a)(1) of such Act (15 U.S.C. 7431(a)(1)) is amended— (1) in subparagraph (J), by striking ‘‘and’’ after the semicolon; (2) by redesignating subparagraph (K) as subparagraph (L); and (3) by inserting after subparagraph (J) the following: ‘‘(K) implementation of section 205 through research and development on the topics identified under subsection (a) of such section; and’’. (c) CLERICAL AMENDMENT.—The table of contents in section 1(b) of such Act is amended by inserting after the item relating to section 204 the following: ‘‘Sec. 205. National cybersecurity challenges.’’.