https://www.intelligence.senate.gov/publications/report-accompany-s1761-intelligence-authorization-act-fiscal-year-2018-september-7-2017

Senate Report and S.1761, The Intelligence Authorization Act for Fiscal Year 2018

 [Senate Report 115-151]
[From the U.S. Government Publishing Office] 
                                                     Calendar No. 207
115th Congress     }                        {                 Report
                                 SENATE
 1st Session       }                        {                 115-151
======================================================================
          INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 2018
                                _______
               September 7, 2017.--Ordered to be printed
                                _______
         Mr. Burr, from the Select Committee on Intelligence, 
                        submitted the following
                              R E P O R T
                             together with
                     ADDITIONAL AND MINORITY VIEWS
                         [To accompany S. 1761]
    The Select Committee on Intelligence, having considered an 
original bill (S. 1761) to authorize appropriations for fiscal 
year 2018 for intelligence and intelligence-related activities 
of the United States Government, the Community Management 
Account, and the Central Intelligence Agency Retirement and 
Disability System, and for other purposes, reports favorably 
thereon and recommends that the bill do pass.
 
                Classified Annex to the Committee Report
 
    On June 12, 2017, acting pursuant to Section 364 of the 
Intelligence Authorization Act for Fiscal Year 2010 (Public Law 
111-259), the Director of National Intelligence (DNI) publicly 
disclosed that the President's aggregate request for the 
National Intelligence Program for Fiscal Year 2018 is $57.7 
billion. Other than for limited unclassified appropriations, 
primarily the Intelligence Community Management Account, the 
classified nature of United States intelligence activities 
precludes any further disclosure, including by the Committee, 
of the details of its budgetary recommendations. Accordingly, 
the Committee has prepared a classified annex to this report 
that contains a classified Schedule of Authorizations. The 
classified Schedule of Authorizations is incorporated by 
reference in the Intelligence Authorization Act (the ``Act'') 
and has the legal status of public law. The classified annex is 
made available to the Committees on Appropriations of the 
Senate and the House of Representatives and to the President. 
It is also available for review by any Member of the Senate 
subject to the provisions of Senate Resolution 400 of the 94th 
Congress (1976).
 
              Section-by-Section Analysis and Explanation
 
    The following is a section-by-section analysis and 
explanation of the Intelligence Authorization Act for Fiscal 
Year 2018 that is being reported by the Committee.
 
                    TITLE I--INTELLIGENCE ACTIVITIES
 
Section 101. Authorization of appropriations
 
    Section 101 lists the United States Government departments, 
agencies, and other elements for which the Act authorizes 
appropriations for intelligence and intelligence-related 
activities for Fiscal Year 2018.
 
Section 102. Classified Schedule of Authorizations
 
    Section 102 provides that the details of the amounts 
authorized to be appropriated for intelligence and 
intelligence-related activities for Fiscal Year 2018 are 
contained in the classified Schedule of Authorizations and that 
the classified Schedule of Authorizations shall be made 
available to the Committees on Appropriations of the Senate and 
House of Representatives and to the President.
 
Section 103. Personnel ceiling adjustments
 
    Section 103 provides that the DNI may authorize employment 
of civilian personnel in Fiscal Year 2018 in excess of the 
number of authorized positions by an amount not exceeding three 
percent of the total limit applicable to each Intelligence 
Community (IC) element under Section 102, and ten percent of 
the number of civilian personnel authorized under such schedule 
for the purposes of contractor conversions. The DNI may do so 
only if necessary to the performance of important intelligence 
functions.
 
Section 104. Intelligence Community Management Account
 
    Section 104 authorizes appropriations in the amount of 
$550,200,000 for the Intelligence Community Management Account 
(ICMA) of the Office of the Director of National Intelligence 
(ODNI) for the elements within the ICMA for Fiscal Year 2018.
 
 TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
 
Section 201. Authorization of appropriations
 
    Section 201 authorizes appropriations in the amount of 
$514,000,000 for the Central Intelligence Agency Retirement and 
Disability Fund for Fiscal Year 2018.
 
           TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
 
Section 301. Restriction on conduct of intelligence activities
 
    Section 301 provides that the authorization of 
appropriations by the Act shall not be deemed to constitute 
authority for the conduct of any intelligence activity that is 
not otherwise authorized by the Constitution or laws of the 
United States.
 
Section 302. Increase in employee compensation and benefits authorized 
        by law
 
    Section 302 provides that funds authorized to be 
appropriated by the Act for salary, pay, retirement, and other 
benefits for federal employees may be increased by such 
additional or supplemental amounts as may be necessary for 
increases in compensation or benefits authorized by law.
 
Section 303. Modification of special pay authority for science, 
        technology, engineering, or mathematics positions and addition 
        of special pay authority for cyber positions
 
    Section 303 provides an increased yearly cap for Science, 
Technology, Engineering, or Mathematics (STEM) employee 
positions in the IC who perform critical cyber missions.
 
Section 304. Director of National Intelligence review of placement of 
        positions within the intelligence community on the Executive 
        Schedule
 
    Section 304 requires the DNI to conduct a review of the 
positions within the IC that may be appropriate for inclusion 
on the Executive Schedule, and the appropriate levels for 
inclusion.
 
Section 305. Modification of appointment of Chief Information Officer 
        of the Intelligence Community
 
    Section 305 changes the position of IC Chief Information 
Officer from being subject to presidential appointment to being 
subject to appointment by the DNI.
 
Section 306. Supply Chain and Counterintelligence Risk Management Task 
        Force
 
    Section 306 requires the DNI to establish a task force to 
standardize information sharing between the IC and the United 
States Government acquisition community with respect to supply 
chain and counterintelligence risks. Section 306 further 
provides requirements for membership, security clearances, and 
annual reports.
 
Section 307. Inspector General of the Intelligence Community auditing 
        authority
 
    Section 307 permits the IC IG to hire contractor or expert 
auditors to meet audit requirements, similar to other Federal 
IGs. Section 307 responds to the Committee's concerns that the 
IC Inspector General (IC IG) is at risk of failing to meet its 
legislative requirements due to its inability to hire qualified 
auditors by granting the IC IG independent hiring practices 
identical to other IGs.
 
Section 308. Inspectors General studies on classification
 
    Section 308 requires each designated IG to carry out and 
submit to the congressional intelligence committees a report on 
the application of classification and handling markings on a 
representative sample of finished products, to include 
compartments. Section 308 also directs an analysis of 
compliance with declassification procedures and a review of the 
process for identifying topics of public or historical 
importance that merit prioritization for declassification 
review.
 
  TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
 
      Subtitle A--Office of the Director of National Intelligence
 
 
Section 401. Authority for the protection of current and former 
        employees of the Office of the Director of National 
        Intelligence
 
    Section 401 amends Title 50, section 3506, to provide 
protection for current and former ODNI personnel and designated 
immediate family members, if there is a national security 
threat that warrants such protection.
 
Section 402. Information sharing with State election officials
 
    Section 402 requires the DNI, within 30 days of enactment, 
to sponsor a security clearance for each eligible chief 
election official of a State, territory, or the District of 
Columbia (and up to one eligible designee), up to the top 
secret level. Section 402 also requires the DNI to share 
appropriate classified information-related threats to election 
systems and to the integrity of the election process with chief 
election officials and their designees who possess the 
aforementioned security clearances.
 
Section 403. Technical modification to the Executive Schedule
 
    Section 403 amends Title 50, section 5313, to add the 
Director of the National Counterintelligence and Security 
Center.
 
Section 404. Modification to the designation of the program manager-
        information sharing environment
 
    Section 404 changes the status of the Program Manager for 
the Information Sharing Environment from being subject to 
presidential appointment to being subject to appointment by the 
DNI.
 
                       Subtitle B--Other Elements
 
 
Section 411. Repeal of foreign language proficiency requirement for 
        certain senior level positions in the Central Intelligence 
        Agency
 
    Section 411 repeals Title 50, section 3036(g), with 
conforming amendments to section 611 of the Intelligence 
Authorization Act for Fiscal Year 2005 (Public Law 108-487).
 
                       Subtitle C--Other Elements
 
 
Section 421. Designation of the Counterintelligence Directorate of the 
        Defense Security Service as an element of the intelligence 
        community
 
    Section 421 adds the Defense Security Service's (DSS's) 
Counterintelligence (CI) Directorate to the IC elements in 50 
U.S.C. 3003(4), and requires all IC requirements that apply to 
IC elements to apply to the DSS CI as of the date of enactment.
 
                TITLE V--SECURING ENERGY INFRASTRUCTURE
 
Section 501. Short title
 
    Section 501 provides that this title may be cited as the 
``Securing Energy Infrastructure Act of 2017.''
 
Section 502. Definitions
 
    Section 502 provides the relevant definitions as cited 
throughout this title.
 
Section 503. Pilot program for securing energy infrastructure
 
    Section 503 requires the Director of Intelligence and 
Counterintelligence of the Department of Energy (hereinafter in 
this title, ``Director''), within 180 days of enactment, to 
establish a two-year control systems implementation pilot 
program within the National Labs. This pilot program will 
partner with covered entities in the energy sector to identify 
new security vulnerabilities, and for purposes of researching, 
developing, testing, and implementing technology platforms and 
standards in partnership with such entities.
 
Section 504. Working group to evaluate program standards and develop 
        strategy
 
    Section 504 requires the Director to establish a working 
group composed of identified private and public sector 
entities, to evaluate the technology platforms and standards 
for the pilot program specified in Section 503 and develop a 
national cyber-informed engineering strategy to isolate and 
defend covered entities from security vulnerabilities.
 
Section 505. Reports on the program
 
    Section 505 requires the Director within 180 days after the 
date on which funds are first disbursed to submit to the 
congressional intelligence committees, the Committee on Energy 
and Natural Resources of the Senate, and the Committee on 
Energy and Commerce of the House of Representatives, an interim 
report that describes the pilot program's results, provides a 
feasibility analysis, and describes the working group's 
evaluations. Section 505 further requires the Director, within 
two years of funding, to submit to the aforementioned 
committees a progress report on the pilot program specified in 
Section 503, an analysis of the feasibility of the methods 
studied, and a description of the working group's evaluation 
results.
 
Section 506. No new regulatory authority for Federal agencies
 
    Section 506 provides that nothing in this title permits the 
Director or the head of any other Federal agency to issue new 
regulations.
 
Section 507. Exemption from disclosure
 
    Section 507 provides that information shared by or with the 
Federal Government or a State, tribal, or local government 
under this title shall be deemed to be voluntarily shared and 
exempt from disclosure under relevant laws requiring such 
disclosure.
 
Section 508. Protection from liability
 
    Section 508 provides covered entities participating in the 
pilot program with protection from causes of action. Section 
508 further provides that covered entities cannot be subject to 
causes of action for refraining from participation.
 
Section 509. Authorization of appropriations
 
    Section 509 authorizes $10,000,000 to carry out the pilot 
program specified in Section 503, and $1,500,000 to carry out 
the working group and reporting provisions.
 
                  TITLE VI--REPORTS AND OTHER MATTERS
 
Section 601. Technical correction to Inspector General study
 
    Section 601 amends Title 50, section 11001(d), by replacing 
the IC IG's ``audit'' requirement for Inspectors General with 
employees having classified material access, with a ``review'' 
requirement.
 
Section 602. Governance for security clearance, suitability and fitness 
        for employment, and credentialing
 
    Section 602 establishes an interagency council comprised of 
representatives from the ODNI, Office of Management and Budget, 
Office of Personnel Management, Under Secretary of Defense for 
Intelligence, and National Background Investigation Bureau, to 
govern decisions and processes related to security clearances, 
suitability and fitness for employment, and credentialing. 
Section 602 further establishes the DNI as the government's 
Security Executive Agent and the Director of the Officer of 
Personnel Management as the government's Suitability Executive 
Agent and the Credentialing Executive Agent, specifying roles 
and responsibilities for each.
 
Section 603. Process for security clearances
 
    Section 603 incorporates several provisions relating to the 
security clearance process. Section 603 requires the following 
reviews: of the alignment among the Standard Form 86 background 
investigation questionnaire, the Federal Investigative 
Standards, and the adjudicative guidelines contained in 
Security Executive Agent Directive 4 (``National Security 
Adjudicative Guidelines''), as well as their collective utility 
in anticipating future insider threats; of certain methods to 
improve the background investigation process; and of the 
utility of the timelines for processing security clearances, as 
contained in the Intelligence Reform and Terrorism Prevention 
Act of 2004.
    Section 603 also directs the DNI, as the government's 
Security Executive Agent, to establish a policy on the issuance 
of interim security clearances; establish a policy for 
consistent treatment in the security clearance process between 
government and contractor personnel; issue a strategy and 
implementation plan for conducting periodic reinvestigations 
based on risk, not a specified time interval; issue a policy 
for the government's use of automated records checks conducted 
for prior employment purposes; and establish a policy and issue 
an implementation plan for sharing information between and 
among government agencies and industry related to security 
clearances, consistent with privacy concerns.
 
Section 604. Reports on the vulnerabilities equities policy and process 
        of the Federal Government
 
    Section 604 requires the head of each IC element to submit 
within 90 days of enactment to the congressional intelligence 
committees a report detailing the process and criteria the head 
of each IC element uses for determining to submit a 
vulnerability for review under the Federal Government's 
vulnerabilities equities policy and process. Section 604 
further requires the report to contain information about 
vulnerability disclosures to vendors, how many vulnerabilities 
have been patched, and when a patch or mitigation has been made 
publicly available.
 
Section 605. Bug bounty programs
 
    Section 605 directs the Under Secretary for Intelligence 
and Analysis of the Department of Homeland Security to submit 
to congressional leadership and the congressional intelligence 
committees a strategic plan to implement bug bounty programs at 
appropriate agencies and departments of the United States 
Government. Section 605 further requires the plan to include an 
assessment of the ``Hack the Pentagon'' pilot program and 
subsequent bug bounty programs. Section 605 also requires the 
plan to provide recommendations on the feasibility of 
initiating bug bounty programs across the United States 
Government.
 
Section 606. Report on cyber attacks by foreign governments against 
        United States election infrastructure
 
    Section 606 directs the Under Secretary for Intelligence 
and Analysis of the Department of Homeland Security to submit 
to congressional leadership and the congressional intelligence 
committees a report on cyber attacks and attempted cyber 
attacks by foreign governments on United States election 
infrastructure, in connection with the 2016 Presidential 
election. Section 606 further requires this report to include 
identification of the States and localities affected and 
include efforts to attack voter registration databases, voting 
machines, voting-related computer networks, and the networks of 
secretaries of State and other election officials.
 
Section 607. Review of intelligence community's posture to collect 
        against and analyze Russian efforts to influence the 
        presidential election
 
    Section 607 requires the DNI to submit to the congressional 
intelligence committees within one year of enactment a report 
on the Director's review of the IC's posture to collect against 
and analyze Russian efforts to interfere with the 2016 United 
States presidential election. Section 607 further requires the 
review to include assessments of IC resources, information 
sharing, and legal authorities.
 
Section 608. Assessment of foreign intelligence threats to Federal 
        elections
 
    Section 608 requires the DNI, in coordination with the 
Director of the CIA, the Director of the NSA, the Director of 
the FBI, the Secretary of Homeland Security, and the heads of 
other relevant IC elements, to commence assessments of security 
vulnerabilities of State election systems one year before 
regularly scheduled Federal elections. Section 608 further 
requires the DNI to submit a report on such assessments to 
congressional leadership and to the congressional intelligence 
committees 180 days before regularly scheduled Federal 
elections, and an updated assessment 90 days before regularly 
scheduled Federal election.
 
Section 609. Strategy for countering Russian cyber threats to United 
        States elections
 
    Section 609 requires the DNI, in coordination with the 
Secretary of Homeland Security, the Director of FBI, the 
Director of CIA, the Secretary of State, the Secretary of 
Defense, and the Secretary of the Treasury, to develop a whole-
of-government strategy for countering Russian cyber threats 
against United States electoral systems and processes. Section 
609 further requires this strategy to include input from 
solicited Secretaries of State and chief election officials. 
Section 609 requires the DNI and the Secretary of Homeland 
Security to brief the congressional intelligence committees on 
the required strategy within 90 days of enactment.
 
Section 610. Limitation relating to establishment or support of cyber 
        security unit with the Government of Russia
 
    Section 610 prohibits the Federal Government from expending 
any funds to establish or support a cybersecurity unit or other 
cyber agreement that is jointly established or otherwise 
implemented by the United States Government and the Russian 
Government, unless the DNI submits a report to the 
congressional intelligence committees at least 30 days prior to 
any such agreement. The report shall include the agreement's 
purpose, intended shared intelligence, value to national 
security, counterintelligence concerns, and any measures taken 
to mitigate such concerns.
 
Section 611. Report on returning Russian compounds
 
    Section 611 requires the IC to produce, within 180 days of 
enactment of this Act, both classified and unclassified reports 
on the intelligence risks of returning the two diplomatic 
compounds--one in New York and one in Maryland--taken from 
Russia as a reprisal for Russian meddling in the 2016 United 
States presidential election. Section 611 also establishes an 
ongoing requirement for producing similar assessments for 
future assignment of diplomatic compounds within the United 
States.
 
Section 612. Intelligence community assessment on threat of Russian 
        money laundering to the United States
 
    Section 612 requires the DNI, in coordination with the 
Secretary of the Treasury, to submit to the congressional 
intelligence committees within 180 days of enactment an IC 
assessment on the threat of Russian money laundering to the 
United States. Section 612 requires the assessment to be based 
on all-source intelligence from both the IC and the Office of 
Terrorism and Financial Intelligence of the Treasury Department 
and cover global nodes and entry points; vulnerabilities; 
connections between oligarchs, organized crime, and/or the 
Russian Government; counterintelligence threats to the United 
States; and challenges to United States Government efforts to 
enforce sanctions and combat organized crime.
 
Section 613. Notification of an active measures campaign
 
    Section 613 requires the DNI to notify the Chairman and 
Vice Chairman or Ranking Member of the congressional 
intelligence committees each time the DNI has determined there 
is credible information that a foreign power has, is, or will 
attempt to employ a covert influence or active measures 
campaign with regard to the modernization, employment, 
doctrine, or force posture of the nuclear deterrent or missile 
defense. Section 613 further requires that such notification 
must include information about the actions that the United 
States has taken to expose or halt such attempts.
 
Section 614. Notification of travel by accredited diplomatic and 
        consular personnel of the Russian Federation in the United 
        States
 
    Section 614 requires the Secretary of State, in executing 
the advance notification requirements of the Intelligence 
Authorization Act for Fiscal Year 2017, to ensure the Russian 
Federation provides two business days of advance notice to the 
Secretary prior to Russian diplomatic or consular travel, and 
to ensure that the Secretary provides further notification of 
this travel within one hour to the DNI and the Director of the 
Federal Bureau of Investigation.
 
Section 615. Modification of certain reporting requirement on travel of 
        foreign diplomats
 
    Section 615 amends a provision in the Intelligence 
Authorization Act for Fiscal Year 2017, to require reporting of 
``a best estimate'' of known or suspected violations of certain 
travel requirements by accredited diplomatic and consular 
personnel of the Russian Federation.
 
Section 616. Semiannual report on referrals to Department of Justice by 
        elements of the intelligence community regarding unauthorized 
        disclosure of classified information
 
    Section 616 requires the Assistant Attorney General of the 
Department of Justice, in consultation with the Director of the 
FBI, to submit to the congressional intelligence committees a 
semiannual report on the status of IC referrals to the 
Department regarding unauthorized disclosures of classified 
information.
 
Section 617. Notifications on designation of an intelligence officer as 
        a persona non grata
 
    Section 617 requires the DNI, in consultation with the 
Secretary of State, to submit to the congressional intelligence 
committees a notification within 30 days of an intelligence 
officer--either of the United States or of a foreign 
intelligence service stationed in the United States--being 
designated as a persona non grata. Section 617 further requires 
the notifications to include the basis for the designation and 
a justification for the expulsion.
 
Section 618. Biennial report on foreign investment risks
 
    Section 618 requires the DNI to establish an IC working 
group on foreign investment risks and prepare a biennial report 
to the congressional intelligence committees. Section 618 
further requires the report to include an identification, 
analysis, and explanation of national security vulnerabilities, 
foreign investment trends, foreign countries' strategies to 
exploit vulnerabilities, and market distortions caused by 
foreign countries.
 
Section 619. Report on surveillance by foreign governments against 
        United States telecommunications networks
 
    Section 619 requires the DNI, in coordination with the 
Director of the CIA, the Director of the NSA, the Director of 
the FBI, and the Secretary of Homeland Security, to submit to 
the congressional intelligence committees within 180 days of 
enactment a report on known attempts by foreign governments to 
exploit cybersecurity vulnerabilities in United States 
telecommunications networks to target for surveillance United 
States persons, and any actions that the IC has taken to 
protect United States Government agencies and personnel from 
such surveillance.
 
Section 620. Reports on authorities of the Chief Intelligence Officer 
        of the Department of Homeland Security
 
    Section 620 requires the Secretary of Homeland Security, in 
consultation with the Under Secretary for Intelligence and 
Analysis, to submit to the congressional intelligence 
committees a report on the adequacy of the Under Secretary's 
authorities required as the Chief Intelligence Officer to 
organize the Homeland Security Intelligence Enterprise, and the 
legal and policy changes necessary to coordinate, organize, and 
lead Department of Homeland Security intelligence activities.
 
Section 621. Report on geospatial commercial activities for basic and 
        applied research and development
 
    Section 621 requires the Director of the National 
Geospatial-Intelligence Agency to submit, within 30 days of 
enactment, to the congressional intelligence committees and the 
armed services committees a report on the authorities that the 
Director deems necessary to conduct certain commercial 
activities to engage in specified basic and applied research, 
data transfers, and development projects. This report should 
address how the Director would use such authorities, consistent 
with applicable laws and procedures to protect sources and 
methods.
 
Section 622. Technical amendments related to the Department of Energy
 
    Section 622 provides technical corrections to certain 
provisions regarding the Department of Energy's Office of 
Intelligence and Counterintelligence.
 
Section 623. Sense of Congress on WikiLeaks
 
    Section 623 provides a Sense of Congress that WikiLeaks and 
its senior leadership resemble a non-state hostile intelligence 
service, often abetted by state actors, and should be treated 
as such.
 
                           Committee Comments
 
 
Management of intelligence community workforce
 
    The Committee repeats direction from the Intelligence 
Authorization Act for Fiscal Year 2017 that IC elements should 
build, develop, and maintain a workforce appropriately balanced 
among its civilian, military, and contractor workforce sectors 
to meet the missions assigned to it in law and by the 
president. Starting in fiscal year 2019, the Committee will no 
longer authorize position ceiling levels in the annual Schedule 
of Authorizations.
    The bill, in Section 103, again includes authority for IC 
elements to adjust personnel ceilings by three percent, and by 
ten percent specifically for the purposes of contractor 
conversions. These flexibilities are temporary management tools 
to optimize the workforce this year that will cease in fiscal 
year 2019 when the IC can benefit from full implementation of 
the multi-sector workforce initiative.
    The Committee looks forward to working with the ODNI as it 
develops an implementation strategy and sets standards for 
workforce cost analysis tools.
 
Protection of the supply chain in intelligence community acquisition 
        decisions
 
    The Committee continues to have significant concerns about 
risks to the supply chain in IC acquisitions. The report to 
accompany the Intelligence Authorization Act for Fiscal Year 
2017 directed the DNI to review and consider changes to 
Intelligence Community Directive (ICD) 801 (``Acquisition'') to 
reflect issuance in 2013 of ICD 731 (``Supply Chain Risk 
Management'') and issues associated with cybersecurity. It 
specifically recommended the review examine whether to: expand 
risk management criteria in the acquisition process to include 
cyber and supply chain threats; require counterintelligence and 
security assessments as part of the acquisition and procurement 
process; propose and adopt new education requirements for 
acquisition professionals on cyber and supply chain threats; 
and factor in the cost of cyber and supply chain security. This 
review is due in November 2017, with a report on the process 
for updating ICD 801 due in December 2017.
    As part of this review, the Committee directs three other 
considerations to be addressed: changes in the Federal 
Acquisition Regulation that may be necessary; how changes 
should apply to all acquisition programs; and how security 
risks must be addressed across development, procurement, and 
operational phases of acquisition. The Committee further 
directs the DNI to submit a plan to implement necessary changes 
within 60 days of completion of this review.
 
National Geospatial-Intelligence Agency use of VERA and VSIP 
        Authorities
 
    The Committee encourages the use by the National 
Geospatial-Intelligence Agency (NGA) of Voluntary Early 
Retirement Authority (VERA) and Voluntary Separation Incentive 
Program (VSIP) offers to meet its future goals of building a 
workforce more attuned to automation of data production, 
automation of analytic processes, and establishment of 
development and operations (``DevOps'') software development 
processes.
    Therefore, the Committee directs the NGA to report to the 
congressional intelligence committees within 120 days of 
enactment of this Act on its plan for further use of VERA and 
VSIP incentives, to include how they can be used to develop an 
acquisition cadre skilled in ``DevOps'' software development 
processes. The report should specify metrics for retooling its 
workforce, including how it measures data literacy and 
computational skills in potential hires, and an accounting of 
the numbers of new hires who have met these higher standards.
 
Report on engagement of National Reconnaissance Office with university 
        community
 
    The Committee recognizes that the survivability and 
resiliency of United States satellites is critically important 
to the United States intelligence and defense communities. 
While the National Reconnaissance Office (NRO) engages with the 
university community in support of basic research and 
developing an education workforce pipeline to help advance new 
technologies and produce skilled professionals, it can do more 
in this regard to focus on space survivability.
    Therefore, the Committee directs the NRO to report within 
120 days of enactment of this Act on NRO's current efforts and 
future strategies to engage with university partners that are 
strategically located, host secure information facilities, and 
offer a strong engineering curriculum, with a particular focus 
on space survivability and resiliency. This report should 
provide a summary of NRO's current and planned university 
engagement programs, levels of funding, and program research 
and workforce objectives and metrics. The report should also 
include an assessment of the strategic utility of chartering a 
University Affiliated Research Center (UARC) in this domain.
 
Clarification of oversight responsibilities
 
    The Committee reinforces the requirement for all IC 
agencies funded by the National Intelligence Program to respond 
in a full, complete, and timely manner to any request made by a 
member of the congressional intelligence committees. In 
addition, the Committee directs the DNI to issue guidelines 
within 90 days to ensure that this provision is carried out.
 
Clarification on cooperation with investigation on Russian influence in 
        the 2016 election
 
    The Committee reinforces the obligation for all IC agencies 
to cooperate in a full, complete, and timely manner with the 
Committee's investigation into Russian meddling in the 2016 
Presidential election and all related inquiries being conducted 
by the Committee.
 
Supervisory feedback as part of continuous evaluation program
 
    The Committee directs the DNI to review the results of 
ongoing pilots regarding the use of supervisory feedback as 
part of the periodic reinvestigation and continuous evaluation 
process and report within 180 days of enactment of this Act on 
the establishment of a policy for its use across the IC.
 
National security threats to critical infrastructure
 
    The Committee is aware of significant threats to our 
critical infrastructure and industrial control systems posed by 
foreign adversaries. The sensitive nature of the information 
related to these threats make the role of the IC of vital 
importance to United States defensive efforts. The Committee 
has grave concerns that current IC resources dedicated to these 
threats and their analysis are neither sufficient nor closely 
coordinated. The Committee includes provisions within this 
legislation to address these concerns.
 
Inspector General of the Intelligence Community role and 
        responsibilities
 
    The Inspector General of the Intelligence Community (IC IG) 
was established by the Intelligence Authorization Act for 
Fiscal Year 2010 to initiate and ``conduct independent reviews 
investigations, inspections, audits, and reviews on programs 
and activities within the responsibility and authority of the 
Director of National Intelligence'' and to lead the IG 
community in its activities. The Committee is concerned that 
this intent is not fully exercised by the IC IG and reiterates 
the Congress's intent that it consider its role as an IG over 
all IC-wide activities in addition to the ODNI. To support this 
intent, the Committee has directed a number of requirements to 
strengthen the IC IG's role and expects full cooperation from 
all Offices of Inspector General across the IC.
    The Committee remains concerned about the level of 
protection afforded to whistleblowers within the IC and the 
level of insight congressional committees have into their 
disclosures. It is the Committee's expectation that all Offices 
of Inspector General across the IC will fully cooperate with 
the direction provided elsewhere in the bill to ensure both the 
Director of National Intelligence and the congressional 
committees have more complete awareness of the disclosures made 
to any IG about any National Intelligence Program funded 
activity.
 
Space launch facilities
 
    The Committee continues to believe it is critical to 
preserve a variety of launch range capabilities to support 
national security space missions, and encourages planned 
launches such as the U.S. Air Force Orbital/Sub-Orbital Program 
(OSP)-3 National Reconnaissance Office (NRO-111) mission, to be 
launched in 2018 on a Minotaur 1 from the Mid-Atlantic Regional 
Spaceport at Wallops Flight Facility. In the Fiscal Year 2017 
Intelligence Authorization Act, the Committee directed a brief 
from the ODNI, in consultation with the Department of Defense 
and the U.S. Air Force, on their plans to utilize state-owned 
and operated spaceports, which leverage non-federal public and 
private investments to bolster United States launch 
capabilities and provide access to mid-to-low or polar-to-high 
inclination orbits for national security missions.
    The Committee directs that the ODNI supplement this brief 
to consider how state investments in these spaceports may 
support infrastructure improvements, such as payload 
integration and launch capabilities, for national security 
launches.
 
                            Committee Action
 
    On July 27, 2017, a quorum being present, the Committee met 
to consider the bill and amendments. The Committee took the 
following actions:
 
Votes on amendments to committee bill, this report and the classified 
        annex
 
    By unanimous consent, the Committee made the Chairman and 
Vice Chairman's bill, together with the classified annex, the 
base text for purposes of amendment.
    By voice vote, the Committee adopted en bloc eight 
amendments to the classified annex, as sponsored by: (1) 
Chairman Burr and Vice Chairman Warner, as modified by a 
second-degree amendment by Chairman Burr and Senator Cotton; 
(2) Chairman Burr and Vice Chairman Warner; (3) Chairman Burr 
and Vice Chairman Warner; (4) Vice Chairman Warner and Senator 
Manchin; (5) Senator Manchin, as modified by a second-degree 
amendment by Chairman Burr; (6) Senator Lankford, as modified 
by a second-degree amendment by Senator Lankford and Vice 
Chairman Warner; (7) Senator Rubio, as modified by a second-
degree amendment also by Senator Rubio; and (8) Senator Rubio, 
Senator Cornyn, and Senator Manchin.
    By voice vote, the Committee adopted en bloc the following 
eleven amendments to the bill: (1) an amendment by Chairman 
Burr and Vice Chairman Warner to Section 505, regarding reports 
on an energy infrastructure pilot program; (2) an amendment by 
Vice Chairman Warner and Senator Heinrich, regarding Russia 
cyber threat strategy; (3) an amendment by Chairman Burr and 
Senator Rubio to Section 402, regarding information sharing 
with state election officials; (4) an amendment by Senator 
Collins, Senator Lankford, and Senator Manchin that requires 
the Department of Justice to report on Intelligence Community 
leaks; (5) an amendment by Senator Cotton that modifies a 
report requirement on certain Russia travel violations; (6) an 
amendment by Senator Heinrich, Senator King, and Senator Harris 
that requires reporting on the government's Vulnerabilities 
Equities Policy and Process; (7) an amendment by Senator 
Lankford to Section 608, regarding an assessment of foreign 
intelligence threats to federal elections; (8) an amendment by 
Senator Harris requiring an Intelligence Community review on 
Russian influence; (9) an amendment by Senator Wyden and 
Senator Manchin requiring a report on Russian money laundering; 
(10) an amendment by Senator Wyden prohibiting a United States-
Russia cyber unit; and (11) an amendment by Senator Wyden 
requiring a report on foreign government surveillance against 
United States telecommunications networks.
    By voice vote, the Committee adopted a second-degree 
amendment by Senator King to an amendment by Senator Wyden that 
would have stricken Section 623 of the bill. Section 623 
originally provided a Sense of Congress that WikiLeaks and its 
senior leadership constitute a non-state hostile intelligence 
service.
    By a vote of 13 ayes to 2 noes, the Committee adopted the 
amendment by Senator Wyden that would have stricken Section 623 
of the bill, as modified by the second-degree amendment by 
Senator King, to provide a Sense of Congress that WikiLeaks and 
its senior leadership resemble a non-state hostile intelligence 
service. The votes in person or by proxy were as follows: 
Chairman Burr--aye; Senator Risch--aye; Senator Rubio--aye; 
Senator Collins--aye; Senator Blunt--aye; Senator Lankford--
aye; Senator Cotton--aye; Senator Cornyn--aye; Vice Chairman 
Warner--aye; Senator Feinstein--aye; Senator Wyden--no; Senator 
Heinrich--aye; Senator King--aye; Senator Manchin--aye; and 
Senator Harris--no.
    Senator Feinstein offered an amendment regarding civil 
injunction actions and an amendment to require reports on 
terrorist activities, both of which she subsequently withdrew.
    Senator Wyden offered an amendment regarding whistleblower 
protections for Intelligence Community contractors, which he 
subsequently withdrew.
    Senator Cotton offered three amendments, which he 
subsequently withdrew, as follows: (1) an amendment to require 
a declassification review of materials relating to the Iran 
Joint Comprehensive Plan of Action; (2) an amendment to make a 
conforming edit to 18 U.S.C. 2709, to clarify that the 
government is permitted to obtain non-content electronic 
communications transactional records; and (3) an amendment to 
reauthorize Title VII of the Foreign Intelligence Surveillance 
Act.
 
Vote to report the committee bill
 
    The Committee voted to report the bill, as amended, by a 
vote of 14 ayes and 1 no. The votes in person or by proxy were 
as follows: Chairman Burr--aye; Senator Risch--aye; Senator 
Rubio--aye; Senator Collins--aye; Senator Blunt--aye; Senator 
Lankford--aye; Senator Cotton--aye; Senator Cornyn--aye; Vice 
Chairman Warner--aye; Senator Feinstein--aye; Senator Wyden--
no; Senator Heinrich--aye; Senator King--aye; Senator Manchin--
aye; and Senator Harris--aye.
    By unanimous consent, the Committee authorized the staff to 
make technical and conforming changes, following the completion 
of the mark-up.
 
                       Compliance With Rule XLIV
 
     Rule XLIV of the Standing Rules of the Senate requires 
publication of a list of any ``congressionally directed 
spending item, limited tax benefit, and limited tariff 
benefit'' that is included in the bill or the committee report 
accompanying the bill. Consistent with the determination of the 
Committee not to create any congressionally directed spending 
items or earmarks, none have been included in the bill, the 
report to accompany it, or the classified schedule of 
authorizations. The bill, report, and classified schedule also 
contain no limited tax benefits or limited tariff benefits.
 
                           Estimate of Costs
 
    Pursuant to paragraph 11(a)(3) of rule XXVI of the Standing 
Rules of the Senate, the Committee deems it impractical to 
include an estimate of the costs incurred in carrying out the 
provisions of this report due to the classified nature of the 
operations conducted pursuant to this legislation. On July 27, 
2017, the Committee transmitted this bill to the Congressional 
Budget Office and requested an estimate of the costs incurred 
in carrying out the unclassified provisions.
 
                    Evaluation of Regulatory Impact
 
     In accordance with paragraph 11(b) of rule XXVI of the 
Standing Rules of the Senate, the Committee finds that no 
substantial regulatory impact will be incurred by implementing 
the provisions of this legislation.
 
                   ADDITIONAL VIEWS OF SENATOR HARRIS
 
    I support the Senate Select Committee on Intelligence's 
Fiscal Year 2018 Intelligence Authorization Act because it 
advances a number of important intelligence oversight goals 
ranging from transparency on cyber vulnerabilities to tracking 
foreign threats to our elections. Nevertheless, despite my 
overall support for the bill, it is not perfect.
    In particular, I have reservations about Section 623, which 
establishes a Sense of Congress that WikiLeaks and the senior 
leadership of WikiLeaks resemble a non-state hostile 
intelligence service. The Committee's bill offers no definition 
of ``non-state hostile intelligence service'' to clarify what 
this term is and is not. Section 623 also directs the United 
States to treat WikiLeaks as such a service, without offering 
further clarity.
    To be clear, I am no supporter of WikiLeaks, and believe 
that the organization and its leadership have done considerable 
harm to this country. This issue needs to be addressed. 
However, the ambiguity in the bill is dangerous because it 
fails to draw a bright line between WikiLeaks and legitimate 
journalistic organizations that play a vital role in our 
democracy.
    I supported efforts to remove this language in Committee 
and look forward to working with my colleagues as the bill 
proceeds to address my concerns.
                                                  Kamala D. Harris.
 
                    MINORITY VIEWS OF SENATOR WYDEN
 
    The Fiscal Year 2018 Intelligence Authorization bill 
includes three important amendments I offered.
    The first amendment requires that the Director of National 
Intelligence, in coordination with the Secretary of the 
Treasury, produce a report on the threat to the United States 
from Russian money laundering. It has become apparent that 
following the trail of illicit Russian money is a central 
component of any counterintelligence investigation related to 
Russia. Russian money laundering also threatens the U.S. 
financial system as well as efforts to enforce sanctions and 
fight organized crime. This report will bring together the 
resources of the Intelligence Community and elements of the 
Treasury Department under the Office of Terrorism and Financial 
Intelligence, such as the Financial Crimes Enforcement Network 
(FinCEN), so that the government and the Congress can 
understand the complex and hidden networks of shell companies 
and other money laundering instruments overseas and here in the 
United States.
    The second amendment prohibits the U.S.-Russia cyber 
security unit announced by the President on July 9, 2017, or 
any other U.S.-Russia cyber agreement, unless Congress has full 
information about what the administration intends. The 
President's statement that this unit will ensure that 
``election hacking, & many other negative things, will be 
guarded and safe'' raises numerous counterintelligence 
concerns, given Russia's hacking in connection with the 2016 
U.S. election. My amendment thus requires the DNI, at least 30 
days prior to any such agreement, to report on what 
intelligence will be shared with Russia, the 
counterintelligence concerns associated with any such 
agreement, and what will be done to mitigate those concerns.
    The third amendment requires a report on the threat that 
cyber security vulnerabilities in telecommunications networks, 
including Signaling System No. 7 (SS7), could result in foreign 
government surveillance of Americans, including U.S. government 
personnel. A Department of Homeland Security report from April 
highlighted the risks of SS7 vulnerabilities. My amendment will 
require the whole of the Intelligence Community to report on 
whether foreign government surveillance is occurring as a 
result of this known vulnerability, and what the IC is doing 
about it.
    One important reform lacking from the bill is whistleblower 
protections for Intelligence Community contractors, who are not 
afforded the protections provided either to Intelligence 
Community employees or to contractors outside the Intelligence 
Community. By addressing this gap, Congress potentially could 
save the taxpayers millions of dollars. Extending whistleblower 
protections to IC contractors also helps discourage leaks by 
granting potential leakers protected classified channels to 
express concerns. It is my intent to continue to work with 
colleagues to address this shortcoming in whistleblower 
protections in the near future.
    My opposition to the bill is based on a provision stating 
that it is the Sense of Congress ``that WikiLeaks and the 
senior leadership of WikiLeaks resemble a non-state hostile 
intelligence service often abetted by state actors and should 
be treated as such a service by the United States.'' My concern 
with this language does not relate to the actions of WikiLeaks, 
which, as I have stressed in the past, was part of a direct 
attack on our democracy. My concern is that the use of the 
novel phrase ``non-state hostile intelligence service'' may 
have legal, constitutional, and policy implications, 
particularly should it be applied to journalists inquiring 
about secrets. The language in the bill suggesting that the 
U.S. government has some unstated course of action against 
``non-state hostile intelligence services'' is equally 
troubling.
    The damage done by WikiLeaks to the United States is clear. 
But with any new challenge to our country, Congress ought not 
react in a manner that could have negative consequences, 
unforeseen or not, for our constitutional principles. The 
introduction of vague, undefined new categories of enemies 
constitutes such an ill-considered reaction.
                                                         Ron Wyden.


https://www.intelligence.senate.gov/legislation/intelligence-authorization-act-fiscal-year-2018-reported-august-18-2017
Intelligence Authorization Act for Fiscal Year 2018, as reported on August 18, 2017
[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 1761 Placed on Calendar Senate (PCS)] 
                                                       Calendar No. 207
115th CONGRESS
  1st Session
                                S. 1761
 
 To authorize appropriations for fiscal year 2018 for intelligence and 
 intelligence-related activities of the United States Government, the 
   Community Management Account, and the Central Intelligence Agency 
       Retirement and Disability System, and for other purposes.
_______________________________________________________________________
                   IN THE SENATE OF THE UNITED STATES
                            August 18, 2017
  Mr. Burr, from the Select Committee on Intelligence of the Senate, 
reported, under authority of the order of the Senate of August 3, 2017, 
  the following original bill; which was read twice and placed on the 
                                calendar
_______________________________________________________________________
                                 A BILL
 
 To authorize appropriations for fiscal year 2018 for intelligence and 
 intelligence-related activities of the United States Government, the 
   Community Management Account, and the Central Intelligence Agency 
       Retirement and Disability System, and for other purposes.
 
    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,
 
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
 
    (a) Short Title.--This Act may be cited as the ``Intelligence 
Authorization Act for Fiscal Year 2018''.
    (b) Table of Contents.--The table of contents for this Act is as 
follows:
 
Sec. 1. Short title; table of contents.
Sec. 2. Definitions.
                    TITLE I--INTELLIGENCE ACTIVITIES
 
Sec. 101. Authorization of appropriations.
Sec. 102. Classified Schedule of Authorizations.
Sec. 103. Personnel ceiling adjustments.
Sec. 104. Intelligence Community Management Account.
 TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
 
Sec. 201. Authorization of appropriations.
           TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
 
Sec. 301. Restriction on conduct of intelligence activities.
Sec. 302. Increase in employee compensation and benefits authorized by 
                            law.
Sec. 303. Modification of special pay authority for science, 
                            technology, engineering, or mathematics 
                            positions and addition of special pay 
                            authority for cyber positions.
Sec. 304. Director of National Intelligence review of placement of 
                            positions within the intelligence community 
                            on the Executive Schedule.
Sec. 305. Modification of appointment of Chief Information Officer of 
                            the Intelligence Community.
Sec. 306. Supply Chain and Counterintelligence Risk Management Task 
                            Force.
Sec. 307. Inspector General of the Intelligence Community auditing 
                            authority.
Sec. 308. Inspectors General studies on classification.
  TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
 
      Subtitle A--Office of the Director of National Intelligence
 
Sec. 401. Authority for the protection of current and former employees 
                            of the Office of the Director of National 
                            Intelligence.
Sec. 402. Information sharing with State election officials.
Sec. 403. Technical modification to the Executive Schedule.
Sec. 404. Modification to the designation of the program manager-
                            information sharing environment.
                Subtitle B--Central Intelligence Agency
 
Sec. 411. Repeal of foreign language proficiency requirement for 
                            certain senior level positions in the 
                            Central Intelligence Agency.
                       Subtitle C--Other Elements
 
Sec. 421. Designation of the Counterintelligence Directorate of the 
                            Defense Security Service as an element of 
                            the intelligence community.
                TITLE V--SECURING ENERGY INFRASTRUCTURE
 
Sec. 501. Short title.
Sec. 502. Definitions.
Sec. 503. Pilot program for securing energy infrastructure.
Sec. 504. Working group to evaluate program standards and develop 
                            strategy.
Sec. 505. Reports on the Program.
Sec. 506. No new regulatory authority for Federal agencies.
Sec. 507. Exemption from disclosure.
Sec. 508. Protection from liability.
Sec. 509. Authorization of appropriations.
                  TITLE VI--REPORTS AND OTHER MATTERS
 
Sec. 601. Technical correction to Inspector General study.
Sec. 602. Governance for security clearance, suitability and fitness 
                            for employment, and credentialing.
Sec. 603. Process for security clearances.
Sec. 604. Reports on the vulnerabilities equities policy and process of 
                            the Federal Government.
Sec. 605. Bug bounty programs.
Sec. 606. Report on cyber attacks by foreign governments against United 
                            States election infrastructure.
Sec. 607. Review of intelligence community's posture to collect against 
                            and analyze Russian efforts to influence 
                            the presidential election.
Sec. 608. Assessment of foreign intelligence threats to Federal 
                            elections.
Sec. 609. Strategy for countering Russian cyber threats to United 
                            States elections.
Sec. 610. Limitation relating to establishment or support of cyber 
                            security unit with the Government of 
                            Russia.
Sec. 611. Report on returning Russian compounds.
Sec. 612. Intelligence community assessment on threat of Russian money 
                            laundering to the United States.
Sec. 613. Notification of an active measures campaign.
Sec. 614. Notification of travel by accredited diplomatic and consular 
                            personnel of the Russian Federation in the 
                            United States.
Sec. 615. Modification of certain reporting requirement on travel of 
                            foreign diplomats.
Sec. 616. Semiannual report on referrals to Department of Justice by 
                            elements of the intelligence community 
                            regarding unauthorized disclosure of 
                            classified information.
Sec. 617. Notifications of designation of an intelligence officer as a 
                            persona non grata.
Sec. 618. Biennial report on foreign investment risks.
Sec. 619. Report on surveillance by foreign governments against United 
                            States telecommunications networks.
Sec. 620. Reports on authorities of the Chief Intelligence Officer of 
                            the Department of Homeland Security.
Sec. 621. Report on geospatial commercial activities for basic and 
                            applied research and development.
Sec. 622. Technical amendments related to the Department of Energy.
Sec. 623. Sense of Congress on WikiLeaks.
 
SEC. 2. DEFINITIONS.
 
    In this Act:
            (1) Congressional intelligence committees.--The term 
        ``congressional intelligence committees'' means--
                    (A) the Select Committee on Intelligence of the 
                Senate; and
                    (B) the Permanent Select Committee on Intelligence 
                of the House of Representatives.
            (2) Intelligence community.--The term ``intelligence 
        community'' has the meaning given that term in section 3 of the 
        National Security Act of 1947 (50 U.S.C. 3003).
 
                    TITLE I--INTELLIGENCE ACTIVITIES
 
SEC. 101. AUTHORIZATION OF APPROPRIATIONS.
 
    Funds are hereby authorized to be appropriated for fiscal year 2018 
for the conduct of the intelligence and intelligence-related activities 
of the following elements of the United States Government:
            (1) The Office of the Director of National Intelligence.
            (2) The Central Intelligence Agency.
            (3) The Department of Defense.
            (4) The Defense Intelligence Agency.
            (5) The National Security Agency.
            (6) The Department of the Army, the Department of the Navy, 
        and the Department of the Air Force.
            (7) The Coast Guard.
            (8) The Department of State.
            (9) The Department of the Treasury.
            (10) The Department of Energy.
            (11) The Department of Justice.
            (12) The Federal Bureau of Investigation.
            (13) The Drug Enforcement Administration.
            (14) The National Reconnaissance Office.
            (15) The National Geospatial-Intelligence Agency.
            (16) The Department of Homeland Security.
 
SEC. 102. CLASSIFIED SCHEDULE OF AUTHORIZATIONS.
 
    (a) Specifications of Amounts.--The amounts authorized to be 
appropriated under section 101 and, subject to section 103, the 
authorized personnel ceilings as of September 30, 2018, for the conduct 
of the intelligence activities of the elements listed in paragraphs (1) 
through (16) of section 101, are those specified in the classified 
Schedule of Authorizations prepared to accompany this Act.
    (b) Availability of Classified Schedule of Authorizations.--
            (1) Availability.--The classified Schedule of 
        Authorizations referred to in subsection (a) shall be made 
        available to the Committee on Appropriations of the Senate, the 
        Committee on Appropriations of the House of Representatives, 
        and the President.
            (2) Distribution by the president.--Subject to paragraph 
        (3), the President shall provide for suitable distribution of 
        the classified Schedule of Authorizations referred to in 
        subsection (a), or of appropriate portions of such Schedule, 
        within the executive branch.
            (3) Limits on disclosure.--The President shall not publicly 
        disclose the classified Schedule of Authorizations or any 
        portion of such Schedule except--
                    (A) as provided in section 601(a) of the 
                Implementing Recommendations of the 9/11 Commission Act 
                of 2007 (50 U.S.C. 3306(a));
                    (B) to the extent necessary to implement the 
                budget; or
                    (C) as otherwise required by law.
 
SEC. 103. PERSONNEL CEILING ADJUSTMENTS.
 
    (a) Authority for Increases.--The Director of National Intelligence 
may authorize employment of civilian personnel in excess of the number 
authorized for fiscal year 2018 by the classified Schedule of 
Authorizations referred to in section 102(a) if the Director of 
National Intelligence determines that such action is necessary to the 
performance of important intelligence functions, except that the number 
of personnel employed in excess of the number authorized under such 
section may not, for any element of the intelligence community, 
exceed--
            (1) 3 percent of the number of civilian personnel 
        authorized under such schedule for such element; or
            (2) 10 percent of the number of civilian personnel 
        authorized under such schedule for such element for the 
        purposes of converting the performance of any function by 
        contractors to performance by civilian personnel.
    (b) Treatment of Certain Personnel.--The Director of National 
Intelligence shall establish guidelines that govern, for each element 
of the intelligence community, the treatment under the personnel levels 
authorized under section 102(a), including any exemption from such 
personnel levels, of employment or assignment in--
            (1) a student program, trainee program, or similar program;
            (2) a reserve corps or as a reemployed annuitant; or
            (3) details, joint duty, or long-term, full-time training.
    (c) Notice to Congressional Intelligence Committees.--Not later 
than 15 days prior to the exercise of an authority described in 
subsection (a), the Director of National Intelligence shall submit to 
the congressional intelligence committees--
            (1) a written notice of the exercise of such authority; and
            (2) in the case of an exercise of such authority subject to 
        the limitation in subsection (a)(2), a written justification 
        for the contractor conversion that includes a comparison of 
        whole of government costs.
 
SEC. 104. INTELLIGENCE COMMUNITY MANAGEMENT ACCOUNT.
 
    (a) Authorization of Appropriations.--There is authorized to be 
appropriated for the Intelligence Community Management Account of the 
Director of National Intelligence for fiscal year 2018 the sum of 
$550,200,000. Within such amount, funds identified in the classified 
Schedule of Authorizations referred to in section 102(a) for advanced 
research and development shall remain available until September 30, 
2019.
    (b) Authorized Personnel Levels.--The elements within the 
Intelligence Community Management Account of the Director of National 
Intelligence are authorized 797 positions as of September 30, 2018. 
Personnel serving in such elements may be permanent employees of the 
Office of the Director of National Intelligence or personnel detailed 
from other elements of the United States Government.
    (c) Classified Authorizations.--
            (1) Authorization of appropriations.--In addition to 
        amounts authorized to be appropriated for the Intelligence 
        Community Management Account by subsection (a), there are 
        authorized to be appropriated for the Intelligence Community 
        Management Account for fiscal year 2018 such additional amounts 
        as are specified in the classified Schedule of Authorizations 
        referred to in section 102(a). Such additional amounts made 
        available for advanced research and development shall remain 
        available until September 30, 2019.
            (2) Authorization of personnel.--In addition to the 
        personnel authorized by subsection (b) for elements of the 
        Intelligence Community Management Account as of September 30, 
        2018, there are authorized such additional personnel for the 
        Community Management Account as of that date as are specified 
        in the classified Schedule of Authorizations referred to in 
        section 102(a).
 
 TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
 
SEC. 201. AUTHORIZATION OF APPROPRIATIONS.
 
    There is authorized to be appropriated for the Central Intelligence 
Agency Retirement and Disability Fund for fiscal year 2018 the sum of 
$514,000,000.
 
           TITLE III--GENERAL INTELLIGENCE COMMUNITY MATTERS
 
SEC. 301. RESTRICTION ON CONDUCT OF INTELLIGENCE ACTIVITIES.
 
    The authorization of appropriations by this Act shall not be deemed 
to constitute authority for the conduct of any intelligence activity 
which is not otherwise authorized by the Constitution or the laws of 
the United States.
 
SEC. 302. INCREASE IN EMPLOYEE COMPENSATION AND BENEFITS AUTHORIZED BY 
              LAW.
 
    Appropriations authorized by this Act for salary, pay, retirement, 
and other benefits for Federal employees may be increased by such 
additional or supplemental amounts as may be necessary for increases in 
such compensation or benefits authorized by law.
 
SEC. 303. MODIFICATION OF SPECIAL PAY AUTHORITY FOR SCIENCE, 
              TECHNOLOGY, ENGINEERING, OR MATHEMATICS POSITIONS AND 
              ADDITION OF SPECIAL PAY AUTHORITY FOR CYBER POSITIONS.
 
    (a) In General.--Section 113B of the National Security Act of 1947 
(50 U.S.C. 3049a) is amended--
            (1) by amending subsection (a) to read as follows:
    ``(a) Special Rates of Pay for Positions Requiring Expertise in 
Science, Technology, Engineering, or Mathematics.--
            ``(1) In general.--Notwithstanding part III of title 5, 
        United States Code, the head of each element of the 
        intelligence community may, for 1 or more categories of 
        positions in such element that require expertise in science, 
        technology, engineering, or mathematics (STEM)--
                    ``(A) establish higher minimum rates of pay; and
                    ``(B) make corresponding increases in all rates of 
                pay of the pay range for each grade or level, subject 
                to subsection (b) or (c), as applicable.
            ``(2) Treatment.--The special rate supplements resulting 
        from the establishment of higher rates under paragraph (1) 
        shall be basic pay for the same or similar purposes as those 
        specified in section 5305(j) of title 5, United States Code.'';
            (2) by striking subsection (f);
            (3) by redesignating subsections (b) through (e) as 
        subsections (c) through (f), respectively;
            (4) by inserting after subsection (a) the following:
    ``(b) Special Rates of Pay for Cyber Positions.--
            ``(1) In general.--Notwithstanding subsection (c), the 
        Director of the National Security Agency may establish a 
        special rate of pay--
                    ``(A) not to exceed the rate of basic pay payable 
                for level II of the Executive Schedule under section 
                5313 of title 5, United States Code, if the Director 
                certifies to the Under Secretary of Defense for 
                Intelligence, in consultation with the Under Secretary 
                of Defense for Personnel and Readiness, that the rate 
                of pay is for positions that perform functions that 
                execute the cyber mission of the Agency; or
                    ``(B) not to exceed the rate of basic pay payable 
                for the Vice President of the United States under 
                section 104 of title 3, United States Code, if the 
                Director certifies to the Secretary of Defense, by 
                name, individuals that have advanced skills and 
                competencies and that perform critical functions that 
                execute the cyber mission of the Agency.
            ``(2) Pay limitation.--Employees receiving a special rate 
        under paragraph (1) shall be subject to an aggregate pay 
        limitation that parallels the limitation established in section 
        5307 of title 5, United States Code, except that--
                    ``(A) any allowance, differential, bonus, award, or 
                other similar cash payment in addition to basic pay 
                that is authorized under title 10, United States Code, 
                (or any other applicable law in addition to title 5 of 
                such Code, excluding the Fair Labor Standards Act) 
                shall also be counted as part of aggregate 
                compensation; and
                    ``(B) aggregate compensation may not exceed the 
                rate established for the Vice President of the United 
                States under section 104 of title 3, United States 
                Code.
            ``(3) Limitation on number of recipients.--The number of 
        individuals who receive basic pay established under paragraph 
        (1)(B) may not exceed 100 at any time.
            ``(4) Limitation on use as comparative reference.--
        Notwithstanding any other provision of law, special rates of 
        pay and the limitation established under paragraph (1)(B) may 
        not be used as comparative references for the purpose of fixing 
        the rates of basic pay or maximum pay limitations of qualified 
        positions under section 1599f of title 10, United States Code, 
        or section 226 of the Homeland Security Act of 2002 (6 U.S.C. 
        147).''; and
            (5) in subsection (c), as redesignated by paragraph (3), by 
        striking ``A minimum'' and inserting ``Except as provided in 
        subsection (b), a minimum''.
    (b) Special Rates for Cyber Employees Under Title 5.--Section 5305 
of title 5, United States Code, is amended--
            (1) in subsection (g)(1), by striking ``subsection (h)'' 
        and inserting ``subsections (h) and (k)''; and
            (2) by adding at the end the following subsections:
    ``(k)(1) Notwithstanding the rate limitations set forth in 
subsections (a)(1) and (g)(2), the Office of Personnel Management may 
establish under this section a rate of pay that does not exceed the 
rate of basic pay payable for level II of the Executive Schedule under 
section 5313 for employees in positions that perform functions that 
execute a cyber mission and who are certified to have specified skills 
and competencies.
    ``(2) Payments under subsection (g)(1) may not be made to an 
employee receiving a rate of pay established under this section and 
described in paragraph (1) of this subsection if, or to the extent 
that, when added to basic pay otherwise payable, such payments would 
cause the total to exceed the rate of basic pay payable for level II of 
the Executive Schedule under section 5313.
    ``(l) An employee who is subject to a reduction or termination of a 
special rate of pay established under this section due to not 
maintaining a required skill or competency certification, or due to not 
obtaining a revised skill or competency certification, shall not be 
entitled to pay retention under section 5363 based on any resulting 
reduction in pay.''.
 
SEC. 304. DIRECTOR OF NATIONAL INTELLIGENCE REVIEW OF PLACEMENT OF 
              POSITIONS WITHIN THE INTELLIGENCE COMMUNITY ON THE 
              EXECUTIVE SCHEDULE.
 
    The Director of National Intelligence shall conduct a review of 
positions within the intelligence community regarding the placement of 
such positions on the Executive Schedule under subchapter II of chapter 
53 of title 5, United States Code. In carrying out such review, the 
Director shall determine--
            (1) which positions should or should not be on the 
        Executive Schedule; and
            (2) for those positions that should be on the Executive 
        Schedule, the level of the Executive Schedule at which such 
        positions should be placed.
 
SEC. 305. MODIFICATION OF APPOINTMENT OF CHIEF INFORMATION OFFICER OF 
              THE INTELLIGENCE COMMUNITY.
 
    Section 103G(a) of the National Security Act of 1947 (50 U.S.C. 
3032(a)) is amended by striking ``President'' and inserting 
``Director''.
 
SEC. 306. SUPPLY CHAIN AND COUNTERINTELLIGENCE RISK MANAGEMENT TASK 
              FORCE.
 
    (a) Requirement to Establish.--The Director of National 
Intelligence shall establish a Supply Chain and Counterintelligence 
Risk Management Task Force to standardize information sharing between 
the intelligence community and the acquisition community of the 
Government of the United States with respect to the supply chain and 
counterintelligence risks.
    (b) Members.--The Supply Chain and Counterintelligence Risk 
Management Task Force shall be composed of--
            (1) a representative of the Defense Security Service;
            (2) a representative of the General Services 
        Administration;
            (3) a representative of the Office of Federal Procurement 
        Policy of the Office of Management and Budget; and
            (4) any other members the Director of National Intelligence 
        determines appropriate.
    (c) Security Clearances.--Each member of the Supply Chain and 
Counterintelligence Risk Management Task Force shall have a security 
clearance at the Top Secret and Sensitive Compartmented Information 
level.
    (d) Annual Report.--The Supply Chain and Counterintelligence Risk 
Management Task Force shall submit to the congressional intelligence 
committees an annual report that describes the activities of the Task 
Force during the previous year, including identification of the supply 
chain and counterintelligence risks shared with the acquisition 
community of the Government of the United States by the intelligence 
community.
 
SEC. 307. INSPECTOR GENERAL OF THE INTELLIGENCE COMMUNITY AUDITING 
              AUTHORITY.
 
    Section 103H(j)(2)(A) of the National Security Act of 1947 (50 
U.S.C. 3033(j)(2)(A)) is amended--
            (1) by striking ``law and the policies of the Director of 
        National Intelligence,'' and inserting ``law,''; and
            (2) by striking ``General.'' and inserting ``General and is 
        authorized to obtain the temporary or intermittent services of 
        experts or consultants or an organization thereof.''.
 
SEC. 308. INSPECTORS GENERAL STUDIES ON CLASSIFICATION.
 
    (a) Requirement for Study.--Not later than October 1, 2019, each 
Inspector General listed in subsection (b) shall carry out and submit 
to the congressional intelligence committees a report on the following:
            (1) A study of the application of classification and 
        handling markers on a representative sample of finished 
        reports, including compartments.
            (2) A study analyzing compliance with declassification 
        procedures.
            (3) A study on reviewing processes for identifying topics 
        of public or historical importance that merit prioritization 
        for a declassification review.
    (b) Inspectors General.--The Inspectors General listed in this 
subsection are as follows:
            (1) The Inspector General of the Intelligence Community.
            (2) The Inspector General of the Central Intelligence 
        Agency.
            (3) The Inspector General of the National Security Agency.
            (4) The Inspector General of the Defense Intelligence 
        Agency.
            (5) The Inspector General of the National Reconnaissance 
        Office.
            (6) The Inspector General of the National Geospatial-
        Intelligence Agency.
 
  TITLE IV--MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY
 
      Subtitle A--Office of the Director of National Intelligence
 
SEC. 401. AUTHORITY FOR THE PROTECTION OF CURRENT AND FORMER EMPLOYEES 
              OF THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE.
 
    Section 5(a)(4) of the Central Intelligence Agency Act of 1949 (50 
U.S.C. 3506(a)(4)) is amended by striking ``such personnel of the 
Office of the Director of National Intelligence as the Director of 
National Intelligence may designate;'' and inserting ``current and 
former personnel of the Office of the Director of National Intelligence 
and their immediate families as the Director of National Intelligence 
may designate;''.
 
SEC. 402. INFORMATION SHARING WITH STATE ELECTION OFFICIALS.
 
    (a) Security Clearances.--
            (1) In general.--Not later than 30 days after the date of 
        the enactment of this Act, the Director of National 
        Intelligence shall sponsor a security clearance up to the top 
        secret level for each eligible chief election official of a 
        State or the District of Columbia, and up to one eligible 
        designee of such an election official, at the time that he or 
        she assumes such position.
            (2) Determination of levels.--
                    (A) In general.--The Director shall determine the 
                level of clearances for the positions described in 
                paragraph (1).
                    (B) Interim clearances.--The Director may issue 
                interim clearances, for a period to be determined by 
                the Director, to a chief election official as described 
                in paragraph (1) and up to one designee of such 
                official under such paragraph.
    (b) Information Sharing.--
            (1) In general.--The Director shall share appropriate 
        classified information related to threats to election systems 
        and to the integrity of the election process with chief 
        election officials and such designees who have received a 
        security clearance under subsection (a).
            (2) Reports.--The Director shall transmit reports on such 
        information sharing to the respective affected Secretary of 
        State or States.
    (c) State Defined.--In this section, the term ``State'' means any 
State of the United States, the District of Columbia, the Commonwealth 
of Puerto Rico, and any territory or possession of the United States.
 
SEC. 403. TECHNICAL MODIFICATION TO THE EXECUTIVE SCHEDULE.
 
    Section 5313 of title 5, United States Code, is amended by adding 
at the end the following:
            ``Director of the National Counterintelligence and Security 
        Center.''.
 
SEC. 404. MODIFICATION TO THE DESIGNATION OF THE PROGRAM MANAGER-
              INFORMATION SHARING ENVIRONMENT.
 
    (a) Information Sharing Environment.--Section 1016(b) of the 
Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 
485(b)) is amended--
            (1) in paragraph (1), by striking ``President'' and 
        inserting ``Director of National Intelligence''; and
            (2) in paragraph (2), by striking ``President'' both places 
        that term appears and inserting ``Director of National 
        Intelligence''.
    (b) Program Manager.--Section 1016(f) of the Intelligence Reform 
and Terrorism Prevention Act of 2004 (6 U.S.C. 485(f)) is amended by 
striking ``The individual designated as the program manager shall serve 
as program manager until removed from service or replaced by the 
President (at the President's sole discretion).'' and inserting 
``Beginning on the date of the enactment of the Intelligence 
Authorization Act for Fiscal Year 2018, each individual designated as 
the program manager shall be appointed by the Director of National 
Intelligence.''.
 
                Subtitle B--Central Intelligence Agency
 
SEC. 411. REPEAL OF FOREIGN LANGUAGE PROFICIENCY REQUIREMENT FOR 
              CERTAIN SENIOR LEVEL POSITIONS IN THE CENTRAL 
              INTELLIGENCE AGENCY.
 
    (a) Repeal of Foreign Language Proficiency Requirement.--Section 
104A of the National Security Act of 1947 (50 U.S.C. 3036) is amended 
by striking subsection (g).
    (b) Conforming Repeal of Report Requirement.--Section 611 of the 
Intelligence Authorization Act for Fiscal Year 2005 (Public Law 108-
487) is amended by striking subsection (c).
 
                       Subtitle C--Other Elements
 
SEC. 421. DESIGNATION OF THE COUNTERINTELLIGENCE DIRECTORATE OF THE 
              DEFENSE SECURITY SERVICE AS AN ELEMENT OF THE 
              INTELLIGENCE COMMUNITY.
 
    (a) Designation.--Paragraph (4) of section 3 of the National 
Security Act of 1947 (50 U.S.C. 3003(4)) is amended--
            (1) by redesignating subparagraphs (H) through (L) as 
        subparagraphs (I) through (M), respectively; and
            (2) by inserting after subparagraph (G) the following:
                    ``(H) The Counterintelligence Directorate of the 
                Defense Security Service of the Department of 
                Defense.''.
    (b) Application of Laws, Regulations, Rules, and Policies.--
Beginning on the date of the enactment of this Act, any law, 
regulation, rule, or policy that applies to the elements of the 
intelligence community, as defined in section 3 of the National 
Security Act of 1947 (50 U.S.C. 3303), shall apply to the 
Counterintelligence Directorate of the Defense Security Service of the 
Department of Defense.
 
                TITLE V--SECURING ENERGY INFRASTRUCTURE
 
SEC. 501. SHORT TITLE.
 
    This title may be cited as the ``Securing Energy Infrastructure Act 
of 2017''.
 
SEC. 502. DEFINITIONS.
 
    In this title:
            (1) Covered entity.--The term ``covered entity'' means an 
        entity identified pursuant to section 9(a) of Executive Order 
        13636 of February 12, 2013 (78 Fed. Reg. 11742) relating to 
        identification of critical infrastructure where a cybersecurity 
        incident could reasonably result in catastrophic regional or 
        national effects on public health or safety, economic security, 
        or national security.
            (2) Director.--Except as otherwise specifically provided, 
        the term ``Director'' means the Director of Intelligence and 
        Counterintelligence of the Department of Energy.
            (3) Exploit.--The term ``exploit'' means a software tool 
        designed to take advantage of a security vulnerability.
            (4) Industrial control system.--
                    (A) In general.--The term ``industrial control 
                system'' means an operational technology used to 
                measure, control, or manage industrial functions.
                    (B) Inclusions.--The term ``industrial control 
                system'' includes supervisory control and data 
                acquisition systems, distributed control systems, and 
                programmable logic or embedded controllers.
            (5) National laboratory.--The term ``National Laboratory'' 
        has the meaning given the term in section 2 of the Energy 
        Policy Act of 2005 (42 U.S.C. 15801).
            (6) Program.--The term ``Program'' means the pilot program 
        established under section 503.
            (7) Security vulnerability.--The term ``security 
        vulnerability'' means any attribute of hardware, software, 
        process, or procedure that could enable or facilitate the 
        defeat of a security control.
 
SEC. 503. PILOT PROGRAM FOR SECURING ENERGY INFRASTRUCTURE.
 
    Not later than 180 days after the date of enactment of this title, 
the Director shall establish a 2-year control systems implementation 
pilot program within the National Laboratories for the purposes of--
            (1) partnering with covered entities in the energy sector 
        (including critical component manufacturers in the supply 
        chain) that voluntarily participate in the Program to identify 
        new classes of security vulnerabilities of the covered 
        entities; and
            (2) researching, developing, testing, and implementing 
        technology platforms and standards, in partnership with covered 
        entities, to isolate and defend industrial control systems of 
        covered entities from security vulnerabilities and exploits in 
        the most critical systems of the covered entities, including--
                    (A) analog and nondigital control systems;
                    (B) purpose-built control systems; and
                    (C) physical controls.
 
SEC. 504. WORKING GROUP TO EVALUATE PROGRAM STANDARDS AND DEVELOP 
              STRATEGY.
 
    (a) Establishment.--The Director shall establish a working group--
            (1) to evaluate the technology platforms and standards used 
        in the Program under section 503(2); and
            (2) to develop a national cyber-informed engineering 
        strategy to isolate and defend covered entities from security 
        vulnerabilities and exploits in the most critical systems of 
        the covered entities.
    (b) Membership.--The working group established under subsection (a) 
shall be composed of not fewer than 10 members, to be appointed by the 
Director, at least 1 member of which shall represent each of the 
following:
            (1) The Department of Energy.
            (2) The energy industry, including electric utilities and 
        manufacturers recommended by the Energy Sector coordinating 
        councils.
            (3)(A) The Department of Homeland Security; or
            (B) the Industrial Control Systems Cyber Emergency Response 
        Team.
            (4) The North American Electric Reliability Corporation.
            (5) The Nuclear Regulatory Commission.
            (6)(A) The Office of the Director of National Intelligence; 
        or
            (B) the intelligence community (as defined in section 3 of 
        the National Security Act of 1947 (50 U.S.C. 3003)).
            (7)(A) The Department of Defense; or
            (B) the Assistant Secretary of Defense for Homeland 
        Security and America's Security Affairs.
            (8) A State or regional energy agency.
            (9) A national research body or academic institution.
            (10) The National Laboratories.
 
SEC. 505. REPORTS ON THE PROGRAM.
 
    (a) Interim Report.--Not later than 180 days after the date on 
which funds are first disbursed under the Program, the Director shall 
submit to the appropriate committees of Congress an interim report 
that--
            (1) describes the results of the Program;
            (2) includes an analysis of the feasibility of each method 
        studied under the Program; and
            (3) describes the results of the evaluations conducted by 
        the working group established under section 504(a).
    (b) Final Report.--Not later than 2 years after the date on which 
funds are first disbursed under the Program, the Director shall submit 
to the appropriate committees of Congress a final report that--
            (1) describes the results of the Program;
            (2) includes an analysis of the feasibility of each method 
        studied under the Program; and
            (3) describes the results of the evaluations conducted by 
        the working group established under section 504(a).
    (c) Appropriate Committees of Congress Defined.--In this section, 
the term ``appropriate committees of Congress'' means--
            (1) the congressional intelligence committees;
            (2) the Committee on Energy and Natural Resources of the 
        Senate; and
            (3) the Committee on Energy and Commerce of the House of 
        Representatives.
 
SEC. 506. NO NEW REGULATORY AUTHORITY FOR FEDERAL AGENCIES.
 
    Nothing in this title authorizes the Director or the head of any 
other Federal agency to issue new regulations.
 
SEC. 507. EXEMPTION FROM DISCLOSURE.
 
    Information shared by or with the Federal Government or a State, 
tribal, or local government under this title shall be--
            (1) deemed to be voluntarily shared information; and
            (2) exempt from disclosure under any provision of Federal, 
        State, tribal, or local freedom of information law, open 
        government law, open meetings law, open records law, sunshine 
        law, or similar law requiring the disclosure of information or 
        records.
 
SEC. 508. PROTECTION FROM LIABILITY.
 
    (a) In General.--A cause of action against a covered entity for 
engaging in the voluntary activities authorized under section 503--
            (1) shall not lie or be maintained in any court; and
            (2) shall be promptly dismissed by the applicable court.
    (b) Voluntary Activities.--Nothing in this title subjects any 
covered entity to liability for not engaging in the voluntary 
activities authorized under section 503.
 
SEC. 509. AUTHORIZATION OF APPROPRIATIONS.
 
    (a) Pilot Program.--There is authorized to be appropriated 
$10,000,000 to carry out section 503.
    (b) Working Group and Report.--There is authorized to be 
appropriated $1,500,000 to carry out sections 504 and 505.
    (c) Availability.--Amounts made available under subsections (a) and 
(b) shall remain available until expended.
 
                  TITLE VI--REPORTS AND OTHER MATTERS
 
SEC. 601. TECHNICAL CORRECTION TO INSPECTOR GENERAL STUDY.
 
    Section 11001(d) of title 5, United States Code, is amended--
            (1) in the subsection heading, by striking ``Audit'' and 
        inserting ``Review'';
            (2) in paragraph (1), by striking ``audit'' and inserting 
        ``review''; and
            (3) in paragraph (2), by striking ``audit'' and inserting 
        ``review''.
 
SEC. 602. GOVERNANCE FOR SECURITY CLEARANCE, SUITABILITY AND FITNESS 
              FOR EMPLOYMENT, AND CREDENTIALING.
 
    (a) Governance Council for Suitability, Credentialing, and 
Security.--
            (1) Establishment.--There is an interagency Security, 
        Suitability, and Credentialing Council (in this section the 
        ``Council''). The Council shall be accountable to the President 
        and to Congress to achieve the goals of the executive branch 
        vetting enterprise.
            (2) Membership.--
                    (A) Composition.--The Council shall be composed for 
                the following:
                            (i) One individual who shall be appointed 
                        by the Director of the Office of Management and 
                        Budget.
                            (ii) The individual serving as the 
                        Suitability Executive Agent and the 
                        Credentialing Executive Agent pursuant to 
                        subsections (b) and (c), respectively.
                            (iii) The individual serving as the 
                        Security Executive Agent pursuant to subsection 
                        (d)(1).
                            (iv) The Under Secretary of Defense for 
                        Intelligence.
                            (v) The Director of the National Background 
                        Investigations Bureau.
                    (B) Chairperson.--The Chairperson of the Council 
                shall be the individual appointed under subparagraph 
                (A)(i). The Chairperson shall have authority, 
                direction, and control over the functions of the 
                Council.
            (3) Functions.--The functions of the Council are as 
        follows:
                    (A) Ensuring enterprise-wide alignment of 
                suitability, security, credentialing, and as 
                appropriate, fitness processes.
                    (B) Holding agencies accountable for the 
                implementation of suitability, security, fitness, and 
                credentialing processes and procedures.
                    (C) Defining requirements for enterprise-wide 
                reciprocity management information technology, and 
                develop standards for enterprise-wide information 
                technology.
                    (D) Working with agencies--
                            (i) to implement continuous performance 
                        improvement programs, policies, and procedures;
                            (ii) to establish annual goals and progress 
                        metrics; and
                            (iii) to prepare annual reports on results.
                    (E) Ensuring and overseeing the development of 
                tools and techniques for enhancing background 
                investigations and adjudications.
                    (F) Enabling discussion and consensus resolution of 
                differences in processes, policies, and procedures 
                among the members of the Council, and other agencies as 
                appropriate.
                    (G) Sharing best practices.
                    (H) Advise the Suitability Executive Agent, the 
                Credentialing Executive Agent, and the Security 
                Executive Agent on policies affecting the alignment of 
                investigations and adjudications.
                    (I) Working with agencies to develop agency 
                policies and procedures to enable sharing of vetting 
                information consistent with the law and the protection 
                of privacy and civil liberties and to the extent 
                necessary for enterprise-wide efficiency, 
                effectiveness, and security.
                    (J) Monitoring performance to identify and drive 
                enterprise-level process enhancements, and make 
                recommendations for changes to executive branch-wide 
                guidance and authorities to resolve overlaps or close 
                policy gaps where they may exist.
                    (K) Promoting data-driven, transparent, and 
                expeditious policy-making processes.
                    (L) Developing and continuously reevaluating and 
                revising outcome-based metrics that measure the 
                quality, efficiency and effectiveness of the vetting 
                enterprise.
            (4) Subordinate bodies.--The Chairperson may establish 
        subordinate entities, mechanisms, and policies to support and 
        assist the Council in carrying out the functions of the 
        Council.
    (b) Suitability Executive Agent.--
            (1) In general.--The Director of the Office of Personnel 
        Management shall serve as the Suitability Executive Agent.
            (2) Duties.--The duties of the Suitability Executive Agent 
        are as follows:
                    (A) Pursuant to sections 1103 and 1104 of title 5, 
                United States Code, and the Civil Service Rules, to be 
                responsible for suitability and fitness by--
                            (i) prescribing suitability standards and 
                        minimum standards of fitness for employment;
                            (ii) prescribing position designation 
                        requirements with regard to the risk to the 
                        efficiency and integrity of the service;
                            (iii) prescribing applicable investigative 
                        standards, policies, and procedures for 
                        suitability and fitness;
                            (iv) prescribing suitability and fitness 
                        reciprocity standards;
                            (v) making suitability determinations; and
                            (vi) taking suitability actions.
                    (B) To issue regulations, guidance, and standards 
                to fulfill the Director's responsibilities related to 
                suitability and fitness under Executive Order 13488 of 
                January 16, 2009, as amended.
                    (C) To promote reciprocal recognition of 
                suitability or fitness determinations among the 
                agencies, including acting as the final authority to 
                arbitrate and resolve disputes among the agencies 
                involving the reciprocity of investigations and 
                adjudications of suitability and fitness.
                    (D) To continue to initially approve, and 
                periodically review for renewal, agencies' requests to 
                administer polygraphs in connection with appointment in 
                the competitive service, in consultation with the 
                Security Executive Agent as appropriate.
                    (E) To make a continuing review of agency programs 
                for suitability and fitness vetting to determine 
                whether they are being implemented according to this 
                section.
                    (F) Shall, pursuant to section 1104 of title 5, 
                United States Code, prescribe performance standards and 
                a system of oversight for any suitability or fitness 
                function delegated by the Director to the head of 
                another agency, including uniform and consistent 
                policies and procedures to ensure the effective, 
                efficient, timely, and secure completion of delegated 
                functions.
            (3) Guidelines and instructions.--The Suitability Executive 
        Agent may issue guidelines and instructions to the heads of 
        agencies to promote appropriate uniformity, centralization, 
        efficiency, effectiveness, reciprocity, timeliness, and 
        security in processes relating to determining suitability or 
        fitness.
    (c) Credentialing Executive Agent.--
            (1) In general.--In addition to serving as the Suitability 
        Executive Agent, the Director of the Office of Personnel 
        Management shall also serve as the Credentialing Executive 
        Agent.
            (2) Duties.--The duties of the Credentialing Executive 
        Agent are as follows:
                    (A) To develop standards for investigations, 
                reinvestigations, and continuous vetting for a covered 
                individual's eligibility for a PIV credential.
                    (B) To develop adjudicative guidelines for a 
                covered individual's eligibility for a PIV credential.
                    (C) To develop guidelines on reporting and 
                recording determinations of eligibility for a PIV 
                credential.
                    (D) To develop standards for unfavorable 
                determinations of eligibility for a PIV credential, 
                including procedures for denying and revoking the 
                eligibility for a PIV credential, for reconsideration 
                of unfavorable determinations, and for rendering the 
                PIV credential inoperable.
                    (E) To develop standards and procedures for 
                suspending eligibility for a PIV credential when there 
                is a reasonable basis to believe there may be an 
                unacceptable risk pending an inquiry or investigation, 
                including special standards and procedures for imminent 
                risk.
                    (F) To develop uniform and consistent policies and 
                procedures to ensure the effective, efficient, timely, 
                and secure completion of investigations and 
                adjudications relating to eligibility for a PIV 
                credential.
                    (G) To monitor and make a continuing review of 
                agency programs for determining eligibility for a PIV 
                credential to determine whether they are being 
                implemented according to this section.
                    (H) To consult to the extent practicable with other 
                agencies with responsibilities related to PIV 
                credentials to ensure that policies and procedures are 
                consistent with law.
            (3) Guidelines and instructions.--The Credentialing 
        Executive Agent may develop guidelines and instructions to the 
        heads of agencies as necessary to ensure appropriate 
        uniformity, centralization, efficiency, effectiveness, and 
        timeliness in processes relating to eligibility for a PIV 
        credential.
            (4) PIV credential defined.--In this subsection, the term 
        ``PIV credential'' means a personal identity verification 
        credential permitting logical and physical access to Federally 
        controlled facilities and Federally controlled information 
        systems.
    (d) Security Executive Agent.--
            (1) In general.--The Director of National Intelligence 
        shall serve as the Security Executive Agent.
            (2) Duties.--The duties of the Security Executive Agent are 
        as follows:
                    (A) To direct the oversight of investigations, 
                reinvestigations, adjudications, and, as applicable, 
                polygraphs for eligibility for access to classified 
                information or eligibility to hold a sensitive position 
                made by any agency.
                    (B) To make a continuing review of agencies' 
                national security background investigation and 
                adjudication programs to determine whether they are 
                being implemented according to this section.
                    (C) To develop and issue uniform and consistent 
                policies and procedures to ensure the effective, 
                efficient, timely, and secure completion of 
                investigations, polygraphs, and adjudications relating 
                to determinations of eligibility for access to 
                classified information or eligibility to hold a 
                sensitive position.
                    (D) To serve as the final authority to designate an 
                agency or agencies, to the extent that it is not 
                practicable to use the National Background 
                Investigations Bureau, to conduct investigations of 
                persons who are proposed for access to classified 
                information or for eligibility to hold a sensitive 
                position to ascertain whether such persons satisfy the 
                criteria for obtaining and retaining access to 
                classified information or eligibility to hold a 
                sensitive position.
                    (E) To serve as the final authority to designate an 
                agency or agencies to determine eligibility for access 
                to classified information or eligibility to hold a 
                sensitive position in accordance with Executive Order 
                12968 of August 2, 1995, as amended.
                    (F) To ensure reciprocal recognition of eligibility 
                for access to classified information or eligibility to 
                hold a sensitive position among the agencies, including 
                acting as the final authority to arbitrate and resolve 
                disputes among the agencies involving the reciprocity 
                of investigations and adjudications of eligibility.
            (3) Authorities.--The Security Executive Agent may--
                    (A) issue guidelines and instructions to the heads 
                of agencies to ensure appropriate uniformity, 
                centralization, efficiency, effectiveness, timeliness, 
                and security in processes relating to determinations by 
                agencies of eligibility for access to classified 
                information or eligibility to hold a sensitive 
                position, including such matters as investigations, 
                polygraphs, adjudications, and reciprocity;
                    (B) if consistent with the national security, 
                authorize exceptions to or waivers of national security 
                investigative requirements, and may issue implementing 
                or clarifying guidance as necessary;
                    (C) assign, in whole or in part, to the head of any 
                agency (solely or jointly) any of the duties of the 
                Security Executive Agent under paragraph (2) or the 
                authorities in subparagraphs (A) and (B) of this 
                paragraph, with the agency's exercise of such assigned 
                duties or authorities to be subject to the Security 
                Executive Agent's oversight and with such terms and 
                conditions (including approval by the Security 
                Executive Agent) as the Security Executive Agent 
                determines appropriate; and
                    (D) define and set standards for continuous 
                evaluation for continued access to classified 
                information.
    (e) Preservation of Authority.--Nothing in this section shall be 
construed to limit the authorities of the Director of the Office of 
Personnel Management, the Director of National Intelligence, or the 
Secretary of Defense under any provision of law.
 
SEC. 603. PROCESS FOR SECURITY CLEARANCES.
 
    (a) Reviews.--Not later than 180 days after the date of the 
enactment of this Act, the Director of National Intelligence, acting as 
the Security Executive Agent in accordance with subsection (d) of 
section 602, in coordination with the Suitability Executive Agent and 
the Credentialing Executive Agent who are serving in accordance with 
subsections (b) and (c) of such section, shall submit to the 
congressional intelligence committees a report that includes the 
following:
            (1) Review and assessment of standards.--
                    (A) In general.--A review of the relationship among 
                the information requested by the Questionnaire for 
                National Security Positions (Standard Form 86), the 
                application of the Federal Investigative Standards 
                prescribed by the Office of Personnel Management and 
                the Office of the Director of National Intelligence, 
                and the application of the adjudicative guidelines 
                under Security Executive Agent Directive 4 (``National 
                Security Adjudicative Guidelines'').
                    (B) Assessment.--An assessment of whether such 
                Questionnaire, Standards, and guidelines should be 
                revised to account for the prospect of a holder of a 
                security clearance becoming an insider threat.
            (2) Recommendations to improve background investigations.--
        Recommendations to improve the background investigation 
        process, including recommendations--
                    (A) to simplify the Questionnaire for National 
                Security Positions (Standard Form 86) and increase 
                customer support to applicants completing such 
                Questionnaire;
                    (B) to use remote and virtual techniques and 
                centralized locations during field investigation work;
                    (C) to utilize secure and reliable digitization of 
                information obtained during the clearance process; and
                    (D) to build the capacity of the background 
                investigation labor sector.
            (3) Review of schedules.--A review of whether the schedule 
        for processing security clearances included in section 3001 of 
        the Intelligence Reform and Terrorism Prevention Act of 2004 
        (50 U.S.C. 3341) should be modified.
            (4) Evaluation of splitting the background investigation 
        function.--
                    (A) In general.--An evaluation of the impact on 
                costs, quality, and timeliness of security clearance 
                background investigations associated with transferring 
                to the Secretary of Defense responsibility for 
                conducting background investigations for--
                            (i) personnel of the Department of Defense; 
                        or
                            (ii) all contractors to and personnel of 
                        the United States Government.
                    (B) Analysis.--An analysis of--
                            (i) the time required for the Secretary of 
                        Defense to gain sufficient institutional 
                        capacity and capability to perform the 
                        investigations described in clauses (i) and 
                        (ii) of subparagraph (A);
                            (ii) past experience with agencies and 
                        departments of the United States having 
                        responsibility for conducting background 
                        investigations, including the transfer to the 
                        Office of Personnel Management of background 
                        investigations for personnel of the Department 
                        of Defense during 2003, 2004, and 2005; and
                            (iii) the mobility of the workforce who 
                        perform background investigations between 
                        government agencies and contractors.
    (b) Policy, Strategy, and Implementation.--Not later than 90 days 
after the date of the enactment of this Act, the Director of National 
Intelligence, acting as the Security Executive Agent in accordance with 
section 602(d), shall establish the following:
            (1) Policy and implementation plan for interim security 
        clearances.--A policy and implementation plan for the issuance 
        of interim security clearances.
            (2) Policy on consistent treatment of government and 
        contractor personnel.--A policy and implementation plan to 
        ensure contractors are treated consistently in the security 
        clearance process across agencies and departments of the United 
        States and as compared to employees of such agencies and 
        departments. Such policy shall address--
                    (A) prioritization of processing security 
                clearances based on the mission the contractors will be 
                performing;
                    (B) standardization of how requests for clearance 
                sponsorship are issued;
                    (C) digitization of background investigation-
                related forms;
                    (D) use of the polygraph;
                    (E) the application of the adjudicative guidelines 
                under Security Executive Agent Directive 4 (``National 
                Security Adjudicative Guidelines'');
                    (F) reciprocal recognition of clearances across 
                agencies and departments of the United States, 
                regardless of status of periodic reinvestigation;
                    (G) tracking of clearance files as individuals move 
                from employment with an agency or department of the 
                United States to employment in the private sector; and
                    (H) reporting on security incidents and 
                performance.
            (3) Strategy and implementation for periodic 
        reinvestigations.--
                    (A) Strategy and implementation plan.--A strategy 
                and implementation plan to conduct periodic 
                reinvestigations as part of a security clearance 
                determination exclusively on an as-needed, risk-based 
                basis. Such plan shall include actions to assess the 
                extent to which automated records checks and other 
                continuous evaluation methods may be used to expedite 
                or focus reinvestigations.
                    (B) Exception.--The Security Executive Agent may 
                provide justification if certain populations are 
                determined to require periodic reinvestigations at 
                regular intervals.
            (4) Policy for automated records checks.--A policy and 
        implementation plan for agencies and departments of the United 
        States Government, as a part of the security clearance process, 
        to accept automated records checks generated pursuant to a 
        security clearance applicant's employment with a prior 
        employer.
            (5) Policy and implementation for sharing of background 
        investigation data.--A policy and implementation plan for 
        sharing information between and among agencies or departments 
        of the United States and private entities that is relevant to 
        decisions about granting or renewing security clearances. Such 
        information shall--
                    (A) pertain to security and human resources 
                matters; and
                    (B) be treated in a manner consistent with privacy 
                concerns.
 
SEC. 604. REPORTS ON THE VULNERABILITIES EQUITIES POLICY AND PROCESS OF 
              THE FEDERAL GOVERNMENT.
 
    (a) Report Policy and Process.--
            (1) In general.--Not later than 90 days after the date of 
        the enactment of this Act and not later than 30 days after any 
        substantive change in policy, the head of each element of the 
        intelligence community shall submit to the congressional 
        intelligence committees a report detailing the process and 
        criteria the head uses for determining whether to submit a 
        vulnerability for review under the vulnerabilities equities 
        policy and process of the Federal Government.
            (2) Form.--Each report submitted under paragraph (1) shall 
        be submitted in unclassified form, but may include a classified 
        annex.
    (b) Annual Report on Vulnerabilities.--
            (1) In general.--Not less frequently than once each year, 
        the Director of National Intelligence shall submit to the 
        congressional intelligence committees a report on--
                    (A) how many vulnerabilities the intelligence 
                community has submitted for review during the previous 
                calendar year;
                    (B) how many of such vulnerabilities were 
                ultimately disclosed to the vendor responsible for 
                correcting the vulnerability during the previous 
                calendar year; and
                    (C) vulnerabilities disclosed since the previous 
                report that have either--
                            (i) been patched or mitigated by the 
                        responsible vendor; or
                            (ii) have not been patched or mitigated by 
                        the responsible vendor and more than 180 days 
                        have elapsed since the vulnerability was 
                        disclosed.
            (2) Contents.--Each report submitted under paragraph (1) 
        shall include the following:
                    (A) The date the vulnerability was disclosed to the 
                responsible vendor.
                    (B) The date the patch or mitigation for the 
                vulnerability was made publicly available by the 
                responsible vendor.
                    (C) An unclassified appendix that includes--
                            (i) a top-line summary of the aggregate 
                        number of vulnerabilities disclosed to vendors, 
                        how many have been patched, and the average 
                        time between disclosure of the vulnerability 
                        and the patching of the vulnerability; and
                            (ii) the aggregate number of 
                        vulnerabilities disclosed to each responsible 
                        vendor, delineated by the amount of time 
                        required to patch or mitigate the 
                        vulnerability, as defined by thirty day 
                        increments.
            (3) Form.--Each report submitted under paragraph (1) shall 
        be in classified form.
    (c) Vulnerabilities Equities Policy and Process of the Federal 
Government Defined.--In this section, the term ``vulnerabilities 
equities policy and process of the Federal Government'' means the 
policy and process established by the National Security Council for the 
Federal Government, or successor set of policies and processes, 
establishing policy and responsibilities for disseminating information 
about vulnerabilities discovered by the Federal Government or its 
contractors, or disclosed to the Federal Government by the private 
sector in government off-the-shelf (GOTS), commercial off-the-shelf 
(COTS), or other commercial information technology or industrial 
control products or systems (including both hardware and software).
 
SEC. 605. BUG BOUNTY PROGRAMS.
 
    (a) Definitions.--In this section:
            (1) Bug bounty program.--The term ``bug bounty program'' 
        means a program under which an approved computer security 
        specialist or security researcher is temporarily authorized to 
        identify and report vulnerabilities within an information 
        system in exchange for payment.
            (2) Information system.--The term ``information system'' 
        has the meaning given that term in section 3502 of title 44, 
        United States Code.
    (b) Bug Bounty Program Plan.--
            (1) Requirement.--Not later than 180 days after the date of 
        the enactment of this Act, the Under Secretary for Intelligence 
        and Analysis of the Department of Homeland Security shall 
        submit to the congressional intelligence committees a strategic 
        plan to implement bug bounty programs at appropriate agencies 
        and departments of the United States.
            (2) Contents.--The plan required by paragraph (1) shall 
        include--
                    (A) an assessment of--
                            (i) the effectiveness of the ``Hack the 
                        Pentagon'' pilot program carried out by the 
                        Department of Defense in 2016 and subsequent 
                        bug bounty programs in identifying and 
                        reporting vulnerabilities within the 
                        information systems of the Department of 
                        Defense; and
                            (ii) private sector bug bounty programs, 
                        including such programs implemented by leading 
                        technology companies in the United States; and
                    (B) recommendations on the feasibility of 
                initiating bug bounty programs at appropriate agencies 
                and departments of the United States.
 
SEC. 606. REPORT ON CYBER ATTACKS BY FOREIGN GOVERNMENTS AGAINST UNITED 
              STATES ELECTION INFRASTRUCTURE.
 
    (a) Report Required.--Not later than 60 days after the date of the 
enactment of this Act, the Under Secretary of Homeland Security for 
Intelligence and Analysis shall submit to congressional leadership and 
the congressional intelligence committees a report on cyber attacks and 
attempted cyber attacks by foreign governments on United States 
election infrastructure in States and localities in connection with the 
2016 presidential election in the United States and such cyber attacks 
or attempted cyber attacks as the Under Secretary anticipates against 
such infrastructure. Such report shall identify the States and 
localities affected and shall include cyber attacks and attempted cyber 
attacks against voter registration databases, voting machines, voting-
related computer networks, and the networks of secretaries of State and 
other election officials.
    (b) Form.--The report submitted under subsection (a) shall be 
submitted in unclassified form, but may include a classified annex.
    (c) Definitions.--In this section:
            (1) Congressional leadership.--The term ``congressional 
        leadership'' includes the following:
                    (A) The majority leader of the Senate.
                    (B) The minority leader of the Senate.
                    (C) The Speaker of the House of Representatives.
                    (D) The minority leader of the House of 
                Representatives.
            (2) State.--The term ``State'' means any State of the 
        United States, the District of Columbia, the Commonwealth of 
        Puerto Rico, and any territory or possession of the United 
        States.
 
SEC. 607. REVIEW OF INTELLIGENCE COMMUNITY'S POSTURE TO COLLECT AGAINST 
              AND ANALYZE RUSSIAN EFFORTS TO INFLUENCE THE PRESIDENTIAL 
              ELECTION.
 
    (a) Assessment Required.--Not later than one year after the date of 
the enactment of this Act, the Director of National Intelligence 
shall--
            (1) complete an after action review of the intelligence 
        community's posture to collect against and analyze efforts of 
        the Government of Russia to interfere in the 2016 presidential 
        election in the United States; and
            (2) submit to the congressional intelligence committees a 
        report on the findings of the Director with respect to such 
        review.
    (b) Elements.--The review required by subsection (a) shall include, 
with respect to the posture and efforts described in paragraph (1) of 
such subsection, the following:
            (1) An assessment of whether the resources of the 
        intelligence community were properly aligned to detect and 
        respond to the efforts described in subsection (a)(1).
            (2) An assessment of the information sharing that occurred 
        within elements of the intelligence community.
            (3) An assessment of the information sharing that occurred 
        between elements of the intelligence community.
            (4) An assessment of applicable authorities necessary to 
        collect on any such efforts and any deficiencies in those 
        authorities.
            (5) A review of the use of open source material to inform 
        analysis and warning of such efforts.
            (6) A review of the use of alternative and predictive 
        analysis.
    (c) Form of Report.--The report required by subsection (a)(2) shall 
be submitted to the congressional intelligence committees in a 
classified form.
 
SEC. 608. ASSESSMENT OF FOREIGN INTELLIGENCE THREATS TO FEDERAL 
              ELECTIONS.
 
    (a) In General.--The Director of National Intelligence, in 
coordination with the Director of the Central Intelligence Agency, the 
Director of the National Security Agency, the Director of the Federal 
Bureau of Investigation, the Secretary of Homeland Security, and the 
heads of other relevant elements of the intelligence community, shall--
            (1) commence not later than 1 year before any regularly 
        scheduled Federal election and complete not later than 180 days 
        before such election, an assessment of security vulnerabilities 
        of State election systems; and
            (2) not later than 180 days before any regularly scheduled 
        Federal election, submit a report on such security 
        vulnerabilities and an assessment of foreign intelligence 
        threats to the election to--
                    (A) congressional leadership; and
                    (B) the congressional intelligence committees.
    (b) Update.--Not later than 90 days before any regularly scheduled 
Federal election, the Director of National Intelligence shall--
            (1) update the assessment of foreign intelligence threats 
        to that election; and
            (2) submit the updated assessment to--
                    (A) congressional leadership; and
                    (B) the congressional intelligence committees.
    (c) Definitions.--In this section:
            (1) Congressional leadership.--The term ``congressional 
        leadership'' includes the following:
                    (A) The majority leader of the Senate.
                    (B) The minority leader of the Senate.
                    (C) The Speaker of the House of Representatives.
                    (D) The minority leader of the House of 
                Representatives.
            (2) Security vulnerability.--The term ``security 
        vulnerability'' has the meaning given such term in section 102 
        of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 
        1501).
 
SEC. 609. STRATEGY FOR COUNTERING RUSSIAN CYBER THREATS TO UNITED 
              STATES ELECTIONS.
 
    (a) Requirement for a Strategy.--Not later than 90 days after the 
date of the enactment of this Act, the Director of National 
Intelligence, in coordination with the Secretary of Homeland Security, 
the Director of the Federal Bureau of Investigation, the Director of 
the Central Intelligence Agency, the Secretary of State, the Secretary 
of Defense, and the Secretary of the Treasury, shall develop a whole-
of-government strategy for countering the threat of Russian cyber 
attacks and attempted cyber attacks against electoral systems and 
processes in the United States, including Federal, State, and local 
election systems, voter registration databases, voting tabulation 
equipment, and equipment and processes for the secure transmission of 
election results.
    (b) Elements of the Strategy.--The strategy required by subsection 
(a) shall include the following elements:
            (1) A whole-of-government approach to protecting United 
        States electoral systems and processes that includes the 
        agencies and departments indicated in subsection (a) as well as 
        any other agencies and departments of the United States, as 
        determined appropriate by the Director of National Intelligence 
        and the Secretary of Homeland Security.
            (2) Input solicited from Secretaries of State of the 
        various States and the chief election officials of the States.
            (3) Technical security measures, including auditable paper 
        trails for voting machines, securing wireless and Internet 
        connections, and other technical safeguards.
            (4) Detection of cyber threats, including attacks and 
        attempted attacks by Russian government or nongovernment cyber 
        threat actors.
            (5) Improvements in the identification and attribution of 
        Russian government or nongovernment cyber threat actors.
            (6) Deterrence, including actions and measures that could 
        or should be undertaken against or communicated to the 
        Government of Russia or other entities to deter attacks 
        against, or interference with, United States election systems 
        and processes.
            (7) Improvements in Federal Government communications with 
        State and local election officials.
            (8) Public education and communication efforts.
            (9) Benchmarks and milestones to enable the measurement of 
        concrete steps taken and progress made in the implementation of 
        the strategy.
    (c) Report to Congress.--Not later than 90 days after the date of 
the enactment of this Act, the Director of National Intelligence and 
the Secretary of Homeland Security shall brief the congressional 
intelligence committees on the strategy developed under subsection (a).
 
SEC. 610. LIMITATION RELATING TO ESTABLISHMENT OR SUPPORT OF CYBER 
              SECURITY UNIT WITH THE GOVERNMENT OF RUSSIA.
 
    (a) Limitation.--No amount may be expended by the Federal 
Government to establish or support a cyber security unit or other cyber 
agreement that is jointly established or otherwise implemented by the 
Government of the United States and the Government of Russia unless, at 
least 30 days prior to the establishment of such agreement, the 
Director of National Intelligence submits to the congressional 
intelligence committees a report on such agreement that includes the 
elements required by subsection (b).
    (b) Report Elements.--If the Director submits a report under 
subsection (a), such report shall include a description of each of the 
following:
            (1) The purpose of the agreement.
            (2) The nature of any intelligence to be shared pursuant to 
        the agreement.
            (3) The expected value to national security resulting from 
        the implementation of the agreement.
            (4) Such counterintelligence concerns associated with the 
        agreement as the Director may have and such measures as the 
        Director expects to be taken to mitigate such concerns.
 
SEC. 611. REPORT ON RETURNING RUSSIAN COMPOUNDS.
 
    (a) Covered Compounds Defined.--In this section, the term ``covered 
compounds'' means the real property in New York and the real property 
in Maryland that were under the control of the Government of Russia in 
2016 and were removed from such control in response to various 
transgressions by the Government of Russia, including the interference 
by the Government of Russia in the 2016 election in the United States.
    (b) Requirement for Report.--Not later than 180 days after the date 
of the enactment of this Act, the Director of National Intelligence 
shall submit to the congressional intelligence committees a report on 
the intelligence risks of returning the covered compounds to Russian 
control.
    (c) Form of Report.--The report required by subsection (b) shall be 
submitted in classified and unclassified forms.
 
SEC. 612. INTELLIGENCE COMMUNITY ASSESSMENT ON THREAT OF RUSSIAN MONEY 
              LAUNDERING TO THE UNITED STATES.
 
    (a) Assessment Required.--Not later than 180 days after the date of 
the enactment of this Act, the Director of National Intelligence, in 
coordination with the Secretary of the Treasury, shall submit to the 
congressional intelligence committees an intelligence community 
assessment on the threat of Russian money laundering to the United 
States. The assessment shall be based on all-source intelligence, 
including from the intelligence community and from all elements of the 
Department of the Treasury under the Office of Terrorism and Financial 
Intelligence.
    (b) Elements.--The assessment required by subsection (a) shall 
cover the following:
            (1) Money laundering in the Russian Federation, global 
        nodes of money laundering used by Russian and associated 
        entities, and the entry points of money laundering by Russian 
        and associated entities into the United States.
            (2) Vulnerabilities to money laundering in the United 
        States financial and legal system, including specific sectors, 
        and ways in which Russian money laundering has exploited those 
        vulnerabilities.
            (3) Any connections between Russian oligarchs and elements 
        of Russian organized crime involved in money laundering and the 
        Government of Russia.
            (4) The counterintelligence threat posed by Russian money 
        laundering as well as the threat to the United States financial 
        system and United States efforts to enforce sanctions and 
        combat organized crime.
 
SEC. 613. NOTIFICATION OF AN ACTIVE MEASURES CAMPAIGN.
 
    (a) Requirement for Notification.--The Director of National 
Intelligence, in cooperation with the Director of the Federal Bureau of 
Investigation and the head of any other relevant agency, shall notify 
the Chairman and Vice Chairman or Ranking Member of each of the 
congressional intelligence committees, and of other relevant committees 
of jurisdiction, each time the Director of National Intelligence 
determines there is credible information that a foreign power has, is, 
or will attempt to employ a covert influence or active measures 
campaign with regard to the modernization, employment, doctrine, or 
force posture of the nuclear deterrent or missile defense.
    (b) Content of Notification.--Each notification required by 
subsection (a) shall include information concerning actions taken by 
the United States to expose or halt an attempt referred to in 
subsection (a).
 
SEC. 614. NOTIFICATION OF TRAVEL BY ACCREDITED DIPLOMATIC AND CONSULAR 
              PERSONNEL OF THE RUSSIAN FEDERATION IN THE UNITED STATES.
 
    In carrying out the advance notification requirements set out in 
section 502 of the Intelligence Authorization Act for Fiscal Year 2017 
(Division N of Public Law 115-31), the Secretary of State shall--
            (1) ensure that the Russian Federation provides 
        notification to the Secretary of State at least 2 business days 
        in advance of all travel by accredited diplomatic and consular 
        personnel of the Russian Federation in the United States, and 
        take necessary action to secure full compliance by Russian 
        personnel and address any noncompliance; and
            (2) provide notice of travel described in paragraph (1) to 
        the Director of National Intelligence and the Director of the 
        Federal Bureau of Investigation within 1 hour of receiving 
        notice of such travel.
 
SEC. 615. MODIFICATION OF CERTAIN REPORTING REQUIREMENT ON TRAVEL OF 
              FOREIGN DIPLOMATS.
 
    Section 502(d)(2) of the Intelligence Authorization Act for Fiscal 
Year 2017 (Public Law 115-31) is amended by striking ``the number'' and 
inserting ``a best estimate''.
 
SEC. 616. SEMIANNUAL REPORT ON REFERRALS TO DEPARTMENT OF JUSTICE BY 
              ELEMENTS OF THE INTELLIGENCE COMMUNITY REGARDING 
              UNAUTHORIZED DISCLOSURE OF CLASSIFIED INFORMATION.
 
    (a) Reports Required.--Not less frequently than once every 6 
months, the Assistant Attorney General for National Security of the 
Department of Justice, in consultation with the Director of the Federal 
Bureau of Investigation, shall submit to the congressional intelligence 
committees a report on the status of each referral made to the 
Department of Justice from any element of the intelligence community 
regarding an unauthorized disclosure of classified information made 
during the most recent 365-day period or any referral that has not yet 
been closed, regardless of the date the referral was made.
    (b) Contents.--Each report submitted under subsection (a) shall 
include, for each referral covered by the report, at a minimum, the 
following:
            (1) The date the referral was received.
            (2) A statement indicating whether the alleged unauthorized 
        disclosure described in the referral was substantiated by the 
        Department of Justice.
            (3) A statement indicating the highest level of 
        classification of the information that was revealed in the 
        unauthorized disclosure.
            (4) A statement indicating whether an open criminal 
        investigation related to the referral is active.
            (5) A statement indicating whether any criminal charges 
        have been filed related to the referral.
            (6) A statement indicating whether the Department of 
        Justice has been able to attribute the unauthorized disclosure 
        to a particular entity or individual.
    (c) Form of Report.--Each report submitted under subsection (a) 
shall be submitted in unclassified form, but may have a classified 
annex.
 
SEC. 617. NOTIFICATIONS OF DESIGNATION OF AN INTELLIGENCE OFFICER AS A 
              PERSONA NON GRATA.
 
    (a) Requirement for Reports.--Not later than 72 hours after an 
intelligence officer is designated as a persona non grata, the Director 
of National Intelligence, in consultation with the Secretary of State, 
shall submit to the congressional intelligence committees a 
notification of that designation. Each such notification shall 
include--
            (1) the date of the designation;
            (2) the basis for the designation; and
            (3) a justification for the expulsion.
    (b) Intelligence Officer Defined.--In this section, the term 
``intelligence officer'' means--
            (1) a United States intelligence officer serving in a post 
        in a foreign country; or
            (2) a known or suspected foreign intelligence officer 
        serving in a United States post.
 
SEC. 618. BIENNIAL REPORT ON FOREIGN INVESTMENT RISKS.
 
    (a) Intelligence Community Interagency Working Group.--
            (1) Requirement to establish.--The Director of National 
        Intelligence shall establish an intelligence community 
        interagency working group to prepare the biennial reports 
        required by subsection (b).
            (2) Chairperson.--The Director of National Intelligence 
        shall serve as the chairperson of such interagency working 
        group.
            (3) Membership.--Such interagency working group shall be 
        composed of representatives of each element of the intelligence 
        community that the Director of National Intelligence determines 
        appropriate.
    (b) Biennial Report on Foreign Investment Risks.--
            (1) Requirement.--Not later than 180 days after the date of 
        the enactment of this Act, and biennially thereafter, the 
        Director of National Intelligence shall submit to the 
        congressional intelligence committees a report on foreign 
        investment risks prepared by the interagency working group 
        established under subsection (a).
            (2) Content.--Each report required by paragraph (1) shall 
        include an identification, analysis, and explanation of the 
        following:
                    (A) Any current or projected major vulnerability to 
                the national security of the United States with respect 
                to foreign investment.
                    (B) Any macro trends in foreign investment of a 
                country that such interagency working group has 
                identified to be a country of special concern.
                    (C) Any strategy used by such a country to exploit 
                a vulnerability identified under subparagraph (A) 
                through the acquisition of critical technologies, 
                critical materials, or critical infrastructure.
                    (D) Any market distortion or unfair competition by 
                a foreign country in the form of market barriers, 
                nonreciprocal investment treatment, subsidies, 
                government corruption, compulsory technology transfer, 
                or theft of intellectual property.
 
SEC. 619. REPORT ON SURVEILLANCE BY FOREIGN GOVERNMENTS AGAINST UNITED 
              STATES TELECOMMUNICATIONS NETWORKS.
 
    Not later than 180 days after the date of the enactment of this 
Act, the Director of National Intelligence shall, in coordination with 
the Director of the Central Intelligence Agency, the Director of the 
National Security Agency, the Director of the Federal Bureau of 
Investigation, and the Secretary of Homeland Security, submit to the 
congressional intelligence committees a report describing--
            (1) any attempts known to the intelligence community by 
        foreign governments to exploit cybersecurity vulnerabilities in 
        United States telecommunications networks (including Signaling 
        System No. 7) to target for surveillance of United States 
        persons, including employees of the Federal Government; and
            (2) any actions, as of the date of the enactment of this 
        Act, taken by the intelligence community to protect agencies 
        and personnel of the United States Government from surveillance 
        conducted by foreign governments.
 
SEC. 620. REPORTS ON AUTHORITIES OF THE CHIEF INTELLIGENCE OFFICER OF 
              THE DEPARTMENT OF HOMELAND SECURITY.
 
    (a) Definitions.--In this section:
            (1) Department.--The term ``Department'' means the 
        Department of Homeland Security.
            (2) Homeland security intelligence enterprise.--The term 
        ``Homeland Security Intelligence Enterprise'' has the meaning 
        given such term in Department of Homeland Security Instruction 
        Number 264-01-001, or successor authority.
            (3) Office.--The term ``Office'' means the Office of 
        Intelligence and Analysis of the Department.
            (4) Secretary.--The term ``Secretary'' means the Secretary 
        of Homeland Security.
            (5) Under secretary.--The term ``Under Secretary'' means 
        the Under Secretary for Intelligence and Analysis of the 
        Department.
    (b) Requirement for Report.--Not later than 120 days after the date 
of the enactment of this Act, the Secretary, in consultation with the 
Under Secretary, shall submit to the congressional intelligence 
committees a report on the authorities of the Under Secretary.
    (c) Contents.--The report required by subsection (b) shall include 
the following:
            (1) An analysis of whether the Under Secretary has the 
        legal and policy authority necessary to organize and lead the 
        Homeland Security Intelligence Enterprise, with respect to 
        intelligence, and, if not, a description of--
                    (A) the obstacles to exercising the authorities of 
                the Chief Intelligence Officer and the Homeland 
                Security Intelligence Council, over which the Chief 
                Intelligence Officer chairs; and
                    (B) the legal and policy changes necessary to 
                effectively coordinate, organize, and lead intelligence 
                activities of the Department of Homeland Security.
            (2) A description of the actions that the Secretary has 
        taken to address the inability of the Under Secretary to 
        require components of the Department, other than the Office--
                    (A) to coordinate intelligence programs; and
                    (B) integrate and standardize intelligence products 
                produced by such other components.
 
SEC. 621. REPORT ON GEOSPATIAL COMMERCIAL ACTIVITIES FOR BASIC AND 
              APPLIED RESEARCH AND DEVELOPMENT.
 
    (a) Sense of Congress.--It is the sense of Congress that--
            (1) rapid technology change and a significant increase in 
        data collection by the intelligence community has outpaced the 
        ability of the intelligence community to exploit vast 
        quantities of intelligence data;
            (2) the data collection capabilities of the intelligence 
        community and the Department of Defense have outpaced their 
        ability to exploit vast quantities of data;
            (3) furthermore, international competitors may be catching 
        up, and in some cases leading, in key technology areas;
            (4) many United States companies have talent and 
        technological capabilities that the Federal Government could 
        harness; and
            (5) these companies would be able to more effectively 
        develop automation, artificial intelligence, and associated 
        algorithms if given access to data of the National Geospatial-
        Intelligence Agency, consistent with the protection of sources 
        and methods.
    (b) Report.--Not later than 30 days after the date of the enactment 
of this Act, the Director of the National Geospatial-Intelligence 
Agency shall submit to the appropriate congressional committees a 
report on the authorities necessary to conduct commercial activities 
relating to geospatial intelligence that the Director determines 
necessary to engage in basic research, applied research, data 
transfers, and development projects, with respect to automation, 
artificial intelligence, and associated algorithms, including how the 
Director would use such authorities, consistent with applicable laws 
and procedures relating to the protection of sources and methods.
    (c) Appropriate Congressional Committees Defined.--In this section, 
the term ``appropriate congressional committees'' means--
            (1) the Committee on Armed Services and the Select 
        Committee on Intelligence of the Senate; and
            (2) the Committee on Armed Services and the Permanent 
        Select Committee on Intelligence of the House of 
        Representatives.
 
SEC. 622. TECHNICAL AMENDMENTS RELATED TO THE DEPARTMENT OF ENERGY.
 
    (a) National Nuclear Security Administration Act.--
            (1) Clarification of functions of the administrator for 
        nuclear security.--Subsection (b) of section 3212 of the 
        National Nuclear Security Administration Act (50 U.S.C. 
        2402(b)) is amended--
                    (A) by striking paragraphs (11) and (12); and
                    (B) by redesignating paragraphs (13) through (19) 
                as paragraphs (11) through (17), respectively.
            (2) Counterintelligence programs.--Section 3233(b) of the 
        National Nuclear Security Administration Act (50 U.S.C. 
        2423(b)) is amended--
                    (A) by striking ``Administration'' and inserting 
                ``Department''; and
                    (B) by inserting ``Intelligence and'' after ``the 
                Office of''.
    (b) Atomic Energy Defense Act.--Section 4524(b)(2) of the Atomic 
Energy Defense Act (50 U.S.C. 2674(b)(2)) is amended by inserting 
``Intelligence and'' after ``The Director of''.
    (c) National Security Act of 1947.--Paragraph (2) of section 106(b) 
of the National Security Act of 1947 (50 U.S.C. 3041(b)(2)) is 
amended--
            (1) in subparagraph (E), by inserting ``and 
        Counterintelligence'' after ``Office of Intelligence'';
            (2) by striking subparagraph (F);
            (3) by redesignating subparagraphs (G), (H), and (I) as 
        subparagraphs (F), (G), and (H), respectively; and
            (4) in subparagraph (I), by realigning the margin of such 
        subparagraph 2 ems to the left.
 
SEC. 623. SENSE OF CONGRESS ON WIKILEAKS.
 
    It is the sense of Congress that WikiLeaks and the senior 
leadership of WikiLeaks resemble a non-state hostile intelligence 
service often abetted by state actors and should be treated as such a 
service by the United States.
                                                       Calendar No. 207
 
115th CONGRESS
 
  1st Session
 
                                S. 1761
 
_______________________________________________________________________
 
                                 A BILL
 
 To authorize appropriations for fiscal year 2018 for intelligence and 
 intelligence-related activities of the United States Government, the 
   Community Management Account, and the Central Intelligence Agency 
       Retirement and Disability System, and for other purposes.
 
_______________________________________________________________________