Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · H.R. 4521 (Engrossed in House) — To provide for a coordinated Federal research initiative to ensure continued United States leadership in engineering... · Sec. 50108

Sec. 50108. Critical Technology Security Centers

953 words·~4 min read·/bill/117/hr/4521/eh/section-50108

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Title III of the Homeland Security Act of 2002 ( 6 U.S.C. 181 et seq. ) is amended by adding at the end the following new section: Not later than 180 days after the date of the enactment of this section, the Secretary, acting through the Under Secretary for Science and Technology, and in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall award grants, contracts, or cooperative agreements to covered entities for the establishment of not fewer than four cybersecurity-focused Critical Technology Security Centers to evaluate and test the security of devices and technologies that underpin national critical functions.
With respect to the Critical Technology Security Centers referred to in subsection (a), four of such centers shall be as follows: The Center for Network Technology Security, to study the security of information and communications technology that underpins national critical functions related to communications. The Center for Connected Industrial Control System Security, to study the security of connected programmable data logic controllers, supervisory control and data acquisition servers, and other networked industrial equipment.
The Center for Open Source Software Security, to study vulnerabilities in open source software used to support national critical functions. The Center for Federal Critical Software Security, to study the security of software used by the Federal Government that performs functions critical to trust (such as affording or requiring elevated system privileges or direct access to networking and computing resources). The Under Secretary may, in coordination with the Director, award grants, contracts, or cooperative agreements to covered entities for the establishment of additional Critical Technology Security Centers to address technologies vital to national critical functions.
Before awarding a grant, contract, or cooperative agreement to a covered entity to establish a Critical Technology Security Center, the Under Secretary shall consult with the Director, who shall provide the Under Secretary a list of technologies within the remit of the center that support national critical functions. In studying the security of technologies within its remit, each center shall have the following responsibilities: Conducting rigorous security testing to identify vulnerabilities in such technologies.
Reporting new vulnerabilities found and the tools, techniques, and practices used to uncover such vulnerabilities to the developers of such technologies in question and to the Cybersecurity and Infrastructure Security Agency. With respect to such technologies, developing new capabilities for vulnerability discovery, management, and mitigation. Assessing the security of software essential to national critical functions. Supporting existing communities of interest, including by granting funds, in remediating vulnerabilities discovered within such technologies.
Utilizing findings to inform and support the future work of the Cybersecurity and Infrastructure Security Agency. To be eligible for an award of a grant, contract, or cooperative agreement as a Critical Technology Security Center pursuant to subsection (a), a covered entity shall submit to the Secretary an application at such time, in such manner, and including such information as the Secretary may require. The Undersecretary shall ensure that vulnerabilities identified by a Critical Technology Security Center are publicly reported through the National Vulnerability Database, as appropriate.
The Under Secretary, in coordination with the Director, shall develop, and periodically update, guidance, including eligibility and any additional requirements, for how Critical Technology Security Centers may award funds to communities of interest to remediate vulnerabilities under subsection (e)(5). Not later than one year after the date of the enactment of this section and every two years thereafter, the Under Secretary shall submit to the appropriate congressional committees a report that includes, with respect to each Critical Technology Security Center the following:
A summary of the work performed by each such center. Information relating to the allocation of Federal funds at each such center. A description of each vulnerability identified, including information relating to the corresponding software weakness. An assessment of the criticality of each vulnerability identified pursuant to paragraph (3). A list of critical technologies studied by each center, including an explanation by the Under Secretary for any deviations from the list of technologies provided by the Director before the distribution of funding to the center.
A list of tools, techniques, and procedures used by each such center. In carrying out this section, the Under Secretary shall consult with the heads of other Federal agencies conducting cybersecurity research, including the following: The National Institute of Standards and Technology. The National Science Foundation. Relevant agencies within the Department of Energy. Relevant agencies within the Department of Defense. There are authorized to be appropriated to carry out this section— $40,000,000 for fiscal year 2022; $42,000,000 for fiscal year 2023; $44,000,000 for fiscal year 2024; $46,000,000 for fiscal year 2025; and $49,000,000 for fiscal year 2026.
In this section: The term appropriate congressional committees means— the Committee on Homeland Security of the House of Representatives; and the Committee on Homeland Security and Governmental Affairs of the Senate. The term covered entity means a university or federally funded research and development center, including a national laboratory, or a consortia thereof. The term critical technology means technology relating to a national critical function. The term open source software means software for which the human-readable source code is freely available for use, study, re-use, modification, enhancement, and redistribution by the users of such software. .
Paragraph
(1)of section 2202(e) of the Homeland Security Act of 2002 ( 6 U.S.C. 603(e) ) is amended by adding at the end the following new subparagraph: To identify the technologies within the remits of the Critical Technology Security centers as described in section 322 that are vital to national critical functions. . The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 321 the following new item: Sec. 323. Critical Technology Security Centers. .
Connectionstraces to 2
Citation graph
cites case law
Sec. 50108
Critical Technology Security Centers
U.S.C.§ 181
U.S.C.§ 603
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.