[113th Congress Public Law 293]
[From the U.S. Government Printing Office]
[[Page 3989]]
INTELLIGENCE AUTHORIZATION ACT FOR FISCAL YEAR 2015
[[Page 128 STAT. 3990]]
Public Law 113-293
113th Congress
An Act
To authorize appropriations for fiscal years 2014 and 2015 for
intelligence and intelligence-related activities of the United States
Government, the Community Management Account, and the Central
Intelligence Agency Retirement and Disability System, and for other
purposes. <<NOTE: Dec. 19, 2014 - [H.R. 4681]>>
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled, <<NOTE: Intelligence
Authorization Act for Fiscal Year 2015.>>
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Intelligence
Authorization Act for Fiscal Year 2015''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Definitions.
Sec. 3. Budgetary effects.
TITLE I--INTELLIGENCE ACTIVITIES
Sec. 101. Authorization of appropriations.
Sec. 102. Classified Schedule of Authorizations.
Sec. 103. Personnel ceiling adjustments.
Sec. 104. Intelligence Community Management Account.
TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
Sec. 201. Authorization of appropriations.
TITLE III--GENERAL PROVISIONS
Subtitle A--General Matters
Sec. 301. Increase in employee compensation and benefits authorized by
law.
Sec. 302. Restriction on conduct of intelligence activities.
Sec. 303. National intelligence strategy.
Sec. 304. Software licensing.
Sec. 305. Reporting of certain employment activities by former
intelligence officers and employees.
Sec. 306. Inclusion of Predominantly Black Institutions in intelligence
officer training program.
Sec. 307. Management and oversight of financial intelligence.
Sec. 308. Analysis of private sector policies and procedures for
countering insider threats.
Sec. 309. Procedures for the retention of incidentally acquired
communications.
Sec. 310. Clarification of limitation of review to retaliatory security
clearance or access determinations.
Sec. 311. Feasibility study on consolidating classified databases of
cyber threat indicators and malware samples.
Sec. 312. Sense of Congress on cybersecurity threat and cybercrime
cooperation with Ukraine.
Sec. 313. Replacement of locally employed staff serving at United States
diplomatic facilities in the Russian Federation.
Sec. 314. Inclusion of Sensitive Compartmented Information Facilities in
United States diplomatic facilities in the Russian Federation
and adjacent countries.
[[Page 128 STAT. 3991]]
Subtitle B--Reporting
Sec. 321. Report on declassification process.
Sec. 322. Report on intelligence community efficient spending targets.
Sec. 323. Annual report on violations of law or executive order.
Sec. 324. Annual report on intelligence activities of the Department of
Homeland Security.
Sec. 325. Report on political prison camps in North Korea.
Sec. 326. Assessment of security of domestic oil refineries and related
rail transportation infrastructure.
Sec. 327. Enhanced contractor level assessments for the intelligence
community.
Sec. 328. Assessment of the efficacy of memoranda of understanding to
facilitate intelligence-sharing.
Sec. 329. Report on foreign man-made electromagnetic pulse weapons.
Sec. 330. Report on United States counterterrorism strategy to disrupt,
dismantle, and defeat al-Qaeda and its affiliated or
associated groups.
Sec. 331. Feasibility study on retraining veterans in cybersecurity.
SEC. 2. <<NOTE: 50 USC 3003.>> DEFINITIONS.
In this Act:
(1) Congressional intelligence committees.--The term
``congressional intelligence committees'' means--
(A) the Select Committee on Intelligence of the
Senate; and
(B) the Permanent Select Committee on Intelligence
of the House of Representatives.
(2) Intelligence community.--The term ``intelligence
community'' has the meaning given that term in section 3(4) of
the National Security Act of 1947 (50 U.S.C. 3003(4)).
SEC. 3. BUDGETARY EFFECTS.
The budgetary effects of this Act, for the purpose of complying with
the Statutory Pay-As-You-Go-Act of 2010, shall be determined by
reference to the latest statement titled ``Budgetary Effects of PAYGO
Legislation'' for this Act, submitted for printing in the Congressional
Record by the Chairman of the Senate Budget Committee, provided that
such statement has been submitted prior to the vote on passage.
TITLE I--INTELLIGENCE ACTIVITIES
SEC. 101. AUTHORIZATION OF APPROPRIATIONS.
Funds are hereby authorized to be appropriated for fiscal year 2015
for the conduct of the intelligence and intelligence-related activities
of the following elements of the United States Government:
(1) The Office of the Director of National Intelligence.
(2) The Central Intelligence Agency.
(3) The Department of Defense.
(4) The Defense Intelligence Agency.
(5) The National Security Agency.
(6) The Department of the Army, the Department of the Navy,
and the Department of the Air Force.
(7) The Coast Guard.
(8) The Department of State.
(9) The Department of the Treasury.
(10) The Department of Energy.
(11) The Department of Justice.
(12) The Federal Bureau of Investigation.
(13) The Drug Enforcement Administration.
(14) The National Reconnaissance Office.
[[Page 128 STAT. 3992]]
(15) The National Geospatial-Intelligence Agency.
(16) The Department of Homeland Security.
SEC. 102. CLASSIFIED SCHEDULE OF AUTHORIZATIONS.
(a) Specifications of Amounts and Personnel Levels.--The amounts
authorized to be appropriated under section 101 and, subject to section
103, the authorized personnel ceilings as of September 30, 2015, for the
conduct of the intelligence activities of the elements listed in
paragraphs (1) through (16) of section 101, are those specified in the
classified Schedule of Authorizations prepared to accompany the bill
H.R. 4681 of the One Hundred Thirteenth Congress.
(b) Availability of Classified Schedule of Authorizations.--
(1) Availability.--The classified Schedule of Authorizations
referred to in subsection (a) shall be made available to the
Committee on Appropriations of the Senate, the Committee on
Appropriations of the House of Representatives, and to the
President.
(2) Distribution by the president.--Subject to paragraph
(3), the President shall provide for suitable distribution of
the classified Schedule of Authorizations, or of appropriate
portions of the Schedule, within the executive branch.
(3) <<NOTE: President.>> Limits on disclosure.--The
President shall not publicly disclose the classified Schedule of
Authorizations or any portion of such Schedule except--
(A) as provided in section 601(a) of the
Implementing Recommendations of the 9/11 Commission Act
of 2007 (50 U.S.C. 3306(a));
(B) to the extent necessary to implement the budget;
or
(C) as otherwise required by law.
SEC. 103. PERSONNEL CEILING ADJUSTMENTS.
(a) <<NOTE: Determination.>> Authority for Increases.--The Director
of National Intelligence may authorize employment of civilian personnel
in excess of the number authorized for fiscal year 2015 by the
classified Schedule of Authorizations referred to in section 102(a) if
the Director of National Intelligence determines that such action is
necessary to the performance of important intelligence functions, except
that the number of personnel employed in excess of the number authorized
under such section may not, for any element of the intelligence
community, exceed 3 percent of the number of civilian personnel
authorized under such Schedule for such element.
(b) <<NOTE: Guidelines.>> Treatment of Certain Personnel.--The
Director of National Intelligence shall establish guidelines that
govern, for each element of the intelligence community, the treatment
under the personnel levels authorized under section 102(a), including
any exemption from such personnel levels, of employment or assignment
in--
(1) a student program, trainee program, or similar program;
(2) a reserve corps or as a reemployed annuitant; or
(3) details, joint duty, or long term, full-time training.
(c) Notice to Congressional Intelligence Committees.--The
Director <<NOTE: Deadline.>> of National Intelligence shall notify the
congressional intelligence committees in writing at least 15 days prior
to each exercise of an authority described in subsection (a).
[[Page 128 STAT. 3993]]
SEC. 104. INTELLIGENCE COMMUNITY MANAGEMENT ACCOUNT.
(a) Authorization of Appropriations.--There is authorized to be
appropriated for the Intelligence Community Management Account of the
Director of National Intelligence for fiscal year 2015 the sum of
$507,400,000. Within such amount, funds identified in the classified
Schedule of Authorizations referred to in section 102(a) for advanced
research and development shall remain available until September 30,
2016.
(b) Authorized Personnel Levels.--The elements within the
Intelligence Community Management Account of the Director of National
Intelligence are authorized 794 positions as of September 30, 2015.
Personnel serving in such elements may be permanent employees of the
Office of the Director of National Intelligence or personnel detailed
from other elements of the United States Government.
(c) Classified Authorizations.--
(1) Authorization of appropriations.--In addition to amounts
authorized to be appropriated for the Intelligence Community
Management Account by subsection (a), there are authorized to be
appropriated for the Community Management Account for fiscal
year 2015 such additional amounts as are specified in the
classified Schedule of Authorizations referred to in section
102(a). Such additional amounts for advanced research and
development shall remain available until September 30, 2016.
(2) Authorization of personnel.--In addition to the
personnel authorized by subsection (b) for elements of the
Intelligence Community Management Account as of September 30,
2015, there are authorized such additional personnel for the
Community Management Account as of that date as are specified in
the classified Schedule of Authorizations referred to in section
102(a).
TITLE II--CENTRAL INTELLIGENCE AGENCY RETIREMENT AND DISABILITY SYSTEM
SEC. 201. AUTHORIZATION OF APPROPRIATIONS.
There is authorized to be appropriated for the Central Intelligence
Agency Retirement and Disability Fund for fiscal year 2015 the sum of
$514,000,000.
TITLE III--GENERAL PROVISIONS
Subtitle A--General Matters
SEC. 301. INCREASE IN EMPLOYEE COMPENSATION AND BENEFITS
AUTHORIZED BY LAW.
Appropriations authorized by this Act for salary, pay, retirement,
and other benefits for Federal employees may be increased by such
additional or supplemental amounts as may be necessary for increases in
such compensation or benefits authorized by law.
[[Page 128 STAT. 3994]]
SEC. 302. RESTRICTION ON CONDUCT OF INTELLIGENCE ACTIVITIES.
The authorization of appropriations by this Act shall not be deemed
to constitute authority for the conduct of any intelligence activity
which is not otherwise authorized by the Constitution or the laws of the
United States.
SEC. 303. NATIONAL INTELLIGENCE STRATEGY.
(a) In General.--Title I of the National Security Act of 1947 (50
U.S.C. 3021 et seq.) is amended by inserting after section 108 the
following:
``SEC. 108A. <<NOTE: 50 USC 3043a.>> NATIONAL INTELLIGENCE
STRATEGY.
``(a) <<NOTE: Effective date. Deadline. Time period.>> In
General.--Beginning in 2017, and once every 4 years thereafter, the
Director of National Intelligence shall develop a comprehensive national
intelligence strategy to meet national security objectives for the
following 4-year period, or a longer period, if appropriate.
``(b) Requirements.--Each national intelligence strategy required by
subsection (a) shall--
``(1) delineate a national intelligence strategy consistent
with--
``(A) the most recent national security strategy
report submitted pursuant to section 108;
``(B) the strategic plans of other relevant
departments and agencies of the United States; and
``(C) other relevant national-level plans;
``(2) address matters related to national and military
intelligence, including counterintelligence;
``(3) identify the major national security missions that the
intelligence community is currently pursuing and will pursue in
the future to meet the anticipated security environment;
``(4) describe how the intelligence community will utilize
personnel, technology, partnerships, and other capabilities to
pursue the major national security missions identified in
paragraph (3);
``(5) assess current, emerging, and future threats to the
intelligence community, including threats from foreign
intelligence and security services and insider threats;
``(6) outline the organizational roles and missions of the
elements of the intelligence community as part of an integrated
enterprise to meet customer demands for intelligence products,
services, and support;
``(7) identify sources of strategic, institutional,
programmatic, fiscal, and technological risk; and
``(8) analyze factors that may affect the intelligence
community's performance in pursuing the major national security
missions identified in paragraph (3) during the following 10-
year period.
``(c) <<NOTE: Reports. Deadline.>> Submission to Congress.--The
Director of National Intelligence shall submit to the congressional
intelligence committees a report on each national intelligence strategy
required by subsection (a) not later than 45 days after the date of the
completion of such strategy.''.
(b) Table of Contents Amendments.--The table of contents in the
first section of the National Security Act of 1947 is amended
[[Page 128 STAT. 3995]]
by inserting after the item relating to section 108 the following new
item:
``Sec. 108A. National intelligence strategy.''.
SEC. 304. SOFTWARE LICENSING.
Section 109 of the National Security Act of 1947 (50 U.S.C. 3044) is
amended--
(1) in subsection (a)(2), by striking ``usage; and'' and
inserting ``usage, including--
``(A) increasing the centralization of the
management of software licenses;
``(B) increasing the regular tracking and
maintaining of comprehensive inventories of software
licenses using automated discovery and inventory tools
and metrics;
``(C) analyzing software license data to inform
investment decisions; and
``(D) providing appropriate personnel with
sufficient software licenses management training; and'';
(2) in subsection (b)--
(A) in paragraph (1), by striking ``; and'' and
inserting a semicolon;
(B) in paragraph (2), by striking ``usage.'' and
inserting ``usage, including--
``(A) increasing the centralization of the
management of software licenses;
``(B) increasing the regular tracking and
maintaining of comprehensive inventories of software
licenses using automated discovery and inventory tools
and metrics;
``(C) analyzing software license data to inform
investment decisions; and
``(D) providing appropriate personnel with
sufficient software licenses management training; and'';
and
(C) by adding at the end the following new
paragraph:
``(3) based on the assessment required under paragraph (2),
make such recommendations with respect to software procurement
and usage to the Director of National Intelligence as the Chief
Information Officer considers appropriate.''; and
(3) by adding at the end the following new subsection:
``(d) <<NOTE: Deadline. Guidelines.>> Implementation of
Recommendations.--Not later than 180 days after the date on which the
Director of National Intelligence receives recommendations from the
Chief Information Officer of the Intelligence Community in accordance
with subsection (b)(3), the Director of National Intelligence shall, to
the extent practicable, issue guidelines for the intelligence community
on software procurement and usage based on such recommendations.''.
SEC. 305. REPORTING OF CERTAIN EMPLOYMENT ACTIVITIES BY FORMER
INTELLIGENCE OFFICERS AND EMPLOYEES.
(a) Restriction.--Title III of the National Security Act of 1947 (50
U.S.C. 3071 et seq.) is amended by inserting after section 303 the
following new section:
``SEC. 304. <<NOTE: 50 USC 3073a.>> REPORTING OF CERTAIN
EMPLOYMENT ACTIVITIES BY FORMER
INTELLIGENCE OFFICERS AND EMPLOYEES.
``(a) <<NOTE: Regulations.>> In General.--The head of each element
of the intelligence community shall issue regulations requiring each
employee of such element occupying a covered position to sign a written
agreement
[[Page 128 STAT. 3996]]
requiring the regular reporting of covered employment to the head of
such element.
``(b) Agreement Elements.--The regulations required under subsection
(a) shall provide that an agreement contain provisions requiring each
employee occupying a covered position to, during the two-year period
beginning on the date on which such employee ceases to occupy such
covered position--
``(1) report covered employment to the head of the element
of the intelligence community that employed such employee in
such covered position upon accepting such covered employment;
and
``(2) annually (or more frequently if the head of such
element considers it appropriate) report covered employment to
the head of such element.
``(c) Definitions.--In this section:
``(1) Covered employment.--The term `covered employment'
means direct employment by, representation of, or the provision
of advice relating to national security to the government of a
foreign country or any person whose activities are directly or
indirectly supervised, directed, controlled, financed, or
subsidized, in whole or in major part, by any government of a
foreign country.
``(2) Covered position.--The term `covered position' means a
position within an element of the intelligence community that,
based on the level of access of a person occupying such position
to information regarding sensitive intelligence sources or
methods or other exceptionally sensitive matters, the head of
such element determines should be subject to the requirements of
this section.
``(3) Government of a foreign country.--The term `government
of a foreign country' has the meaning given the term in section
1(e) of the Foreign Agents Registration Act of 1938 (22 U.S.C.
611(e)).''.
(b) <<NOTE: Deadlines.>> Regulations and Certification.--
(1) Regulations.--Not later than 90 days after the date of
the enactment of this Act, the head of each element of the
intelligence community shall issue the regulations required
under section 304 of the National Security Act of 1947, as added
by subsection (a) of this section.
(2) Certification.--Not later than 180 days after the date
of the enactment of this Act, the Director of National
Intelligence shall submit to the congressional intelligence
committees--
(A) a certification that each head of an element of
the intelligence community has prescribed the
regulations required under section 304 of the National
Security Act of 1947, as added by subsection (a) of this
section; or
(B) if the Director is unable to submit the
certification described under subparagraph (A), an
explanation as to why the Director is unable to submit
such certification, including a designation of which
heads of an element of the intelligence community have
prescribed the regulations required under such section
304 and which have not.
(c) Table of Contents Amendments.--The table of contents in the
first section of the National Security Act of 1947 is amended--
[[Page 128 STAT. 3997]]
(1) by striking the second item relating to section 302
(Under Secretaries and Assistant Secretaries) and the items
relating to sections 304, 305, and 306; and
(2) by inserting after the item relating to section 303 the
following new item:
``Sec. 304. Reporting of certain employment activities by former
intelligence officers and employees.''.
SEC. 306. INCLUSION OF PREDOMINANTLY BLACK INSTITUTIONS IN
INTELLIGENCE OFFICER TRAINING PROGRAM.
Section 1024 of the National Security Act of 1947 (50 U.S.C. 3224)
is amended--
(1) in subsection (c)(1), by inserting ``and Predominantly
Black Institutions'' after ``universities''; and
(2) in subsection (g)--
(A) by redesignating paragraph (4) as paragraph (5);
and
(B) by inserting after paragraph (3) the following
new paragraph:
``(4) <<NOTE: Definition.>> Predominantly black
institution.--The term `Predominantly Black Institution' has the
meaning given the term in section 318 of the Higher education
Act of 1965 (20 U.S.C. 1059e).''.
SEC. 307. <<NOTE: Deadlines.>> MANAGEMENT AND OVERSIGHT OF
FINANCIAL INTELLIGENCE.
(a) Requirement for Plan.--Not later than 90 days after the date of
the enactment of this Act, the Director of National Intelligence shall
prepare a plan for management of the elements of the intelligence
community that carry out financial intelligence activities.
(b) Contents of Plan.--The plan required by subsection (a) shall
establish a governance framework, procedures for sharing and harmonizing
the acquisition and use of financial analytic tools, standards for
quality of analytic products, procedures for oversight and evaluation of
resource allocations associated with the joint development of
information sharing efforts and tools, and an education and training
model for elements of the intelligence community that carry out
financial intelligence activities.
(c) Briefing to Congress.--Not later than 180 days after the date of
the enactment of this Act, the Director of National Intelligence shall
brief the congressional intelligence committees on the actions the
Director proposes to implement the plan required by subsection (a).
SEC. 308. ANALYSIS OF PRIVATE SECTOR POLICIES AND PROCEDURES FOR
COUNTERING INSIDER THREATS.
(a) <<NOTE: Deadline. Consultation.>> Analysis.--Not later than 180
days after the date of the enactment of this Act, the Director of
National Intelligence, in consultation with the National
Counterintelligence Executive, shall submit to the congressional
intelligence committees an analysis of private sector policies and
procedures for countering insider threats.
(b) Content.--The analysis required by subsection (a) shall
include--
(1) <<NOTE: Review.>> a review of whether and how the
intelligence community could utilize private sector hiring and
human resources best
[[Page 128 STAT. 3998]]
practices to screen, vet, and validate the credentials,
capabilities, and character of applicants for positions
involving trusted access to sensitive information;
(2) an analysis of private sector policies for holding
supervisors and subordinates accountable for violations of
established security protocols and whether the intelligence
community should adopt similar policies for positions of trusted
access to sensitive information;
(3) <<NOTE: Assessment.>> an assessment of the feasibility
and advisability of applying mandatory leave policies, similar
to those endorsed by the Federal Deposit Insurance Corporation
and the Securities and Exchange Commission to identify fraud in
the financial services industry, to certain positions within the
intelligence community; and
(4) <<NOTE: Recommenda- tions.>> recommendations for how
the intelligence community could utilize private sector risk
indices, such as credit risk scores, to make determinations
about employee access to sensitive information.
SEC. 309. <<NOTE: 50 USC 1813.>> PROCEDURES FOR THE RETENTION OF
INCIDENTALLY ACQUIRED COMMUNICATIONS.
(a) Definitions.--In this section:
(1) Covered communication.--The term ``covered
communication'' means any nonpublic telephone or electronic
communication acquired without the consent of a person who is a
party to the communication, including communications in
electronic storage.
(2) Head of an element of the intelligence community.--The
term ``head of an element of the intelligence community'' means,
as appropriate--
(A) the head of an element of the intelligence
community; or
(B) the head of the department or agency containing
such element.
(3) United states person.--The term ``United States person''
has the meaning given that term in section 101 of the Foreign
Intelligence Surveillance Act of 1978 (50 U.S.C. 1801).
(b) Procedures for Covered Communications.--
(1) <<NOTE: Deadline.>> Requirement to adopt.--Not later
than 2 years after the date of the enactment of this Act each
head of an element of the intelligence community shall adopt
procedures approved by the Attorney General for such element
that ensure compliance with the requirements of paragraph (3).
(2) Coordination and approval.--The procedures required by
paragraph (1) shall be--
(A) prepared in coordination with the Director of
National Intelligence; and
(B) approved by the Attorney General prior to
issuance.
(3) Procedures.--
(A) Application.--The procedures required by
paragraph (1) shall apply to any intelligence collection
activity not otherwise authorized by court order
(including an order or certification issued by a court
established under subsection (a) or (b) of section 103
of the Foreign Intelligence Surveillance Act of 1978 (50
U.S.C. 1803)), subpoena, or similar legal process that
is reasonably anticipated to result in the acquisition
of a covered communication to or from
[[Page 128 STAT. 3999]]
a United States person and shall permit the acquisition,
retention, and dissemination of covered communications
subject to the limitation in subparagraph (B).
(B) <<NOTE: Time period.>> Limitation on
retention.--A covered communication shall not be
retained in excess of 5 years, unless--
(i) the communication has been affirmatively
determined, in whole or in part, to constitute
foreign intelligence or counterintelligence or is
necessary to understand or assess foreign
intelligence or counterintelligence;
(ii) the communication is reasonably believed
to constitute evidence of a crime and is retained
by a law enforcement agency;
(iii) the communication is enciphered or
reasonably believed to have a secret meaning;
(iv) all parties to the communication are
reasonably believed to be non-United States
persons;
(v) <<NOTE: Reports. Deadline.>> retention is
necessary to protect against an imminent threat to
human life, in which case both the nature of the
threat and the information to be retained shall be
reported to the congressional intelligence
committees not later than 30 days after the date
such retention is extended under this clause;
(vi) retention is necessary for technical
assurance or compliance purposes, including a
court order or discovery obligation, in which case
access to information retained for technical
assurance or compliance purposes shall be reported
to the congressional intelligence committees on an
annual basis; or
(vii) <<NOTE: Time
period. Determination. Certification.>> retention
for a period in excess of 5 years is approved by
the head of the element of the intelligence
community responsible for such retention, based on
a determination that retention is necessary to
protect the national security of the United
States, in which case the head of such element
shall provide to the congressional intelligence
committees a written certification describing--
(I) the reasons extended retention
is necessary to protect the national
security of the United States;
(II) the duration for which the head
of the element is authorizing retention;
(III) the particular information to
be retained; and
(IV) the measures the element of the
intelligence community is taking to
protect the privacy interests of United
States persons or persons located inside
the United States.
SEC. 310. CLARIFICATION OF LIMITATION OF REVIEW TO RETALIATORY
SECURITY CLEARANCE OR ACCESS
DETERMINATIONS.
Section 3001(b)(7) of the Intelligence Reform and Terrorism
Prevention Act of 2004 (50 U.S.C. 3341(b)(7)) is amended--
(1) in the matter preceding subparagraph (A), by striking
``2014--'' and inserting ``2014, and consistent with subsection
(j)--'';
[[Page 128 STAT. 4000]]
(2) in subparagraph (A), by striking ``to appeal a
determination to suspend or revoke a security clearance or
access to classified information'' and inserting ``alleging
reprisal for having made a protected disclosure (provided the
individual does not disclose classified information or other
information contrary to law) to appeal any action affecting an
employee's access to classified information''; and
(3) in subparagraph (B), by striking ``information,''
inserting ``information following a protected disclosure,''.
SEC. 311. FEASIBILITY STUDY ON CONSOLIDATING CLASSIFIED DATABASES
OF CYBER THREAT INDICATORS AND MALWARE
SAMPLES.
(a) <<NOTE: Consultation.>> In General.--Not later than 180 days
after the date of the enactment of this Act, the Director of National
Intelligence, in consultation with the Secretary of Homeland Security,
the Director of the National Security Agency, the Director of the
Central Intelligence Agency, and the Director of the Federal Bureau of
Investigation, shall conduct a feasibility study on consolidating
classified databases of cyber threat indicators and malware samples in
the intelligence community.
(b) <<NOTE: Records. Assessments.>> Elements.--The feasibility
study required by subsection (a) shall include the following:
(1) An inventory of classified databases of cyber threat
indicators and malware samples in the intelligence community.
(2) An assessment of actions that could be carried out to
consolidate such databases to achieve the greatest possible
information sharing within the intelligence community and cost
savings for the Federal Government.
(3) An assessment of any impediments to such consolidation.
(4) An assessment of whether the Intelligence Community
Information Technology Enterprise can support such
consolidation.
(c) Report to Congress.--Not later than 30 days after the date on
which the Director of National Intelligence completes the feasibility
study required by subsection (a), the Director shall submit to the
congressional intelligence committees a written report that summarizes
the feasibility study, including the information required under
subsection (b).
SEC. 312. SENSE OF CONGRESS ON CYBERSECURITY THREAT AND CYBERCRIME
COOPERATION WITH UKRAINE.
It is the sense of Congress that--
(1) cooperation between the intelligence and law enforcement
agencies of the United States and Ukraine should be increased to
improve cybersecurity policies between these two countries;
(2) the United States should pursue improved extradition
procedures among the Governments of the United States, Ukraine,
and other countries from which cybercriminals target United
States citizens and entities;
(3) the President should--
(A) initiate a round of formal United States-Ukraine
bilateral talks on cybersecurity threat and cybercrime
cooperation, with additional multilateral talks that
include other law enforcement partners such as Europol
and Interpol; and
[[Page 128 STAT. 4001]]
(B) work to obtain a commitment from the Government
of Ukraine to end cybercrime directed at persons outside
Ukraine and to work with the United States and other
allies to deter and convict known cybercriminals;
(4) the President should establish a capacity building
program with the Government of Ukraine, which could include--
(A) a joint effort to improve cyber capacity
building, including intelligence and law enforcement
services in Ukraine;
(B) sending United States law enforcement agents to
aid law enforcement agencies in Ukraine in investigating
cybercrimes; and
(C) agreements to improve communications networks to
enhance law enforcement cooperation, such as a hotline
directly connecting law enforcement agencies in the
United States and Ukraine; and
(5) the President should establish and maintain an
intelligence and law enforcement cooperation scorecard with
metrics designed to measure the number of instances that
intelligence and law enforcement agencies in the United States
request assistance from intelligence and law enforcement
agencies in Ukraine and the number and type of responses
received to such requests.
SEC. 313. REPLACEMENT OF LOCALLY EMPLOYED STAFF SERVING AT UNITED
STATES DIPLOMATIC FACILITIES IN THE
RUSSIAN FEDERATION.
(a) Employment Requirement.--
(1) <<NOTE: Deadline.>> In general.--The Secretary of State
shall ensure that, not later than one year after the date of the
enactment of this Act, every supervisory position at a United
States diplomatic facility in the Russian Federation shall be
occupied by a citizen of the United States who has passed, and
shall be subject to, a thorough background check.
(2) <<NOTE: Notification.>> Extension.--The Secretary of
State may extend the deadline under paragraph (1) for up to one
year by providing advance written notification and justification
of such extension to the appropriate congressional committees.
(3) Progress report.--Not later than 180 days after the date
of the enactment of this Act, the Secretary of State shall
submit to the appropriate congressional committees a report on
progress made toward meeting the employment requirement under
paragraph (1).
(b) Plan for Reduced Use of Locally Employed Staff.--Not later than
180 <<NOTE: Deadline. Coordination.>> days after the date of the
enactment of this Act, the Secretary of State, in coordination with
other appropriate government agencies, shall submit to the appropriate
congressional committees a plan to further reduce the reliance on
locally employed staff in United States diplomatic facilities in the
Russian Federation. The <<NOTE: Cost estimates.>> plan shall, at a
minimum, include cost estimates, timelines, and numbers of employees to
be replaced.
(c) Appropriate Congressional Committees Defined.--In this section,
the term ``appropriate congressional committees'' means--
(1) the congressional intelligence committees;
[[Page 128 STAT. 4002]]
(2) the Committee on Armed Services, the Committee on
Foreign Relations, and the Committee on Appropriations of the
Senate; and
(3) the Committee on Armed Services, the Committee on
Foreign Affairs, and the Committee on Appropriations of the
House of Representatives.
(d) Rule of Construction.--Nothing in this section shall be
construed to infringe on the power of the President, by and with the
advice and consent of the Senate, to appoint ambassadors, other public
ministers, and consuls.''
SEC. 314. <<NOTE: 22 USC 4865 note.>> INCLUSION OF SENSITIVE
COMPARTMENTED INFORMATION FACILITIES IN
UNITED STATES DIPLOMATIC FACILITIES IN THE
RUSSIAN FEDERATION AND ADJACENT COUNTRIES.
(a) Sensitive Compartmented Information Facility Requirement.--Each
United States diplomatic facility that, after the date of the enactment
of this Act, is constructed in, or undergoes a construction upgrade in,
the Russian Federation, any country that shares a land border with the
Russian Federation, or any country that is a former member of the Soviet
Union shall be constructed to include a Sensitive Compartmented
Information Facility.
(b) <<NOTE: Determination. Deadline.>> National Security Waiver.--
The Secretary of State may waive the requirement under subsection (a) if
the Secretary determines that such waiver is in the national security
interest of the United States and submits a written justification to the
appropriate congressional committees not later than 180 days before
exercising such waiver.
(c) Appropriate Congressional Committees Defined.--In this section,
the term ``appropriate congressional committees'' means--
(1) the congressional intelligence committees;
(2) the Committee on Armed Services, the Committee on
Foreign Relations, and the Committee on Appropriations of the
Senate; and
(3) the Committee on Armed Services, the Committee on
Foreign Affairs, and the Committee on Appropriations of the
House of Representatives.
Subtitle B--Reporting
SEC. 321. REPORT ON DECLASSIFICATION PROCESS.
Not later than December 31, 2016, the Director of National
Intelligence shall submit to Congress a report describing--
(1) proposals to improve the declassification process
throughout the intelligence community; and
(2) steps the intelligence community could take, or
legislation that may be necessary, to enable the National
Declassification Center to better accomplish the missions
assigned to the Center by Executive Order No. 13526 (75 Fed.
Reg. 707).
SEC. 322. REPORT ON INTELLIGENCE COMMUNITY EFFICIENT SPENDING
TARGETS.
(a) In General.--Not later than April 1, 2016, and April 1, 2017,
the Director of National Intelligence shall submit to the congressional
intelligence committees a report on the status and
[[Page 128 STAT. 4003]]
effectiveness of efforts to reduce administrative costs for the
intelligence community during the preceding year.
(b) Elements.--Each report under subsection (a) shall include for
each element of the intelligence community the following:
(1) A description of the status and effectiveness of efforts
to devise alternatives to government travel and promote
efficient travel spending, such as teleconferencing and video
conferencing.
(2) A description of the status and effectiveness of efforts
to limit costs related to hosting and attending conferences.
(3) A description of the status and effectiveness of efforts
to assess information technology inventories and usage, and
establish controls, to reduce costs related to underutilized
information technology equipment, software, or services.
(4) A description of the status and effectiveness of efforts
to limit the publication and printing of hard copy documents.
(5) A description of the status and effectiveness of efforts
to improve the performance of Federal fleet motor vehicles and
limit executive transportation.
(6) A description of the status and effectiveness of efforts
to limit the purchase of extraneous promotional items, such as
plaques, clothing, and commemorative items.
(7) A description of the status and effectiveness of efforts
to consolidate and streamline workforce training programs to
focus on the highest priority workforce and mission needs.
(8) Such other matters relating to efforts to reduce
intelligence community administrative costs as the Director may
specify for purposes of this section.
SEC. 323. ANNUAL REPORT ON VIOLATIONS OF LAW OR EXECUTIVE ORDER.
(a) In General.--Title V of the National Security Act of 1947 (50
U.S.C. 3091 et seq.) is amended by adding at the end the following:
``SEC. 511. <<NOTE: 50 USC 3110.>> ANNUAL REPORT ON VIOLATIONS OF
LAW OR EXECUTIVE ORDER.
``(a) Annual Reports Required.--The Director of National
Intelligence shall annually submit to the congressional intelligence
committees a report on violations of law or executive order relating to
intelligence activities by personnel of an element of the intelligence
community that were identified during the previous calendar year.
``(b) Elements.--Each report submitted under subsection (a) shall,
consistent with the need to preserve ongoing criminal investigations,
include a description of, and any action taken in response to, any
violation of law or executive order (including Executive Order No. 12333
(50 U.S.C. 3001 note)) relating to intelligence activities committed by
personnel of an element of the intelligence community in the course of
the employment of such personnel that, during the previous calendar
year, was--
``(1) determined by the director, head, or general counsel
of any element of the intelligence community to have occurred;
``(2) referred to the Department of Justice for possible
criminal prosecution; or
``(3) substantiated by the inspector general of any element
of the intelligence community.''.
[[Page 128 STAT. 4004]]
(b) Initial Report.--The first report required under section 511 of
the National Security Act of 1947, as added by subsection (a), shall be
submitted not later than one year after the date of the enactment of
this Act.
(c) Guidelines.--Not later than 180 days after the date of the
enactment of this Act, the Director of National Intelligence, in
consultation with the head of each element of the intelligence
community, shall--
(1) issue guidelines to carry out section 511 of the
National Security Act of 1947, as added by subsection (a); and
(2) submit such guidelines to the congressional intelligence
committees.
(d) Table of Contents Amendment.--The table of sections in the first
section of the National Security Act of 1947 is amended by adding after
the item relating to section 510 the following new item:
``Sec. 511. Annual report on violations of law or executive order.''.
(e) Rule of Construction.--Nothing in this section or the amendments
made by this section shall be construed to alter any requirement
existing on the date of the enactment of this Act to submit a report
under any provision of law.
SEC. 324. <<NOTE: 6 USC 125.>> ANNUAL REPORT ON INTELLIGENCE
ACTIVITIES OF THE DEPARTMENT OF HOMELAND
SECURITY.
(a) In General.--For each fiscal year and along with the budget
materials submitted in support of the budget of the Department of
Homeland Security pursuant to section 1105(a) of title 31, United States
Code, the Under Secretary for Intelligence and Analysis of the
Department shall submit to the congressional intelligence committees a
report for such fiscal year on each intelligence activity of each
intelligence component of the Department, as designated by the Under
Secretary, that includes the following:
(1) The amount of funding requested for each such
intelligence activity.
(2) The number of full-time employees funded to perform each
such intelligence activity.
(3) The number of full-time contractor employees (or the
equivalent of full-time in the case of part-time contractor
employees) funded to perform or in support of each such
intelligence activity.
(4) <<NOTE: Determination.>> A determination as to whether
each such intelligence activity is predominantly in support of
national intelligence or departmental missions.
(5) The total number of analysts of the Intelligence
Enterprise of the Department that perform--
(A) strategic analysis; or
(B) operational analysis.
(b) Feasibility and Advisability Report.--Not later than 120 days
after the date of the enactment of this Act, the Secretary of Homeland
Security, acting through the Under Secretary for Intelligence and
Analysis, shall submit to the congressional intelligence committees a
report that--
[[Page 128 STAT. 4005]]
(1) examines the feasibility and advisability of including
the budget request for all intelligence activities of each
intelligence component of the Department that predominantly
support departmental missions, as designated by the Under
Secretary for Intelligence and Analysis, in the Homeland
Security Intelligence Program; and
(2) <<NOTE: Plans.>> includes a plan to enhance the
coordination of department-wide intelligence activities to
achieve greater efficiencies in the performance of the
Department of Homeland Security intelligence functions.
(c) <<NOTE: Definition.>> Intelligence Component of the
Department.--In this section, the term ``intelligence component of the
Department'' has the meaning given that term in section 2 of the
Homeland Security Act of 2002 (6 U.S.C. 101).
SEC. 325. <<NOTE: Human rights.>> REPORT ON POLITICAL PRISON
CAMPS IN NORTH KOREA.
(a) <<NOTE: Consultation.>> In General.--The Director of National
Intelligence, in consultation with the Secretary of State, shall submit
to the congressional intelligence committees, the Committee on Foreign
Relations of the Senate, and the Committee on Foreign Affairs of the
House of Representatives a report on political prison camps in North
Korea.
(b) Elements.--The report required by subsection (a) shall--
(1) describe the actions the United States is taking to
support implementation of the recommendations of the United
Nations Commission of Inquiry on Human Rights in the Democratic
People's Republic of Korea, including the eventual establishment
of a tribunal to hold individuals accountable for abuses; and
(2) include, with respect to each political prison camp in
North Korea to the extent information is available--
(A) the estimated prisoner population of each such
camp;
(B) the geographical coordinates of each such camp;
(C) the reasons for confinement of the prisoners at
each such camp;
(D) a description of the primary industries and
products made at each such camp, and the end users of
any goods produced in such camp;
(E) information regarding involvement of any non-
North Korean entity or individual involved in the
operations of each such camp, including as an end user
or source of any good or products used in, or produced
by, in such camp;
(F) information identifying individuals and agencies
responsible for conditions in each such camp at all
levels of the Government of North Korea;
(G) a description of the conditions under which
prisoners are confined, with respect to the adequacy of
food, shelter, medical care, working conditions, and
reports of ill-treatment of prisoners, at each such
camp; and
(H) unclassified imagery, including satellite
imagery, of each such camp.
(c) Form.--The report required by subsection (a) shall be submitted
in an unclassified form and may include a classified annex if necessary.
[[Page 128 STAT. 4006]]
SEC. 326. ASSESSMENT OF SECURITY OF DOMESTIC OIL REFINERIES AND
RELATED RAIL TRANSPORTATION
INFRASTRUCTURE.
(a) Assessment.--The Under Secretary of Homeland Security for
Intelligence and Analysis shall conduct an intelligence assessment of
the security of domestic oil refineries and related rail transportation
infrastructure.
(b) <<NOTE: Deadline.>> Submission.--Not later than 180 days after
the date of the enactment of this Act, the Under Secretary of Homeland
Security for Intelligence and Analysis shall submit to the congressional
intelligence committees--
(1) the results of the assessment required under subsection
(a); and
(2) <<NOTE: Recommenda- tions.>> any recommendations with
respect to intelligence sharing or intelligence collection to
improve the security of domestic oil refineries and related rail
transportation infrastructure to protect the communities
surrounding such refineries or such infrastructure from
potential harm that the Under Secretary considers appropriate.
SEC. 327. ENHANCED CONTRACTOR LEVEL ASSESSMENTS FOR THE
INTELLIGENCE COMMUNITY.
Section 506B(c) of the National Security Act of 1947 (50 U.S.C.
3098(c)) is amended--
(1) in paragraph (11), by striking ``or contracted'';
(2) by redesignating paragraph (12) as paragraph (13); and
(3) by inserting after paragraph (11) the following:
``(12) The best estimate of the number of intelligence
collectors and analysts contracted by each element of the
intelligence community and a description of the functions
performed by such contractors.''.
SEC. 328. ASSESSMENT OF THE EFFICACY OF MEMORANDA OF UNDERSTANDING
TO FACILITATE INTELLIGENCE-SHARING.
Not <<NOTE: Deadline. Consultation.>> later than 90 days after the
date of the enactment of this Act, the Under Secretary of Homeland
Security for Intelligence and Analysis, in consultation with the
Director of the Federal Bureau of Investigation and the Program Manager
of the Information Sharing Environment, shall submit to the
congressional intelligence committees, the Committee on Homeland
Security and Governmental Affairs of the Senate, the Committee on
Homeland Security of the House of Representatives, the Committee on the
Judiciary of the Senate, and the Committee on the Judiciary of the House
of Representatives an assessment of the efficacy of the memoranda of
understanding signed between Federal, State, local, tribal, and
territorial agencies to facilitate intelligence-sharing within and
separate from the Joint Terrorism Task Force. Such assessment shall
include--
(1) any language within such memoranda of understanding that
prohibited or may be construed to prohibit intelligence-sharing
between Federal, State, local, tribal, and territorial agencies;
and
(2) <<NOTE: Recommenda- tions.>> any recommendations for
memoranda of understanding to better facilitate intelligence-
sharing between Federal, State, local, tribal, and territorial
agencies.
[[Page 128 STAT. 4007]]
SEC. 329. REPORT ON FOREIGN MAN-MADE ELECTROMAGNETIC PULSE
WEAPONS.
(a) Report.--Not later than 180 days after the date of the enactment
of this Act, the Director of National Intelligence shall submit to the
congressional intelligence committees, the Committee on Armed Services
of the Senate, and the Committee on Armed Services of the House of
Representatives a report on the threat posed by man-made electromagnetic
pulse weapons to United States interests through 2025, including threats
from foreign countries and foreign non-State actors.
(b) Form.--The report required under subsection (a) shall be
submitted in unclassified form, but may include a classified annex.
SEC. 330. REPORT ON UNITED STATES COUNTERTERRORISM STRATEGY TO
DISRUPT, DISMANTLE, AND DEFEAT AL-QAEDA
AND ITS AFFILIATED OR ASSOCIATED GROUPS.
(a) Report.--
(1) In general.--Not later than 180 days after the date of
the enactment of this Act, the Director of National Intelligence
shall submit to the appropriate committees of Congress a
comprehensive report on the United States counterterrorism
strategy to disrupt, dismantle, and defeat al-Qaeda and its
affiliated or associated groups.
(2) Coordination.--The report required by paragraph (1)
shall be prepared in coordination with the Secretary of State,
the Secretary of the Treasury, the Attorney General, and the
Secretary of Defense, and the head of any other department or
agency of the United States Government that has responsibility
for activities directed at combating al-Qaeda and its affiliated
or associated groups.
(3) <<NOTE: Assessments.>> Elements.--The report required
by paragraph (1) shall include the following:
(A) A definition of--
(i) al-Qaeda core, including a list of which
known individuals constitute al-Qaeda core;
(ii) an affiliated group of al-Qaeda,
including a list of which known groups constitute
an affiliate group of al-Qaeda;
(iii) an associated group of al-Qaeda,
including a list of which known groups constitute
an associated group of al-Qaeda; and
(iv) a group aligned with al-Qaeda, including
a description of what actions a group takes or
statements it makes that qualify it as a group
aligned with al-Qaeda.
(B) <<NOTE: Lists.>> A list of any other group,
including the organization that calls itself the Islamic
State (also known as ``ISIS'' or ``ISIL''), that adheres
to the core mission of al-Qaeda, or who espouses the
same violent jihad ideology as al-Qaeda.
(C) An assessment of the relationship between al-
Qaeda core and the groups referred to in subparagraph
(B).
(D) An assessment of the strengthening or weakening
of al-Qaeda and the groups referred to in subparagraph
(B) from January 1, 2010, to the present, including a
[[Page 128 STAT. 4008]]
description of the metrics that are used to assess
strengthening or weakening and an assessment of the
relative increase or decrease in violent attacks
attributed to such entities.
(E) An assessment of whether or not an individual
can be a member of al-Qaeda core if such individual is
not located in Afghanistan or Pakistan.
(F) An assessment of whether or not an individual
can be a member of al-Qaeda core as well as a member of
a group referred to in subparagraph (B).
(G) A definition of defeat of core al-Qaeda.
(H) An assessment of the extent or coordination,
command, and control between core al-Qaeda and the
groups referred to in subparagraph (B), specifically
addressing each such group.
(I) An assessment of the effectiveness of
counterterrorism operations against core al-Qaeda and
the groups referred to in subparagraph (B), and whether
such operations have had a sustained impact on the
capabilities and effectiveness of core al-Qaeda and such
groups.
(4) Form.--The report required by paragraph (1) shall be
submitted in unclassified form, but may include a classified
annex.
(b) Appropriate Committees of Congress Defined.--In this section,
the term ``appropriate committees of Congress'' means--
(1) the congressional intelligence committees;
(2) the Committee on Foreign Relations and the Committee on
Armed Services of the Senate; and
(3) the Committee on Foreign Affairs and the Committee on
Armed Services of the House of Representatives.
SEC. 331. FEASIBILITY STUDY ON RETRAINING VETERANS IN
CYBERSECURITY.
Not <<NOTE: Consultation.>> later than 180 days after the date of
the enactment of this Act, the Director of National Intelligence, in
consultation with the Secretary of Defense, the Secretary of Veterans
Affairs, and the Secretary of Homeland Security, shall submit to
Congress a feasibility study on retraining veterans and retired members
of elements of the intelligence community in cybersecurity.
Approved December 19, 2014.
LEGISLATIVE HISTORY--H.R. 4681:
---------------------------------------------------------------------------
HOUSE REPORTS: No. 113-463 (Permanent Select Comm. on Intelligence).
CONGRESSIONAL RECORD, Vol. 160 (2014):
May 30, considered and passed House.
Dec. 9, considered and passed Senate, amended.
Dec. 10, House concurred in Senate amendment.
<all>