§7432. National cybersecurity challenges
(a) Establishment of national cybersecurity challenges
(1) In general
To achieve high-priority breakthroughs in cybersecurity by 2028, the Secretary of Commerce shall establish the following national cybersecurity challenges:
(A) Economics of a cyber attack
Building more resilient systems that measurably and exponentially raise adversary costs of carrying out common cyber attacks.
(B) Cyber training
(i) Empowering the people of the United States with an appropriate and measurably sufficient level of digital literacy to make safe and secure decisions online.
(ii) Developing a cybersecurity workforce with measurable skills to protect and maintain information systems.
(C) Emerging technology
Advancing cybersecurity efforts in response to emerging technology, such as artificial intelligence, quantum science, next generation communications, autonomy, data science, and computational technologies.
(D) Reimagining digital identity
Maintaining a high sense of usability while improving the privacy, security, and safety of online activity of individuals in the United States.
(E) Federal agency resilience
Reducing cybersecurity risks to Federal networks and systems, and improving the response of Federal agencies to cybersecurity incidents on such networks and systems.
(2) Coordination
In establishing the challenges under paragraph (1), the Secretary shall coordinate with the Secretary of Homeland Security on the challenges under subparagraphs (B) and (E) of such paragraph.
(b) Pursuit of national cybersecurity challenges
(1) In general
Not later than 180 days after January 1, 2021, the Secretary, acting through the Under Secretary of Commerce for Standards and Technology, shall commence efforts to pursue the national cybersecurity challenges established under subsection (a).
(2) Competitions
The efforts required by paragraph (1) shall include carrying out programs to award prizes, including cash and noncash prizes, competitively pursuant to the authorities and processes established under section 3719 of this title or any other applicable provision of law.
(3) Additional authorities
In carrying out paragraph (1), the Secretary may enter into and perform such other transactions as the Secretary considers necessary and on such terms as the Secretary considers appropriate.
(4) Coordination
In pursuing national cybersecurity challenges under paragraph (1), the Secretary shall coordinate with the following:
(A) The Director of the National Science Foundation.
(B) The Secretary of Homeland Security.
(C) The Director of the Defense Advanced Research Projects Agency.
(D) The Director of the Office of Science and Technology Policy.
(E) The Director of the Office of Management and Budget.
(F) The Administrator of the General Services Administration.
(G) The Federal Trade Commission.
(H) The heads of such other Federal agencies as the Secretary of Commerce considers appropriate for purposes of this section.
(5) Solicitation of acceptance of funds
(A) In general
Pursuant to section 3719 of this title, the Secretary shall request and accept funds from other Federal agencies, State, United States territory, local, or Tribal government agencies, private sector for-profit entities, and nonprofit entities to support efforts to pursue a national cybersecurity challenge under this section.
(B) Rule of construction
Nothing in subparagraph (A) may be construed to require any person or entity to provide funds or otherwise participate in an effort or competition under this section.
(c) Recommendations
(1) In general
In carrying out this section, the Secretary of Commerce shall designate an advisory council to seek recommendations.
(2) Elements
The recommendations required by paragraph (1) shall include the following:
(A) A scope for efforts carried out under subsection (b).
(B) Metrics to assess submissions for prizes under competitions carried out under subsection (b) as the submissions pertain to the national cybersecurity challenges established under subsection (a).
(3) No additional compensation
The Secretary may not provide any additional compensation, except for travel expenses, to a member of the advisory council designated under paragraph (1) for participation in the advisory council.
(