(a) Future vulnerability program
(1) Establishment
Not later than 120 days after March 12, 2020, including an opportunity for notice and comment, the Assistant Secretary, in cooperation with the Director of National Intelligence, the Director of the Federal Bureau of Investigation, the Secretary of Homeland Security, and the Commission, shall establish a program to share information regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services.
(2) Activities
In carrying out the program established under paragraph (1), the Assistant Secretary shall—
(A) conduct regular briefings and other events to share information with trusted providers of advanced communications service and trusted suppliers of communications equipment or services;
(B) engage with trusted providers of advanced communications service and trusted suppliers of communications equipment or services, in particular such providers and suppliers that—
(i) are small businesses; or
(ii) primarily serve rural areas;
(C) not later than 180 days after March 12, 2020, submit to the Committee on Energy and Commerce of the House of Representatives and the Committee on Commerce, Science, and Transportation of the Senate a plan for—
(i) declassifying material, when feasible, to help share information regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services; and
(ii) expediting and expanding the provision of security clearances to facilitate information sharing regarding supply chain security risks with trusted providers of advanced communications service and trusted suppliers of communications equipment or services; and
(D) ensure that the activities carried out through the program are consistent with and, to the extent practicable, integrated with, ongoing activities of the Department of Homeland Security and the Department of Commerce.
(3) Scope of program
The program established under paragraph (1) shall involve only the sharing of information regarding supply chain security risks by the Federal Government to trusted providers of advanced communications service and trusted suppliers of communications equipment or services, and not the sharing of such information by such providers and suppliers to the Federal Government.
(b) Representation on CSRIC of interests of public and consumers
(1) In general
The Commission shall appoint to the Communications Security, Reliability, and Interoperability Council (or any successor thereof), and to each subcommittee, workgroup, or other subdivision of the Council (or any such successor), at least one member to represent the interests of the public and consumers.
(2) Initial appointments
The Commission shall make the initial appointments required by paragraph (1) not later than 180 days after March 12, 2020. Any member so appointed shall be in addition to the members of the Council, or the members of the subdivision of the Council to which the appointment is being made, as the case may be, as of March 12, 2020.
(c) Definitions
In this section:
(1) Assistant Secretary
The term "Assistant Secretary" means the Assistant Secretary of Commerce for Communications and Information.
(2) Foreign adversary
The term "foreign adversary" means any foreign government or foreign nongovernment person engaged in a long-term pattern or serious instances of conduct significantly adverse to the national security of the United States or security and safety of United States persons.
(3) Supply chain security risk
The term "supply chain security risk" includes specific risk and vulnerability information related to equipment and software.
(4) Trusted
The term "trusted" means, with respect to a provider of advanced communications service or a supplier of communications equipment or service, that the Assistant Secretary has determined that such provider or supplier is not owned by, controlled by, or subject to the influence of a foreign adversary.