§ 2659. Report on security vulnerabilities of national laboratory computers
(a)
Report required
Not later than March 1 of each year, the National Counterintelligence Policy Board shall prepare a report on the security vulnerabilities of the computers of the national laboratories.
(b)
Preparation of report
In preparing the report, the National Counterintelligence Policy Board shall establish a so-called “red team” of individuals to perform an operational evaluation of the security vulnerabilities of the computers of one or more national laboratories, including by direct experimentation. Such individuals shall be selected by the National Counterintelligence Policy Board from among employees of the Department of Defense, the National Security Agency, the Central Intelligence Agency, the Federal Bureau of Investigation, and of other agencies, and may be detailed to the National Counterintelligence Policy Board from such agencies without reimbursement and without interruption or loss of civil service status or privilege.
(c)
Submission of report to Secretary of Energy and to FBI Director
Not later than March 1 of each year, the report shall be submitted in classified and unclassified form to the Secretary of Energy and the Director of the Federal Bureau of Investigation.
(d)
Forwarding to congressional committees
Not later than 30 days after the report is submitted, the Secretary and the Director shall each separately forward that report, with the recommendations in classified and unclassified form of the Secretary or the Director, as applicable, in response to the findings of that report, to the following:
(e)
First report
The first report under this section shall be the report for the year 2000. That report shall cover each of the national laboratories.