H.R. 5433 would require the Department of State to develop and implement two programs to improve the department’s cybersecurity. Under the first, the department would establish a process to allow hackers to probe the department’s information technology systems to discover and report security vulnerabilities, which would then be fixed by the department. Secondly, the bill would require a one-year pilot program to reward hackers who discover vulnerabilities in systems that can be accessed through the Internet. Finally, the department would be required to report to the Congress on how it would implement the bill and related matters.
On the basis of information about similar programs at the Department of Defense, CBO estimates that implementing the bill would bolster the department’s existing cybersecurity programs and that additional costs under the bill would be less than $500,000 over the 2018-2023 period, subject to the availability of appropriated funds.
Enacting H.R. 5433 would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply.
CBO estimates that enacting H.R. 5433 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2029.
H.R. 5433 contains no intergovernmental or private-sector mandates as defined in the Unfunded Mandates Reform Act.