CONGRESSIONAL BUDGET OFFICE COST ESTIMATE October 6 2017 H R 3101 Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017 As ordered reported by the House Committee on Homeland Security on September 7 2017 SUMMARY H R 3101 would require the Department of Homeland Security DHS to expand efforts to enhance the cybersecurity of U S ports The bill also would clarify that the Coast Guard the agency within DHS primarily responsible for activities related to maritime security is authorized to pursue efforts related to cybersecurity Based on information from DHS CBO estimates that implementing H R 3101 would cost $38 million over the 2018-2022 period assuming appropriation of the necessary amounts Enacting the bill would not affect direct spending or revenues therefore pay-as-you-go procedures do not apply CBO estimates that enacting H R 3101 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2028 H R 3101 would impose intergovernmental and private-sector mandates as defined in the Unfunded Mandates Reform Act UMRA on owners and operators of port facilities and vessels Based on an analysis of information from the Coast Guard about current practices related to cybersecurity among maritime facilities and vessels CBO estimates that the cost of complying with the mandates for public and private entities would fall below the annual thresholds established in UMRA for intergovernmental and private-sector mandates $78 million and $156 million in 2017 respectively adjusted annually for inflation ESTIMATED COST TO THE FEDERAL GOVERNMENT The estimated budgetary effect of H R 3101 is shown in the following table The costs of this legislation fall primarily within budget functions 050 defense 400 transportation and 450 community and regional development By Fiscal Year in Millions of Dollars 2018 2019 2020 2021 2022 20182022 9 9 42 38 INCREASES IN SPENDING SUBJECT TO APPROPRIATION Estimated Authorization Level Estimated Outlays 8 5 8 8 8 8 9 8 BASIS OF ESTIMATE For this estimate CBO assumes the bill will be enacted near the end of 2017 and that the estimated amounts will be appropriated each year Estimated outlays are based on historical spending patterns for similar activities H R 3101 would direct DHS to pursue a variety of activities to enhance cybersecurity particularly by increasing the capacity for information sharing among maritime stakeholders in the federal state local and private sectors Under the bill DHS would need to develop a model for assessing maritime-related cybersecurity risks and require area maritime security advisory committees--stakeholder groups formed to address security-related issues at specific U S ports--to share information related to cybersecurity threats and develop plans to address port-specific vulnerabilities According to DHS many of the activities required under the bill are consistent with current administrative policy but implementing some efforts--particularly those aimed at increasing the capacity for information sharing among maritime stakeholders--would require additional spending Based on an analysis of information from DHS CBO estimates that fully funding such efforts would cost $38 million over the 2018-2022 period mostly for additional staff required to design and implement data-sharing systems and provide analytical support related to risk assessment PAY-AS-YOU-GO CONSIDERATIONS None INCREASE IN LONG TERM DIRECT SPENDING AND DEFICITS CBO estimates that enacting H R 3101 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2028 2 INTERGOVERNMENTAL AND PRIVATE-SECTOR IMPACT H R 3101 would impose intergovernmental and private-sector mandates as defined in UMRA on owners and operators of port facilities and vessels by requiring them to incorporate cybersecurity information into their vulnerability assessments The bill also would require facilities to address cybersecurity risks and develop a mitigation plan if they submit security plans for approval after DHS has developed a model for assessing maritime-related cybersecurity risk Based on an analysis of information from the Coast Guard about current practices among maritime facilities and vessels CBO estimates that the incremental cost of complying with the mandates for public and private entities would fall below the annual thresholds established in UMRA for intergovernmental and private-sector mandates $78 million and $156 million in 2017 respectively adjusted annually for inflation ESTIMATE PREPARED BY Federal Costs Megan Carroll Impact on State Local and Tribal Governments Jon Sperl Impact on the Private Sector Paige Piper Bach ESTIMATE APPROVED BY H Samuel Papenfuss Deputy Assistant Director for Budget Analysis 3                     National Security Archive    Suite 701  Gelman Library  The George Washington University    2130 H Street  NW  Washington  D C  20037    Phone  202 994‐7000  Fax  202 994‐7005  nsarchiv@gwu edu