§383. National Computer Forensics Institute
(a) In general; mission
There is authorized for fiscal years 2023 through 2028 within the United States Secret Service a National Computer Forensics Institute (in this section referred to as the "Institute"). The Institute's mission shall be to educate, train, and equip State, local, territorial, and Tribal law enforcement officers, prosecutors, and judges, as well as participants in the United States Secret Service's network of cyber fraud task forces who are Federal employees, members of the uniformed services, or State, local, Tribal, or territorial employees, regarding the investigation and prevention of cybersecurity incidents, electronic crimes, and related cybersecurity threats, including through the dissemination of homeland security information, in accordance with relevant Federal law regarding privacy, civil rights, and civil liberties protections.
(b) Curriculum
In furtherance of subsection (a), all education and training of the Institute shall be conducted in accordance with relevant Federal law regarding privacy, civil rights, and civil liberties protections. Education and training provided pursuant to subsection (a) shall relate to the following:
(1) Investigating and preventing cybersecurity incidents, electronic crimes, and related cybersecurity threats, including relating to instances involving illicit use of digital assets and emerging trends in cybersecurity and electronic crime.
(2) Conducting forensic examinations of computers, mobile devices, and other information systems.
(3) Prosecutorial and judicial considerations related to cybersecurity incidents, electronic crimes, related cybersecurity threats, and forensic examinations of computers, mobile devices, and other information systems.
(4) Methods to obtain, process, store, and admit digital evidence in court.
(c) Principles
In carrying out the functions specified in subsection (b), the Institute shall ensure, to the extent practicable, that timely, actionable, and relevant expertise and information related to cybersecurity incidents, electronic crimes, and related cybersecurity threats is shared with recipients of education and training provided pursuant to subsection (a). When selecting participants for such training, the Institute shall prioritize, to the extent reasonable and practicable, providing education and training to individuals from geographically-diverse jurisdictions throughout the United States, and the Institute shall prioritize, to the extent reasonable and practicable, State, local, tribal, and territorial law enforcement officers, prosecutors, judges, and other employees.
(d) Equipment
The Institute may provide recipients of education and training provided pursuant to subsection (a) with computer equipment, hardware, software, manuals, and tools for investigating and preventing cybersecurity incidents, electronic crimes, and related cybersecurity threats, and for forensic examinations of computers, mobile devices, and other information systems.
(e) Cyber Fraud Task Forces
The Institute shall facilitate the expansion of the network of Cyber Fraud Task Forces of the United States Secret Service through the addition of recipients of education and training provided pursuant to subsection (a) educated and trained by the Institute.
(f) Savings provision
All authorized activities and functions carried out by the Institute at any location as of the day before November 2, 2017, are authorized to continue to be carried out at any such location on and after such date.
(g) Expenses
The Director of the United States Secret Service may pay for all or a part of the education, training, or equipment provided by the Institute, including relating to the travel, transportation, and subsistence expenses of recipients of education and training provided pursuant to subsection (a).
(h) Annual reports to Congress
(1) In general
The Secretary shall include in the annual report required under section 1116 of title 31 information regarding the activities of the Institute, including, where possible, the following:
(A) An identification of jurisdictions with recipients of the education and training provided pursuant to subsection (a) during such year.
(B) Information relating to the costs associated with that education and training.
(C) Any information regarding projected future demand for the education and training provided pursuant to subsection (a).
(D) Impacts of the activities of the Institute on the capability of jurisdictions to investigate and prevent cybersecurity incidents, electronic crimes, and related cybersecurity threats.
(E) A description of the nomination process for potential recipients of the information and training provided pursuant to subsection (a).
(F) Any other issues determined relevant by the Secretary.
(2) Exception
Any information required under paragraph (1) that is submitted as part of the annual budget submitted by the President to Congress under section 1105 of title 31 is not required to be included in the report required under paragraph (1).
(i) Definitions
In this section:
(1) Cybersecurity threat
The term "cybersecurity threat" has the meaning given such term in section 1501 of this title.
(2) Incident
The term "incident" has the meaning given such term in section 659(a) 1 of this title.
(3) Information system
The term "information system" has the meaning given such term in section 1501(9) of this title.
(
Editorial Notes
References in Text
Section 659(a) of this title, referred to in subsec. (i)(2), was amended by
Amendments
2022-Subsec. (a).
Subsec. (b).
Subsec. (c).
Subsec. (d).
Subsec. (e).
Subsecs. (g) to (i).