Summary

Creates a short-lived, classified interagency task force led by CISA (vice-chaired by the FBI) to coordinate federal detection, analysis, and response to state-sponsored cyber actors linked to the People’s Republic of China, including the group known as Volt Typhoon. The task force must be set up within 120 days, deliver a classified initial report within 540 days, then provide annual classified reports for five years (each followed by briefings to Congress), and may publish an unclassified executive summary; the task force sunsets shortly after its final briefing and is exempt from the Federal Advisory Committee Act and Paperwork Reduction Act.

• Mandates creation of a CISA-chaired, FBI-vice-chaired interagency task force focused on PRC state-sponsored cyber actors, including Volt Typhoon.
• Task force must be established within 120 days of enactment and staffed with subject-matter experts from federal agencies and Sector Risk Management Agencies.
• Requires a classified initial report within 540 days of establishment and annual classified reports for five years, each followed by a congressional briefing within 30 days.
• Reports must include sector-specific risk assessments, resource/authority needs, multiple classified threat impact assessments, recommendations, and a one-time awareness campaign plan.
• Task force operations and access to information are governed by existing security clearance and information-handling rules; only cleared members can access classified materials.
• The task force sunsets 60 days after the final required briefing and is exempt from the Federal Advisory Committee Act and the Paperwork Reduction Act.
• The legislation defines relevant terms, including critical infrastructure, Sector Risk Management Agency, and Volt Typhoon (as defined by a CISA advisory).
• Does not appropriate funds or create new statutory law for private entities; it sets coordination and reporting requirements for federal action on PRC-linked cyber threats.