[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[S. 2519 Reported in Senate (RS)]
Calendar No. 526
113th CONGRESS
2d Session
S. 2519
[Report No. 113-240]
To codify an existing operations center for cybersecurity.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 24, 2014
Mr. Carper (for himself and Mr. Coburn) introduced the following bill;
which was read twice and referred to the Committee on Homeland Security
and Governmental Affairs
July 31, 2014
Reported by Mr. Carper, with an amendment
[Insert the part printed in italic]
_______________________________________________________________________
A BILL
To codify an existing operations center for cybersecurity.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``National Cybersecurity and
Communications Integration Center Act of 2014''.
SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.
(a) In General.--Subtitle A of title II of the Homeland Security
Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the
following:
``SEC. 210G. OPERATIONS CENTER.
``(a) Functions.--There is in the Department an operations center,
which may carry out the responsibilities of the Under Secretary
appointed under section 103(a)(1)(H) with respect to security and
resilience, including by--
``(1) serving as a Federal civilian information sharing
interface for cybersecurity;
``(2) providing shared situational awareness to enable
real-time, integrated, and operational actions across the
Federal Government;
``(3) sharing cybersecurity threat, vulnerability, impact,
and incident information and analysis by and among Federal,
State, and local government entities and private sector
entities;
``(4) coordinating cybersecurity information sharing
throughout the Federal Government;
``(5) conducting analysis of cybersecurity risks and
incidents;
``(6) upon request, providing timely technical assistance
to Federal and non-Federal entities with respect to
cybersecurity threats and attribution, vulnerability
mitigation, and incident response and remediation; and
``(7) providing recommendations on security and resilience
measures to Federal and non-Federal entities.
``(b) Composition.--The operations center shall be composed of--
``(1) personnel or other representatives of Federal
agencies, including civilian and law enforcement agencies and
elements of the intelligence community, as such term is defined
under section 3(4) of the National Security Act of 1947 (50
U.S.C. 3003(4)); and
``(2) representatives from State and local governments and
other non-Federal entities, including--
``(A) representatives from information sharing and
analysis organizations; and
``(B) private sector owners and operators of
critical information systems.
``(c) Annual Report.--Not later than 1 year after the date of
enactment of the National Cybersecurity and Communications Integration
Center Act of 2014, and every year thereafter for 3 years, the
Secretary shall submit to the Committee on Homeland Security and
Governmental Affairs of the Senate and the Committee on Homeland
Security of the House of Representatives a report on the operations
center, which shall include--
``(1) an analysis of the performance of the operations
center in carrying out the functions under subsection (a);
``(2) information on the composition of the center,
including--
``(A) the number of representatives from non-
Federal entities that are participating in the
operations center, including the number of
representatives from States, nonprofit organizations,
and private sector entities, respectively; and
``(B) the number of requests from non-Federal
entities to participate in the operations center and
the response to such requests, including--
``(i) the average length of time to fulfill
such identified requests by the Federal agency
responsible for fulfilling such requests; and
``(ii) a description of any obstacles or
challenges to fulfilling such requests; and
``(3) the policies and procedures established by the
operations center to safeguard privacy and civil liberties.
``(d) GAO Report.--Not later than 1 year after the date of
enactment of the National Cybersecurity and Communications Integration
Center Act of 2014, the Comptroller General of the United States shall
submit to the Committee on Homeland Security and Governmental Affairs
of the Senate and the Committee on Homeland Security of the House of
Representatives a report on the effectiveness of the operations center.
``(e) No Right or Benefit.--The provision of assistance or
information to, and inclusion in the operations center of, governmental
or private entities under this section shall be at the discretion of
the Under Secretary appointed under section 103(a)(1)(H). The provision
of certain assistance or information to, or inclusion in the operations
center of, one governmental or private entity pursuant to this section
shall not create a right or benefit, substantive or procedural, to
similar assistance or information for any other governmental or private
entity.''.
(b) Technical and Conforming Amendment.--The table of contents in
section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note)
is amended by inserting after the item relating to section 210F the
following:
``Sec. 210G. Operations center.''.
SEC. 3. RULE OF CONSTRUCTION.
(a) Definition.--In this section, the term ``critical
infrastructure'' has the meaning given that term under section 2 of the
Homeland Security Act of 2002 (6 U.S.C. 101).
(b) Rule of Construction.--Nothing in this Act shall be construed
to grant the Secretary of Homeland Security any authority to promulgate
regulations or set standards relating to the cybersecurity of private
sector critical infrastructure that was not in effect on the day before
the date of enactment of this Act.
Calendar No. 526
113th CONGRESS
2d Session
S. 2519
[Report No. 113-240]
_______________________________________________________________________
A BILL
To codify an existing operations center for cybersecurity.
_______________________________________________________________________
July 31, 2014
Reported with an amendment