[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5658 Referred in Senate (RFS)]
<DOC>
117th CONGRESS
2d Session
H. R. 5658
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
May 17, 2022
Received; read twice and referred to the Committee on Homeland Security
and Governmental Affairs
_______________________________________________________________________
AN ACT
To require the Secretary of Homeland Security to submit a report on the
cybersecurity roles and responsibilities of the Federal Government, and
for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``DHS Roles and Responsibilities in
Cyber Space Act''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) The Department of Homeland Security, through the
Cybersecurity and Infrastructure Security Agency, is the lead
Federal coordinator for securing critical infrastructure across
all 16 sectors, in coordination with designated Sector Risk
Management Agencies.
(2) Cyber incidents require technical resources and are
only sometimes sector specific.
(3) The Cybersecurity and Infrastructure Security Agency is
the central agency that can quickly analyze and coordinate
mitigations when a malicious cyber campaign spans multiple
sectors.
(4) Section 2209 of the Homeland Security Act of 2002
authorizes the Cybersecurity and Infrastructure Security Agency
as the Federal civilian interface for multi-directional and
cross-sector sharing of information related to cyber threat
indicators with and between the government and the private
sector.
(5) Section 2209 of the Homeland Security Act of 2002
authorizes the Cybersecurity and Infrastructure Security Agency
to facilitate cross-sector coordination to address
cybersecurity risks and incidents, including cybersecurity
risks and incidents that may be related or could have
consequential impacts across multiple sectors.
(6) Presidential Policy Directive-41 directs the Department
of Homeland Security, via the national cybersecurity and
communications integration center, to be the lead Federal
agency for asset response during a significant cyber incident.
(7) The functions of the national cybersecurity and
communications integration center are carried about by the
Cybersecurity and Infrastructure Security Agency's
Cybersecurity Division.
(8) Presidential Policy Directive-21 directs the Department
of Homeland Security to lead the coordination of critical
infrastructure protection among the Sector Risk Management
Agencies.
(9) Section 9002 of the William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
codified the duties of Sector Risk Management Agencies for
critical infrastructure sectors, laying out the roles and
responsibilities they have in coordinating with the
Cybersecurity and Infrastructure Security Agency to secure the
nation's critical infrastructure.
(10) Enhancing the security and resilience of our critical
infrastructure is a priority for Congress and for the Nation.
(11) The Department of Homeland Security maintains and
continues to build partnerships across all infrastructure
sectors to enhance control systems cybersecurity.
(12) Section 1731 of the William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
directed the Secretary of Homeland Security to submit a report
on the potential for better coordination of Federal
cybersecurity efforts at an integrated cybersecurity center
within the Cybersecurity and Infrastructure Security Agency.
SEC. 3. REPORT ON CYBERSECURITY ROLES AND RESPONSIBILITIES OF THE
DEPARTMENT OF HOMELAND SECURITY.
(a) In General.--Not later than one year after the date of the
enactment of this Act, the Secretary of Homeland Security, in
coordination with the Director of the Cybersecurity and Infrastructure
Security Agency of the Department of Homeland Security, shall submit to
the Committee on Homeland Security of the House of Representatives and
the Committee on Homeland Security and Governmental Affairs of the
Senate a report on the roles and responsibilities of the Department and
its components relating to cyber incident response.
(b) Contents.--The report required under subsection (a) shall
include the following:
(1) A review of how the cyber incident response plans under
section 2210(c) of the Homeland Security Act of 2002 (6 U.S.C.
660(c)) are utilized in the Federal Government's response to a
cyber incident.
(2) An explanation of the roles and responsibilities of the
Department of Homeland Security and its components with
responsibility for, or in support of, the Federal Government's
response to a cyber incident, including primary responsibility
for working with impacted private sector entities.
(3) An explanation of which and how authorities of the
Department and its components are utilized in the Federal
Government's response to a cyber incident.
(4) Recommendations to provide further clarity for roles
and responsibilities of the Department and its components
relating to cyber incident response.
Passed the House of Representatives May 16, 2022.
Attest:
CHERYL L. JOHNSON,
Clerk.