[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2520 Introduced in Senate (IS)]
<DOC>
117th CONGRESS
1st Session
S. 2520
To amend the Homeland Security Act of 2002 to provide for engagements
with State, local, Tribal, and territorial governments, and for other
purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
July 28, 2021
Mr. Peters introduced the following bill; which was read twice and
referred to the Committee on Homeland Security and Governmental Affairs
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to provide for engagements
with State, local, Tribal, and territorial governments, and for other
purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``State and Local Government
Cybersecurity Act of 2021''.
SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.
Subtitle A of title XXII of the Homeland Security Act of 2002 (6
U.S.C. 651 et seq.) is amended--
(1) in section 2201 (6 U.S.C. 651)--
(A) by redesignating paragraphs (4), (5), and (6)
as paragraphs (5), (6), and (7), respectively; and
(B) by inserting after paragraph (3) the following:
``(4) Entity.--The term `entity' shall include--
``(A) an association, corporation, whether for-
profit or nonprofit, partnership, proprietorship,
organization, institution, establishment, or
individual, whether domestic or foreign;
``(B) a governmental agency or other governmental
entity, whether domestic or foreign, including State,
local, Tribal, and territorial government entities; and
``(C) the general public.'';
(2) in section 2202 (6 U.S.C. 652)--
(A) in subsection (c)--
(i) in paragraph (11), by striking ``and''
at the end;
(ii) in the first paragraph (12), by
striking ``and'' at the end;
(iii) by redesignating the second and third
paragraphs (12) as paragraphs (13) and (15),
respectively;
(iv) in paragraph (13), as so redesignated,
by striking ``and'' at the end; and
(v) by inserting after paragraph (13), as
so redesignated, the following:
``(14) carry out the authority of the Secretary under
subsection (e)(1)(S); and''; and
(B) in subsection (e)(1), by adding at the end the
following:
``(S) To make grants to and enter into cooperative
agreements or contracts with States, local, Tribal, and
territorial governments, and other non-Federal entities
as the Secretary determines necessary to carry out the
responsibilities of the Secretary related to
cybersecurity and infrastructure security under this
Act and any other provision of law, including grants,
cooperative agreements, and contracts that provide
assistance and education related to cyber threat
indicators, defensive measures and cybersecurity
technologies, cybersecurity risks, incidents, analysis,
and warnings.''; and
(3) in section 2209 (6 U.S.C. 659)--
(A) in subsection (c)(6), by inserting
``operational and'' before ``timely'';
(B) in subsection (d)(1)(E), by inserting ``,
including an entity that collaborates with election
officials,'' after ``governments''; and
(C) by adding at the end the following:
``(p) Coordination on Cybersecurity for Federal and Non-Federal
Entities.--
``(1) Coordination.--The Center shall, to the extent
practicable, and in coordination as appropriate with Federal
and non-Federal entities, such as the Multi-State Information
Sharing and Analysis Center--
``(A) conduct exercises with Federal and non-
Federal entities;
``(B) provide operational and technical
cybersecurity training related to cyber threat
indicators, proactive and defensive measures,
cybersecurity risks and vulnerabilities, and incident
response and management to Federal and non-Federal
entities to address cybersecurity risks or incidents,
with or without reimbursement;
``(C) assist Federal and non-Federal entities, upon
request, in sharing actionable and real time cyber
threat indicators, defensive measures, cybersecurity
risks, and incidents from and to the Federal Government
as well as among Federal and non-Federal entities, in
order to increase situational awareness and help
prevent incidents;
``(D) provide notifications containing specific
incident and malware information that may affect them
or their customers and residents;
``(E) provide and periodically update via an easily
accessible platform and other means tools, products,
resources, policies, guidelines, controls, and other
cybersecurity standards and best practices and
procedures related to information security;
``(F) work with senior Federal and non-Federal
officials, including State, local, Tribal, and
territorial Chief Information Officers, senior election
officials, and through national associations, to
coordinate a nationwide effort to ensure effective
implementation of tools, products, resources, policies,
guidelines, controls, and procedures related to
information security to secure and ensure the
resiliency of Federal and non-Federal information
systems, including election systems;
``(G) provide, upon request, operational and
technical assistance to Federal and non-Federal
entities to implement tools, products, resources,
policies, guidelines, controls, and procedures on
information security, including by, as appropriate,
deploying and sustaining cybersecurity technologies,
such as an intrusion and threat detection capability,
to assist those Federal and non-Federal entities in
detecting cybersecurity risks and incidents;
``(H) assist Federal and non-Federal entities in
developing policies and procedures for coordinating
vulnerability disclosures, to the extent practicable,
consistent with international and national standards in
the information technology industry;
``(I) ensure that Federal and non-Federal entities,
as appropriate, are made aware of the tools, products,
resources, policies, guidelines, controls, and
procedures on information security developed by the
Department and other appropriate Federal departments
and agencies for ensuring the security and resiliency
of civilian information systems; and
``(J) promote cybersecurity education and awareness
through engagements with Federal and non-Federal
entities.
``(q) Report.--Not later than 1 year after the date of enactment of
this subsection, and every 2 years thereafter, the Secretary shall
submit to the Committee on Homeland Security and Governmental Affairs
of the Senate and the Committee on Homeland Security of the House of
Representatives a report on--
``(1) the status of cybersecurity measures that are in
place, and any gaps that exist, in each State and in the
largest urban areas of the United States;
``(2) the services and capabilities that the Agency
directly provides to governmental agencies or other
governmental entities; and
``(3) the services and capabilities that the Agency
indirectly provides to governmental agencies or other
governmental entities through an entity described in section
2201(4)(B).''.
<all>