Text: H.R.5068 — 108th Congress (2003-2004)All Bill Information (Except Text)

There is one version of the bill.

Text available as:

Shown Here:
Introduced in House (09/13/2004)


108th CONGRESS
2d Session
H. R. 5068

To amend the Homeland Security Act of 2002 to enhance cybersecurity, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES
September 13, 2004

Mr. Thornberry (for himself and Ms. Lofgren) introduced the following bill; which was referred to the Select Committee on Homeland Security, and in addition to the Committee on Science, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned


A BILL

To amend the Homeland Security Act of 2002 to enhance cybersecurity, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Department of Homeland Security Cybersecurity Enhancement Act of 2004”.

SEC. 2. Assistant Secretary for Cybersecurity.

(a) In general.—Subtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following:

“SEC. 203. Assistant Secretary for Cybersecurity.

“(a) In general.—There shall be in the Directorate for Information Analysis and Infrastructure Protection a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity (in this section referred to as the ‘Assistant Secretary’), who shall assist the Secretary in promoting cybersecurity for the Nation.

“(b) General authority.—The Assistant Secretary, subject to the direction and control of the Secretary, shall have primary authority within the Department for all cybersecurity-related critical infrastructure protection programs of the Department, including with respect to policy formulation and program management.

“(c) Responsibilities.—The responsibilities of the Assistant Secretary shall include the following:

“(1) To establish and manage—

“(A) a national cybersecurity response system that includes the ability to—

“(i) analyze the effect of cybersecurity threat information on national critical infrastructure; and

“(ii) aid in the detection and warning of attacks on, and in the restoration of, cybersecurity infrastructure in the aftermath of such attacks;

“(B) a national cybersecurity threat and vulnerability reduction program that identifies cybersecurity vulnerabilities that would have a national effect on critical infrastructure, performs vulnerability assessments on information technologies, and coordinates the mitigation of such vulnerabilities;

“(C) a national cybersecurity awareness and training program that promotes cybersecurity awareness among the public and the private sectors and promotes cybersecurity training and education programs;

“(D) a government cybersecurity program to coordinate and consult with Federal, State, and local governments to enhance their cybersecurity programs; and

“(E) a national security and international cybersecurity cooperation program to help foster Federal efforts to enhance international cybersecurity awareness and cooperation.

“(2) To coordinate with the private sector on the program under paragraph (1) as appropriate, and to promote cybersecurity information sharing, vulnerability assessment, and threat warning regarding critical infrastructure.

“(3) To coordinate with other directorates and offices within the Department on the cybersecurity aspects of their missions.

“(4) To coordinate with the Under Secretary for Emergency Preparedness and Response to ensure that the National Response Plan developed pursuant to section 502(6) of the Homeland Security Act of 2002 (6 U.S.C. 312(6)) includes appropriate measures for the recovery of the cybersecurity elements of critical infrastructure.

“(5) To develop processes for information sharing with the private sector, consistent with section 214, that—

“(A) promote voluntary cybersecurity best practices, standards, and benchmarks that are responsive to rapid technology changes and to the security needs of critical infrastructure; and

“(B) consider roles of Federal, State, local, and foreign governments and the private sector, including the insurance industry and auditors.

“(6) To coordinate with the Chief Information Officer of the Department in establishing a secure information sharing architecture and information sharing processes, including with respect to the Department’s operation centers.

“(7) To consult with the Electronic Crimes Task Force of the United States Secret Service on private sector outreach and information activities.

“(8) To consult with the Office for Domestic Preparedness to ensure that realistic cybersecurity scenarios are incorporated into tabletop and recovery exercises.

“(9) To consult and coordinate, as appropriate, with other Federal agencies on cybersecurity-related programs, policies, and operations.

“(10) To consult and coordinate within the Department and, where appropriate, with other relevant Federal agencies, on security of digital control systems, such as Supervisory Control and Data Acquisition (SCADA) systems.

“(d) Authority over the National Communications System.—The Assistant Secretary shall have primary authority within the Department over the National Communications System.”.

(b) Clerical amendment.—The table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to subtitle A of title II the following:


“203. Assistant Secretary for Cybersecurity”.

SEC. 3. Cybersecurity defined.

Section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101) is amended by adding at the end the following:

“(17)(A) The term ‘cybersecurity’ means the prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation.

“(B) In this paragraph—

“(i) each of the terms ‘damage’ and ‘computer’ has the meaning that term has in section 1030 of title 18, United States Code; and

“(ii) each of the terms ‘electronic communications system’, ‘electronic communication service’, ‘wire communication’, and ‘electronic communication’ has the meaning that term has in section 2510 of title 18, United States Code.”.