Bill summaries are authored by CRS.

Shown Here:
Public Law No: 113-282 (12/18/2014)

(This measure has not been amended since it was passed by the Senate on December 10, 2014. The summary of that version is repeated here.)

National Cybersecurity Protection Act of 2014 - (Sec. 3) Amends the Homeland Security Act of 2002 to establish a national cybersecurity and communications integration center in the Department of Homeland Security (DHS) to carry out the responsibilities of the DHS Under Secretary responsible for overseeing critical infrastructure protection, cybersecurity, and related DHS programs.

Requires the center to be the federal civilian interface for sharing cybersecurity risks, incidents, analysis, and warnings for federal and non-federal entities. Directs the center to: (1) enable real-time, integrated, and operational actions across federal and non-federal entities; (2) facilitate cross-sector coordination to address risks and incidents that may be related or could have consequential impacts across multiple sectors; (3) conduct and share analysis; and (4) provide technical assistance, risk management, and security measure recommendations.

Directs the center to ensure: (1) continuous, collaborative, and inclusive coordination across sectors and with sector coordinating councils, information sharing and analysis organizations, and other appropriate non-federal partners; (2) development and use of technology-neutral, real-time mechanisms for sharing information about risks and incidents; and (3) safeguards against unauthorized access.

Provides the Under Secretary with unreviewable discretion as to whether governmental or private entities are included in the center or are provided assistance or information.

(Sec. 4) Requires the DHS Secretary to submit to Congress recommendations regarding how to expedite implementation of information-sharing agreements for cybersecurity purposes between the center and non-federal entities.

(Sec. 5) Directs the Secretary to report annually to Congress concerning: (1) the number of non-federal participants, the length of time taken to resolve requests to participate in the center, and the reasons for any denials of such requests; (2) DHS's information sharing with each critical infrastructure sector; and (3) privacy and civil liberties safeguards.

(Sec. 6) Requires a Comptroller General (GAO) report on the effectiveness of the center.

(Sec. 7) Directs the Under Secretary to develop, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks to critical infrastructure.

Requires the Secretary to make the application process for security clearances relating to a classified national security information program available to sector coordinating councils, sector information sharing and analysis organizations, and owners and operators of critical infrastructure.

Directs the Office of Management and Budget (OMB) to ensure that data breach notification policies require affected agencies, after discovering an unauthorized acquisition or access, to notify: (1) Congress within 30 days, and (2) affected individuals as expeditiously as practicable. Allows the Attorney General (DOJ), heads of elements of the intelligence community, or the Secretary to delay notice to affected individuals for purposes of law enforcement investigations, national security, or security remediation actions.

Requires OMB to assess agency implementation of data breach notification policies.

(Sec. 8) Prohibits this Act from being construed to: (1) grant the Secretary any authority to promulgate regulations or set standards relating to the cybersecurity of private sector critical infrastructure that was not in effect on the day before the enactment of this Act, or (2) require any private entity to request the Secretary's assistance or to implement any recommendation suggested by the Secretary in response to such a request.