There are 2 versions of this bill. View text

Click the check-box to add or remove the section, click the text link to scroll to that section.
Titles Actions Overview All Actions Cosponsors Committees Related Bills Subjects Latest Summary All Summaries

Titles (3)

Short Titles

Short Titles - House of Representatives

Short Titles as Reported to House

National Cybersecurity Protection Advancement Act of 2015

Short Titles as Introduced

National Cybersecurity Protection Advancement Act of 2015

Official Titles

Official Titles - House of Representatives

Official Title as Introduced

To amend the Homeland Security Act of 2002 to enhance multi-directional sharing of information related to cybersecurity risks and strengthen privacy and civil liberties protections, and for other purposes.


Actions Overview (3)

Date
04/23/2015Passed/agreed to in House: On passage Passed by recorded vote: 355 - 63 (Roll no. 173).
04/17/2015Reported (Amended) by the Committee on Homeland Security. H. Rept. 114-83.
04/13/2015Introduced in House

All Actions (60)

Date
04/23/2015-12:05pmPursuant to the provisions of H. Res. 212, H.R. 1731 is laid on the table.
Action By: House of Representatives
04/23/2015-12:05pmENGROSSMENT INSTRUCTION - Pursuant to the provisions of H. Res. 212, in the engrossment of H.R. 1560, the text of H.R. 1731 as passed by the House is appended to the end of H.R. 1560 as new matter.
Action By: House of Representatives
04/23/2015-12:04pmMotion to reconsider laid on the table Agreed to without objection.
Action By: House of Representatives
04/23/2015-12:04pmOn passage Passed by recorded vote: 355 - 63 (Roll no. 173).
Action By: House of Representatives
04/23/2015-11:54amOn motion to recommit with instructions Failed by recorded vote: 180 - 238 (Roll no. 172).
Action By: House of Representatives
04/23/2015-11:45amThe previous question on the motion to recommit with instructions was ordered without objection. (consideration: CR H2444)
Action By: House of Representatives
04/23/2015-11:36amDEBATE - The House proceeded with 10 minutes of debate on the Israel motion to recommit H.R. 1731 with instructions, pending reservation of a point of order. The instructions contained in the motion seek to require the bill to be reported back to the House with an amendment to require the Secretary of Homeland Security to prioritize the sharing of cyber threat indicators and defensive measures in the following areas: (1) the security of critical infrastructure, including the electrical grid, nuclear power plants, oil and gas pipelines, financial services, and transportation systems; (2) the protection of intellectual property of U.S. corporations, including small and medium sized businesses; and (3) the privacy and property rights of at-risk Americans, including medical records. Subsequently, the reservation of a point of order was withdrawn.
Action By: House of Representatives
04/23/2015-11:33amMr. Israel moved to recommit with instructions to the Committee on Homeland Security. (consideration: CR H2443-2445; text: CR H2443-2444)
Action By: House of Representatives
04/23/2015-11:32amThe House adopted the amendment in the nature of a substitute as agreed to by the Committee of the Whole House on the state of the Union. (text of amendment in the nature of a substitue: CR H2428-2433)
Action By: House of Representatives
04/23/2015-11:32amThe previous question was ordered pursuant to the rule. (consideration: CR H2443)
Action By: House of Representatives
04/23/2015-11:31amThe House rose from the Committee of the Whole House on the state of the Union to report H.R. 1731.
Action By: House of Representatives
04/23/2015-11:31amH.Amdt.106 On agreeing to the Jackson Lee amendment (A010) Agreed to by recorded vote: 405 - 8 (Roll no. 171).
Action By: House of Representatives
04/23/2015-10:58amH.Amdt.107 On agreeing to the Jackson Lee amendment (A011) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:56amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Jackson Lee part B amendment No. 11.
Action By: House of Representatives
04/23/2015-10:55amH.Amdt.107 Amendment (A011) offered by Ms. Jackson Lee. (consideration: CR H2442; text: CR H2442)
Action By: House of Representatives
04/23/2015-10:54amPOSTPONED PROCEEDINGS - At the conclusion of debate on the Jackson Lee part B amendment No. 10, the Chair put the question on adoption of the amendment and by voice vote, announced that the ayes had prevailed. Mr. McCaul demanded a recorded vote and the Chair postponed further proceedings on the question of adoption of the amendment until a time to be announced.
Action By: House of Representatives
04/23/2015-10:51amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Jackson Lee part B amendment No. 10.
Action By: House of Representatives
04/23/2015-10:51amH.Amdt.106 Amendment (A010) offered by Ms. Jackson Lee. (consideration: CR H2441-2442, H2442-2443; text: CR H2441)
Action By: House of Representatives
04/23/2015-10:50amH.Amdt.105 On agreeing to the Hahn amendment (A009) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:47amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Hahn part B amendment No. 9.
Action By: House of Representatives
04/23/2015-10:46amH.Amdt.105 Amendment (A009) offered by Ms. Hahn. (consideration: CR H2440-2441; text: CR H2440)
Action By: House of Representatives
04/23/2015-10:46amH.Amdt.104 On agreeing to the Mulvaney amendment (A008) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:38amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Mulvaney(SC) part B amendment No. 8.
Action By: House of Representatives
04/23/2015-10:38amH.Amdt.104 Amendment (A008) offered by Mr. Mulvaney. (consideration: CR H2439-2440; text: CR H2439)
Action By: House of Representatives
04/23/2015-10:38amH.Amdt.103 On agreeing to the Hurd (TX) amendment (A007) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:34amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Hurd part B amendment no. 7.
Action By: House of Representatives
04/23/2015-10:33amH.Amdt.103 Amendment (A007) offered by Mr. Hurd (TX). (consideration: CR H2438-2439; text: CR H2438-2439)
Action By: House of Representatives
04/23/2015-10:33amH.Amdt.102 On agreeing to the Castro (TX) amendment (A006) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:29amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Castro(TX) part B amendment no. 6.
Action By: House of Representatives
04/23/2015-10:28amH.Amdt.102 Amendment (A006) offered by Mr. Castro (TX). (consideration: CR H2437-2438; text: CR H2437-2438)
Action By: House of Representatives
04/23/2015-10:28amH.Amdt.101 On agreeing to the Castro (TX) amendment (A005) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:24amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Castro(TX) part B amendment no. 5.
Action By: House of Representatives
04/23/2015-10:23amH.Amdt.101 Amendment (A005) offered by Mr. Castro (TX). (consideration: CR H2437; text: CR H2437)
Action By: House of Representatives
04/23/2015-10:23amH.Amdt.100 On agreeing to the Jackson Lee amendment (A004) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:17amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Jackson Lee part B amendment no. 4.
Action By: House of Representatives
04/23/2015-10:16amH.Amdt.100 Amendment (A004) offered by Ms. Jackson Lee. (consideration: CR H2435-2437; text: CR H2436)
Action By: House of Representatives
04/23/2015-10:16amH.Amdt.99 On agreeing to the Langevin amendment Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:09amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Langevin part B amendment No. 3.
Action By: House of Representatives
04/23/2015-10:09amH.Amdt.99 Amendment (A003) offered by Mr. Langevin. (consideration: CR H2434-2435; text: CR H2435)
Action By: House of Representatives
04/23/2015-10:08amH.Amdt.98 On agreeing to the Ratcliffe amendment (A002) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:06amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the Ratcliffe part B amendment No. 2.
Action By: House of Representatives
04/23/2015-10:05amH.Amdt.98 Amendment (A002) offered by Mr. Ratcliffe. (consideration: CR H2434; text: CR H2434)
Action By: House of Representatives
04/23/2015-10:03amH.Amdt.97 On agreeing to the McCaul amendment (A001) Agreed to by voice vote.
Action By: House of Representatives
04/23/2015-10:00amDEBATE - Pursuant to the provisions of H. Res. 212, the Committee of the Whole proceeded with 10 minutes of debate on the McCaul part B amendment No. 1.
Action By: House of Representatives
04/23/2015-9:59amH.Amdt.97 Amendment (A001) offered by Mr. McCaul. (consideration: CR H2433-2434; text: CR H2433-2434)
Action By: House of Representatives
04/23/2015-9:16amSubsequently, the Committee resumed it's sitting.
Action By: House of Representatives
04/23/2015-9:15amThe Committee of the Whole rose informally to receive a message from the Senate.
Action By: House of Representatives
04/23/2015-9:15amGENERAL DEBATE - The Committee of the Whole proceeded with one hour of general debate on H.R. 1731.
Action By: House of Representatives
04/23/2015-9:15amThe Speaker designated the Honorable Rob Woodall to act as Chairman of the Committee.
Action By: House of Representatives
04/23/2015-9:15amHouse resolved itself into the Committee of the Whole House on the state of the Union pursuant to H. Res. 212 and Rule XVIII.
Action By: House of Representatives
04/23/2015-9:14amPrevious question shall be considered as ordered except motion to recommit with or without instructions. Debate for both bills shall not exceed one hour. After general debate, both bills shall be considered for amendment under the five-minute rule. All points of order against the bills and amendments are waived. Only amendments printed in the report from the committee on rules are in order.
Action By: House of Representatives
04/23/2015-9:14amConsidered under the provisions of rule H. Res. 212. (consideration: CR H2423-2426, H2426-2446)
Action By: House of Representatives
04/22/2015-1:57pmRule H. Res. 212 passed House.
Action By: House of Representatives
04/21/2015-7:24pmRules Committee Resolution H. Res. 212 Reported to House. Previous question shall be considered as ordered except motion to recommit with or without instructions. Debate for both bills shall not exceed one hour. After general debate, both bills shall be considered for amendment under the five-minute rule. All points of order against the bills and amendments are waived. Only amendments printed in the report from the committee on rules are in order.
Action By: House of Representatives
04/17/2015Placed on the Union Calendar, Calendar No. 61.
Action By: House of Representatives
04/17/2015Reported (Amended) by the Committee on Homeland Security. H. Rept. 114-83.
Action By: Committee on Homeland Security
04/14/2015Ordered to be Reported (Amended) by Voice Vote.
Action By: Committee on Homeland Security
04/14/2015Committee Consideration and Mark-up Session Held.
Action By: Committee on Homeland Security
04/13/2015Referred to the House Committee on Homeland Security.
Action By: House of Representatives
04/13/2015Introduced in House
Action By: House of Representatives

Cosponsors (1)

* = Original cosponsor
CosponsorDate Cosponsored
Rep. Ratcliffe, John [R-TX-4]* 04/13/2015

Committees (1)

Committees, subcommittees and links to reports associated with this bill are listed here, as well as the nature and date of committee activity and Congressional report number.

Committee / Subcommittee Date Activity Reports
House Homeland Security04/13/2015 Referred to
04/14/2015 Markup by
04/17/2015 Reported by H. Rept. 114-83

A related bill may be a companion measure, an identical bill, a procedurally-related measure, or one with text similarities. Bill relationships are identified by the House, the Senate, or CRS, and refer only to same-congress measures.


Latest Summary (3)

There are 3 summaries for H.R.1731. View summaries

Shown Here:
Passed House amended (04/23/2015)

National Cybersecurity Protection Advancement Act of 2015

(Sec. 2) Amends the Homeland Security Act of 2002 to allow the Department of Homeland Security's (DHS's) national cybersecurity and communications integration center (NCCIC) to include tribal governments, information sharing and analysis centers, and private entities among its non-federal representatives. Expands the composition of the NCCIC to include:

  • a collaborator with state and local governments on cybersecurity risks and incidents;
  • a U.S. Computer Emergency Readiness Team that coordinates and shares information in a timely manner and provides technical assistance, upon request, to information system owners and operators;
  • the Industrial Control System Cyber Emergency Response Team that coordinates with owners and operators of industrial control systems, provides requested training, and remains current on industry adoption of new technologies;
  • a National Coordinating Center for Communications that coordinates the protection, response, and recovery of emergency communications; and
  • a coordinator of small and medium-sized businesses.

(Sec. 3) Requires the NCCIC to be the lead federal civilian interface for multi-directional and cross-sector sharing of information related to cyber threat indicators, defensive measures, and cybersecurity risks for federal and non-federal entities. Expands the NCCIC's functions to include:

  • global cybersecurity with international partners;
  • information sharing across critical infrastructure sectors, with state and major urban area fusion centers and with small and medium-sized businesses;
  • notification to Congress regarding any significant violations of information retention or disclosure policies;
  • notification to non-federal entities of indicators or defensive measures shared in error or in contravention of specified requirements; and
  • participation in exercises run by DHS's National Exercise Program.

Excludes from the definition of "cybersecurity risk" violations of consumer terms of service or licensing agreements.

Requires the NCCIC to designate an agency contact for non-federal entities.

Directs the NCCIC to: (1) safeguard cybersecurity information against unauthorized disclosure, and (2) work with the Chief Privacy Officer to follow appropriate privacy procedures.

Requires the Under Secretary for Cybersecurity and Infrastructure Protection (the Under Secretary) to develop capabilities that make use of existing industry standards to advance implementation of automated mechanisms for the timely sharing of indicators and defensive measures to and from the NCCIC and with federal agencies designated as sector specific agencies for critical infrastructure sectors.

Directs the Under Secretary, every six months, to provide Congress with progress reports regarding the development of such capabilities.

Authorizes the NCCIC to enter voluntary information sharing relationships with consenting non-federal entities.

Directs the Under Secretary to develop procedures for coordinating vulnerability disclosures consistent with international standards.

Allows non-federal entities, for cybersecurity purposes, to share with other non-federal entities or the NCCIC any indicators or defensive measures obtained from: (1) their own information systems; or (2) the information systems of other federal or non-federal entities, with written consent. Authorizes non-federal entities (excluding state, local, or tribal governments) to conduct network awareness to scan, identify, acquire, monitor, log, or analyze information, or to operate defensive measures, on the information systems of entities that provide consent.

Requires entities, prior to sharing, to take reasonable efforts to: (1) exclude information that can be used to identify specific persons and that is unrelated to cybersecurity risks or incidents, and (2) safeguard information that can be used to identify specific persons from unintended disclosure or unauthorized access or acquisition.

Directs the Under Secretary to establish and annually review privacy and civil liberties policies governing the receipt, retention, use, and disclosure of cybersecurity information shared with the NCCIC. Provides for such policies to apply only to DHS. Allows the Under Secretary to consult with the National Institute of Standards and Technology on such policies.

Requires the Chief Privacy Officer to:

  • monitor implementation of such privacy and civil liberties policies;
  • update privacy impact assessments on a regular basis to ensure that all relevant privacy protections are followed;
  • work with the Under Secretary to carry out certain notifications to Congress and non-federal entities;
  • submit an annual report to Congress regarding the effectiveness of DHS's privacy and civil liberties policies; and
  • ensure appropriate sanctions for DHS officers, employees, or agents who intentionally or willfully conduct activities in an unauthorized manner.

Directs the DHS Inspector General to periodically report to Congress with a review of the use of cybersecurity risk information shared with the NCCIC.

Requires the Chief Privacy Officer and the Chief Civil Rights and Civil Liberties Officer to biennially submit a report to Congress that: (1) assesses the privacy and civil liberties impact of DHS's retention, use, and disclosure policies; and (2) recommends methods to minimize or mitigate the impact of sharing indicators and defensive measures.

Prohibits federal entities from using shared indicators or defensive measures to engage in surveillance or other collection activities for the purpose of tracking an individual's personally identifiable information, except for purposes authorized under this section. Bars the federal government from using such information for regulatory purposes.

Provides liability protections to non-federal entities (excluding state, local, or tribal governments) acting in accordance with this section that: (1) conduct network awareness, or (2) share indicators or defensive measures or that fail, in good faith, to act based on such sharing.

Prohibits such liability protections from being construed to apply to willful misconduct.

Establishes a private cause of action that a person may bring against the federal government if a federal agency intentionally or willfully violates restrictions on the use and protection of voluntarily shared indicators or defensive measures.

Exempts from antitrust laws non-federal entities that, for cybersecurity purposes, share: (1) cyber threat indicators or defensive measures; or (2) assistance relating to the prevention, investigation, or mitigation of cybersecurity risks or incidents. Makes such exemption inapplicable to price-fixing, allocating a market between competitors, monopolizing or attempting to monopolize a market, or exchanges of price or cost information, customer lists, or information regarding future competitive planning.

Prohibits this section from being construed to permit the federal government to require a non-federal entity to provide information to a federal entity.

Requires the Secretary of Homeland Security to: (1) develop procedures for the NCCIC Director to report directly to the Secretary regarding significant cybersecurity risks and incidents, and (2) promote a national awareness effort to educate the general public on the importance of securing information systems.

Directs DHS to report to Congress on the range of efforts underway to bolster cybersecurity collaboration with relevant international partners.

(Sec. 4) Expands the purpose of information sharing and analysis organizations to include responsibilities for disseminating information about cybersecurity risks and incidents.

(Sec. 5) Redesignates DHS's National Protection and Programs Directorate as the Cybersecurity and Infrastructure Protection. Requires the President to appoint: (1) the Under Secretary, with the advice and consent of the Senate; and (2) the Deputy Under Secretaries for Cybersecurity and for Infrastructure Protection, without the advice and consent of the Senate. Requires the Under Secretary to report to Congress regarding the feasibility of becoming an operational component.

(Sec. 6) Requires the Secretary to regularly update, maintain, and exercise the Cyber Incident Annex to DHS's National Response Framework.

(Sec. 7) Requires the NCCIC to facilitate improvements to the security and resiliency of public safety communications.

Directs the Under Secretary to implement a cybersecurity awareness campaign to disseminate: (1) public service announcements targeted at state, local, and tribal governments, the private sector, academia, and stakeholders in specific audiences, including the elderly, students, small businesses, members of the Armed Forces, and veterans; and (2) vendor and technology-neutral voluntary best practices.

Requires DHS to establish a National Cybersecurity Preparedness Consortium to:

  • train state and local first responders and officials to prepare for and respond to cyber attacks,
  • develop a curriculum utilizing the DHS-sponsored Community Cyber Security Maturity Model,
  • provide technical assistance,
  • conduct cybersecurity training and simulation exercises,
  • coordinate with the NCCIC to help states and communities develop information sharing programs, and
  • coordinate with the National Domestic Preparedness Consortium to incorporate cybersecurity emergency responses into existing state and local emergency management functions.

(Sec. 8) Directs the Under Secretary for Science and Technology to biennially provide to Congress an updated strategic plan to guide the overall direction of federal physical security and cybersecurity technology research and development efforts for protecting critical infrastructure. Requires the plan to:

  • identify critical infrastructure security risks and any associated security technology gaps;
  • prioritize technology needs based on gaps, risks, evolving threats, and technology advancements;
  • include research, development, and acquisition roadmaps with clearly defined objectives, goals, and measures;
  • identify laboratories, facilities, modeling, and simulation capabilities required to support new technologies; and
  • identify programmatic initiatives for the rapid advancement and deployment of security technologies for critical infrastructure protection, including public-private partnerships, intragovernment collaboration, university centers of excellence, and national laboratory technology transfers.

(Sec. 9) Requires DHS to report to Congress regarding the feasibility of DHS reducing cybersecurity risks in DHS data centers, including by increasing compartmentalization between systems and providing a mix of security controls between such compartments.

(Sec. 10) Directs the Government Accountability Office (GAO) to report on DHS's implementation of this Act, including any findings regarding increases in sharing at the NCCIC and throughout the United States.

(Sec. 11) Requires the Under Secretary to produce a report on the feasibility of creating a risk-informed prioritization plan should multiple critical infrastructures experience cyber incidents simultaneously.

(Sec. 12) Directs the DHS Inspector General to review operations of the U.S. Computer Emergency Readiness Team and the Industrial Control Systems Cyber Emergency Response Team to assess the capacity to provide technical assistance to non-federal entities and to adequately respond to potential increases in requests for technical assistance.

(Sec. 13) Prohibits this Act from being construed to grant DHS any authority to promulgate regulations or set standards relating to the cybersecurity of non-federal entities (excluding state, local, and tribal governments) that were not in effect on the day before the enactment of this Act.

(Sec. 14) Terminates reporting requirements under this Act seven years after enactment of this Act.

(Sec. 16) Requires DHS to deploy and operate (to make available for use by any federal agency, with or without reimbursement) capabilities to protect federal agency information and information systems, including technologies to continuously diagnose, detect, prevent, and mitigate against cybersecurity risks involving such systems. Authorizes the DHS Secretary to access, and allows federal agency heads to disclose to the Secretary, information traveling to or from or stored on a federal agency information system, regardless of from where the Secretary accesses such information, notwithstanding any law that would otherwise restrict or prevent federal agency heads from disclosing such information to the Secretary.

Allows a private entity to assist the Secretary in carrying out such activities.

Authorizes the Secretary to retain, use, and disclose information obtained through the conduct of activities authorized under this section only to protect federal agency information and information systems from cybersecurity risks, or, with DOJ approval and if disclosure of such information is not otherwise prohibited by law, to law enforcement only to investigate, prosecute, disrupt, or otherwise respond to:

  • criminal computer fraud;
  • an imminent threat of death or serious bodily harm;
  • a serious threat to a minor, including sexual exploitation or threats to physical safety; or
  • an attempt or conspiracy to commit any of such offenses.

Provides liability protections to private entities that provide assistance to the Secretary for such purposes.

(Sec. 17) Terminates the provisions of this Act seven years after its enactment.

(Sec. 18) Requires DHS to report to Congress with recommendations to mitigate cybersecurity vulnerabilities for the 10 U.S. ports that are at greatest risk of a cybersecurity incident.

(Sec. 19) Authorizes DHS to consult with sector specific agencies, businesses, and stakeholders to submit to Congress a report on how to align federally funded cybersecurity research and development activities with private sector efforts to protect privacy and civil liberties while assuring security and resilience of the nation's critical infrastructure.

(Sec. 20) Directs the GAO to assess the impact on privacy and civil liberties limited to the work of the NCCIC.