Bill summaries are authored by CRS.

Shown Here:
Passed House amended (12/16/2015)

Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2015

(Sec. 2) This bill requires the Department of Homeland Security (DHS) to implement, and evaluate at least every two years, a maritime cybersecurity risk assessment model to evaluate current and future cybersecurity risks. The model must be consistent with the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity and any updates pursuant to the Cybersecurity Enhancement Act of 2014.

DHS must also: (1) seek to ensure participation of at least one information sharing and analysis organization representing the maritime community in the National Cybersecurity and Communications Integration Center (NCCIC); (2) establish guidelines for voluntary reporting of maritime-related cybersecurity risks and incidents to the NCCIC and other appropriate federal agencies; and (3) request the National Maritime Security Advisory Committee to report and make recommendations to DHS regarding the enhancement of cybersecurity information sharing between relevant federal agencies and state, local, and tribal governments, public safety and emergency response agencies, law enforcement and security organizations, the maritime industry, port owners and operators, and terminal owners and operators.

(Sec. 3) The Coast Guard must: (1) direct Area Maritime Security Advisory Committees to facilitate the sharing of cybersecurity risks and incidents to address port-specific cybersecurity risks, including, possibly, by establishing a working group of members of such committees to address port-specific cybersecurity vulnerabilities; and (2) require area maritime security plans and facility security plans to include a mitigation plan to prevent, manage, and respond to cybersecurity risks.

(Sec. 4) DHS's vulnerability assessments of facilities and vessels that may be involved in a transportation security incident must identify weaknesses in cybersecurity. Owners or operators of such vessels or facilities must include provisions regarding prevention, management, and response to cybersecurity risks in their security plans for deterring such incidents.