Text: H.R.5733 — 115th Congress (2017-2018)All Information (Except Text)

Text available as:

Shown Here:
Referred in Senate (06/26/2018)


115th CONGRESS
2d Session
H. R. 5733


IN THE SENATE OF THE UNITED STATES

June 26, 2018

Received; read twice and referred to the Committee on Homeland Security and Governmental Affairs


AN ACT

To amend the Homeland Security Act of 2002 to provide for the responsibility of the National Cybersecurity and Communications Integration Center to maintain capabilities to identify threats to industrial control systems, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “DHS Industrial Control Systems Capabilities Enhancement Act of 2018”.

SEC. 2. Capabilities of National Cybersecurity and Communications Integration Center to identify threats to industrial control systems.

(a) In general.—Section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is amended—

(1) in subsection (e)(1)—

(A) in subparagraph (G), by striking “and” after the semicolon;

(B) in subparagraph (H), by inserting “and” after the semicolon; and

(C) by adding at the end the following new subparagraph:

“(I) activities of the Center address the security of both information technology and operational technology, including industrial control systems;”;

(2) by redesignating subsections (f) through (m) as subsections (g) through (n), respectively; and

(3) by inserting after subsection (d) the following new subsection:

“(f) Industrial control systems.—The Center shall maintain capabilities to identify and address threats and vulnerabilities to products and technologies intended for use in the automated control of critical infrastructure processes. In carrying out this subsection, the Center shall—

“(1) lead, in coordination with relevant sector specific agencies, Federal Government efforts to identify and mitigate cybersecurity threats to industrial control systems, including supervisory control and data acquisition systems;

“(2) maintain cross-sector incident response capabilities to respond to industrial control system cybersecurity incidents;

“(3) provide cybersecurity technical assistance to industry end-users, product manufacturers, and other industrial control system stakeholders to identify and mitigate vulnerabilities;

“(4) collect, coordinate, and provide vulnerability information to the industrial control systems community by, as appropriate, working closely with security researchers, industry end-users, product manufacturers, and other industrial control systems stakeholders; and

“(5) conduct such other efforts and assistance as the Secretary determines appropriate.”.

(b) Report to Congress.—Not later than 180 days after the date of the enactment of this Act, and every 6 months thereafter during the subsequent 4-year period, the National Cybersecurity and Communications Integration Center shall provide to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a briefing on the industrial control systems capabilities of the Center under subsection (f) of section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148), as added by subsection (a).

Passed the House of Representatives June 25, 2018.

    Attest: karen l. haas,   
    Clerk.