H.R.940 - SCOUTS Act115th Congress (2017-2018) |
Text: H.R.940 — 115th Congress (2017-2018)All Information (Except Text)
There is one version of the bill.
Text available as:
Introduced in House (02/07/2017)
[Congressional Bills 115th Congress] [From the U.S. Government Publishing Office] [H.R. 940 Introduced in House (IH)] <DOC> 115th CONGRESS 1st Session H. R. 940 To secure communications of utilities from terrorist threats, and for other purposes. _______________________________________________________________________ IN THE HOUSE OF REPRESENTATIVES February 7, 2017 Ms. Jackson Lee introduced the following bill; which was referred to the Committee on Homeland Security _______________________________________________________________________ A BILL To secure communications of utilities from terrorist threats, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Securing Communications of Utilities from Terrorist Threats'' or the ``SCOUTS Act''. SEC. 2. POLICY. (a) Security and Resilience.--The Secretary of Homeland Security, in coordination with the sector-specific agencies, may work with critical infrastructure owners and operators and State, local, tribal, and territorial entities to seek voluntary participation of such agencies to determine how the Department of Homeland Security can best serve the sector-specific cybersecurity needs to manage risk and strengthen the security and resilience of the Nation's critical infrastructure against terrorist attacks that could have a debilitating impact on national security, economic stability, public health and safety, or any combination thereof. (b) Objectives.--In implementing subsection (a), the Secretary shall seek to reduce vulnerabilities, minimize consequences, identify and disrupt terrorism threats, and hasten response and recovery efforts related to impacted critical infrastructures. (c) Investigation of Best Means To Engage Owners and Operators.-- The Secretary, in coordination with the sector-specific agencies, may investigate the best means for engaging sector-specific agencies in participation in a voluntary cybersecurity information sharing, emergency support, and emerging threat awareness program. (d) Listening Opportunity.--The Secretary shall establish voluntary opportunities for sector-specific agencies and critical infrastructure owners and operators to inform the Department of Homeland Security of sector-specific challenges to cybersecurity, including regarding-- (1) what needs they may have or may not have regarding critical infrastructure protection; and (2) how the Department of Homeland Security is or is not helping to meet those needs that have been identified, through voluntary participation. (e) GAO Report.--The Comptroller General of the United States shall report to the Congress by not later than 6 months after the date of the enactment of this Act on the views, experiences, and preferences of critical infrastructure owners and operators regarding the benefits of engaging in voluntary cybersecurity incident reporting, intelligence gathering, and technical support resources provided by the Department of Homeland Security. (f) International Partners.--The Secretary shall, in consultation with appropriate Federal agencies, establish terrorism prevention policy to engage with international partners to strengthen the security and resilience of domestic critical infrastructure and critical infrastructure located outside of the United States, or in its territorial waters, on which the Nation depends. SEC. 3. STRATEGIC IMPERATIVES. (a) Research and Report on the Most Efficient Means for Information Exchange by Identifying Baseline Data and Systems Requirements for the Federal Government.--The Secretary shall facilitate the timely exchange of terrorism threat and vulnerability information as well as information that allows for the development of a situational awareness capability for Federal civilian agencies during terrorist incidents. The goal of such facilitation is to enable efficient information exchange through the identification of requirements for data and information formats and accessibility, system interoperability, and redundant systems and alternate capabilities should there be a disruption in the primary systems. (b) Implementation of an Integration and Analysis Function To Inform Planning and Operational Decisions Regarding the Protection of Critical Infrastructure From Terrorism Events.--The Secretary of Homeland Security shall implement an integration and analysis function for critical infrastructure that includes operational and strategic analysis on terrorism incidents, threats, and emerging risks. Such function shall include establishment by the Secretary of integration of data sharing capabilities with Fusion Centers that accomplish the following: (1) Determine the appropriate role that Fusion Centers may fill in reporting data related to cybersecurity threat or incident information regarding individuals or service providers with access to or ongoing business relationships with critical infrastructure. (2) Determine whether or how the National Protection and Programs Directorate and the National Cybersecurity and Communications Integration Center may work with Fusion Centers to report possible cybersecurity incidents. (3) Determine a means for Fusion Centers to report availability of critical infrastructure to support local, State, Federal, tribal, and territorial law enforcement and the provision of basic public services after disruption events such as electric power brownouts and blackouts, accidents that disrupt service, and vandalism to or near facilities. (4) Categorize and prioritize cybersecurity intake risk information based on relevance to critical infrastructure owners or operators in the area served by the Fusion Center. (5) Establish an emerging threat hotline and secure online sector-specific cybersecurity incident reporting portal by which information may be disseminated through Fusion Centers. (6) Develop, keep up to date, and make available a Federal agency directory of designated offices or individuals tasked with responding to, mitigating, or assisting in recovery from cybersecurity incidents involving critical infrastructure and make the directory available on a voluntary basis to critical infrastructure owners and operators. (7) Establish a voluntary incident access portal with the ability to allow users to determine the means, methods, and level of incident reporting that is sector-specific and relevant to the recipient as defined and controlled by the recipient. (8) Gather voluntary feedback from critical infrastructure owners and operators on the value, relevance, and timeliness of the information received, which shall include how they believe information and the means used to disseminate that information might be improved. (9) Report to Congress every 2 years on the voluntary participation of critical infrastructure owners and operators in the programs established under this title. (10) Implement a capability to collate, assess, and integrate vulnerability and consequence information with threat streams and hazard information to-- (A) evaluate the impact of cybersecurity and cyberphysical impacts of critical physical assets; (B) aid in prioritizing assets and managing risks to critical infrastructure in impacted areas; (C) determine, through the voluntary cooperation of critical infrastructure owners and operators, the staffing and professional need for cybersecurity critical infrastructure protection with Fusion Centers; (D) determine, through coordination with the sector-specific agencies, the agency staffing needed to support cybersecurity critical infrastructure protection and report the findings to Congress; (E) research and report findings regarding the feasibility of exploring terrorist incident correlations between critical infrastructure damage, destruction, and diminished capacity, and what occurs during certain natural disasters; (F) anticipate interdependencies and cascading impacts related to cyber telecommunications failures; (G) recommend security and resilience measures for critical infrastructure prior to, during, and after a terrorism event or incident; (H) evaluate interdependencies and cascading impacts related to electric grid failures; (I) support post-terrorism incident management and restoration efforts related to critical infrastructure; and (J) make recommendations on preventing the collapse or serious degrading of the telecommunication capability in an area impacted by a terrorism event. (11) Support the Department of Homeland Security's ability to maintain and share, as a common Federal service, a near real-time situational awareness capability for critical infrastructure that includes actionable information about imminent terrorist threats, significant trends, and awareness of incidents that may impact critical infrastructure. SEC. 4. DEFINITIONS. For purposes of this Act: (1) Critical infrastructure.--The term ``critical infrastructure'' means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. (2) Resilience.--The term ``resilience'' means the ability to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions. The term includes the ability to withstand and recover from deliberate attacks, accidents, or naturally occurring threats or incidents. (3) Sector-specific agency.--The term ``sector-specific agency'' means a Federal department or agency designated as a Sector-Specific Agency by Presidential Policy Directive 21, relating to Critical Infrastructure Security and Resilience. (4) Security.--The term ``security'' means reducing the risk to critical infrastructure by physical means or defense cyber measures to intrusions, attacks, or the effects of terrorist intrusions or attacks. <all>