GovTrack’s Bill Summary
We don’t have a summary available yet.
S. 3480 (111th): Protecting Cyberspace as a National Asset Act of 2010
- Introduced:
- Jun 10, 2010 (111th Congress, 2009–2010)
- Sponsor:
- Sen. Joseph Lieberman [I-CT]
- Status:
- Died (Reported by Committee)
The bill’s title was written by the bill’s sponsor. S. stands for Senate bill.
Library of Congress Summary
The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.
12/15/2010.
Title
I
-
Office of Cyberspace Policy
Section
101
-
Establishes in the Executive Office of the President an Office of Cyberspace Policy, which shall:
(1) develop a national strategy to increase the security and resiliency of cyberspace;
(2) oversee, coordinate, and integrate federal policies and activities relating to cyberspace security and resiliency;
(3) ensure that all federal agencies comply with appropriate guidelines, policies, and directives from the Department of Homeland Security (DHS), other federal agencies with responsibilities relating to cyberspace security or resiliency, and the National Center for Cybersecurity and Communications (established by this Act); and
(4) ensure that federal agencies have access to, receive, and appropriately disseminate law enforcement, intelligence, terrorism, and any other information relevant to the security of specified federal, military, and intelligence information infrastructure.
Section
102
-
Requires the President to appoint a Director of Cyberspace Policy.
Section
105
-
Provides for access by the Director to specified cybersecurity-related information.
Section
107
-
Requires the Director to submit an annual report describing the activities, ongoing projects, and plans of the federal government designed to meet national strategy goals and objectives.
Title
II
-
National Center for Cybersecurity and Communications
Section
201
-
Amends the Homeland Security Act of 2002 (HSA) to establish within DHS a National Center for Cybersecurity and Communications (NCCC), which shall be headed by a Director, who shall:
(1) work cooperatively with the private sector and lead the federal effort to secure, protect, and ensure the resiliency of the federal and national information infrastructure; and
(2) work with the Assistant Secretary for Infrastructure Protection to coordinate the information, communications, and physical infrastructure protection responsibilities and activities of NCCC and the Office of Infrastructure Protection. Transfers to NCCC the National Cyber Security Division, the Office of Emergency Communications, and the National Communications System. Establishes within NCCC the United States Computer Emergency Readiness Team, which shall:
(1) collect, coordinate, and disseminate information on risks to specified federal information infrastructure and security controls; and
(2) establish a mechanism for engagement with the private sector.
Requires the NCCC Director to:
(1) establish a program for sharing information with and between NCCC and other federal agencies;
(2) develop guidelines to protect the privacy and civil liberties of U.S. persons and intelligence sources and methods;
(3) establish a program to promote and provide technical assistance relating to the implementation of best practices and related standards and guidelines for securing the national information infrastructure; and
(4) identify and evaluate the cyber risks to covered critical infrastructure on a continuous and sector-by-sector basis and issue regulations establishing risk-based security performance requirements to secure covered critical infrastructure against cyber risks.
Authorizes the President to issue a declaration of a national cyber emergency to covered critical infrastructure if there is an ongoing or imminent action by any individual or entity to exploit a cyber risk in a manner that attempts to disrupt the operation of the information infrastructure essential to the reliable operation of covered critical infrastructure.
Requires the President to notify the owners and operators of the infrastructure of the nature of the emergency, consistent with the protection of intelligence sources and methods.
Requires the NCCC Director to take specified steps, including immediately directing the owners and operators to implement required response plans and to ensure that emergency actions represent the least disruptive means feasible to operations.
Prohibits any other federal entity, pursuant to such authority, from:
(1) restricting or prohibiting communications over, and not specifically directed to or from, covered critical infrastructure unless the Director determines that no other emergency action will preserve the reliable operation of such infrastructure or the national information infrastructure;
(2) controlling covered critical infrastructure;
(3) compelling the disclosure of information unless specifically authorized by law; or
(4) intercepting a wire, oral, or electronic communication, accessing a stored electronic or wire communication, installing or using a pen register or trap and trace device, or conducting electronic surveillance relating to an incident unless otherwise authorized by specified statutes.
Requires the President to ensure that any declaration or extension is reported to the appropriate congressional committees before the Director mandates any emergency measure or actions.
Terminates such an emergency measure or action 30 days after the President's declaration and authorizes extensions for not more than 3 additional 30-day periods under certain conditions if approved by a joint resolution by Congress. Requires each owner or operator of covered critical infrastructure to certify to the NCCC Director whether the owner or operator has developed and implemented approved security measures and any applicable emergency measures or actions required for any cyber risks and national cyber emergencies.
Sets forth civil penalties for violations.
Requires the DHS Secretary and the private sector to develop, periodically update, and implement a supply chain risk management strategy designed to ensure the security of the federal information infrastructure.
Title
III
-
Federal Information Security Management
Section
301
-
Sets forth provisions regarding the information security authority and functions of the NCCC Director and executive agency responsibilities.
Requires the Director to annually oversee, coordinate, and develop guidance for the effective implementation of operational evaluations of the federal information infrastructure and agency information security programs and practices to determine their effectiveness.
Authorizes the Director to order the isolation of any component of the federal information infrastructure if:
(1) an agency does not implement measures in an approved risk-based plan; and
(2) the failure to comply presents a significant danger to the federal information infrastructure.
Establishes in the executive branch a Federal Information Security Taskforce, which shall be the principal interagency forum for collaboration regarding best practices and recommendations for agency information security and the security of the federal information infrastructure.
Requires each agency with an Inspector General appointed under the Inspector General Act of 1978 to assess the adequacy and effectiveness of the information security program and evaluations.
Requires the assessments to be performed in accordance with standards developed by the Government Accountability Office, in collaboration with the Council of Inspectors General on Integrity and Efficiency, with assistance from the Taskforce. Provides for the delegation of the Director's authorities to the Secretary of Defense and the Director of the Central Intelligence Agency (CIA) under specified circumstances where unauthorized access, use, disclosure, disruption, modification, or destruction of information would have a debilitating impact on the missions of the Department of Defense (DOD) and the CIA.
Title
IV
-
Recruitment and Professional Development
Section
402
-
Requires the Director of the Office of Personnel Management (OPM) and the NCCC Director to assess the readiness and capacity of the federal workforce to meet the needs of the cybersecurity mission of the federal government.
Requires the OPM Director to develop a comprehensive workforce strategy that enhances the readiness, capacity, training, and recruitment and retention of federal cybersecurity personnel.
Requires the head of each federal agency to:
(1) develop a strategic cybersecurity workforce plan as part of its performance plan; and
(2) measure and collect information on indicators of the effectiveness of the recruitment and hiring of a workforce needed to fulfill the agency's cybersecurity mission.
Section
404
-
Requires the OPM Director, in coordination with:
(1) the NCCC Director, to develop and issue comprehensive occupation classifications for federal employees engaged in cybersecurity missions; and
(2) the NCCC Director, the Director of National Intelligence, the Secretary of Defense, and the Chief Information Officers Council (CIOC), to establish a cybersecurity awareness and education curriculum that shall be required for all federal employees and contractors engaged in the design, development, or operation of agency information infrastructure.
Title
V
-
Other Provisions
Section
501
-
Amends HSA to direct the Under Secretary for Science and Technology, in coordination with the NCCC Director, to carry out a research and development program for the purpose of improving the security of information infrastructure. Directs the DHS Secretary to establish a National Cybersecurity Advisory Council to advise the NCCC Director.
Section
502
-
Amends HSA to direct the Secretary:
(1) in establishing and maintaining a prioritized critical information infrastructure list, to consider cyber risks and consequences by sector;
(2) to establish and maintain a list of systems or assets that constitute covered critical infrastructure.
Sets forth provisions regarding identification of covered critical infrastructure, compliance with requirements regarding such designation, and development of a process under which an owner or operator of a system or asset that may constitute covered critical infrastructure may request that it be identified as such.
Section
503
-
Sets forth provisions regarding the use of acquisition authorities by NCCC and a semiannual reporting requirement.
Section
504
-
Requires the Administrator for Electronic Government and Information Technology, in coordination with CIOC, the Taskforce, and the Council on Inspectors General on Integrity and Efficiency, to evaluate and report on agency adoption and implementation of appropriate information security related policies, memoranda, and directives issued by the Office of Management and Budget (OMB).
House Republican Conference Summary
The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.
No summary available.
House Democratic Caucus Summary
The House Democratic Caucus does not provide summaries of bills.
So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.
We’ll be looking for a source of summaries from the other side in the meanwhile.
The bill contains the following citations to other parts of U.S. law:
Slip Laws
Slip laws refer to enacted bills and joint resolutions in their original form as enacted by Congress, that is, before other laws amend them. Slip laws are cited as “Public Law XXX-YYY”, where XXX is the number of the Congress in which the bill or resolution was introduced.
- Public Law 101-576:
H.R. 5687 (101st): Chief Financial Officers Act of 1990
United States Code
The United States Code is the compilation of permanent laws enacted by Congress. Temporary and other non-permanent laws do not appear in the United States Code. (About half of the United States Code is the law itself, called positive law. The other half is merely a compilation of the laws but has no legal significance.)
- Title 3: THE PRESIDENT
- Chapter 2: OFFICE AND COMPENSATION OF PRESIDENT
- Section 104: Salary of the Vice President
- Title 5: GOVERNMENT ORGANIZATION AND EMPLOYEES
- Part III: EMPLOYEES
- Subpart B: Employment and Retention
- Chapter 33: EXAMINATION, SELECTION, AND PLACEMENT
- Subchapter I: EXAMINATION, CERTIFICATION, AND APPOINTMENT
- Section 3303: Competitive service; recommendations of Senators or Representatives
- Section 3328: Selective Service registration
- Subpart D: Pay and Allowances
- Chapter 51: CLASSIFICATION
- Section 5108: Classification of positions above GS-15
- Chapter 53: PAY RATES AND SYSTEMS
- Subchapter II: EXECUTIVE SCHEDULE PAY RATES
- Section 5312: Positions at level I
- Section 5313: Positions at level II
- Subchapter VII: MISCELLANEOUS PROVISIONS
- Section 5376: Pay for certain senior-level positions
- Chapter 57: TRAVEL, TRANSPORTATION, AND SUBSISTENCE
- Subchapter IV: MISCELLANEOUS PROVISIONS
- Section 5754: Retention bonuses
- Subpart F: Labor-Management and Employee Relations
- Chapter 73: SUITABILITY, SECURITY, AND CONDUCT
- Subchapter III: POLITICAL ACTIVITIES
- Section 7323: Political activity authorized; prohibitions
- Title 6: DOMESTIC SECURITY
- Chapter 1: HOMELAND SECURITY ORGANIZATION
- Section 101: Definitions
- Subchapter I: DEPARTMENT OF HOMELAND SECURITY
- Section 113: Other officers
- Subchapter II: INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION
- Part A: Information and Analysis and Infrastructure Protection; Access to Information
- Section 121: Information and Analysis and Infrastructure Protection
- Section 124l: National asset database
- Part C: Information Security
- Section 143: Enhancement of non-Federal cybersecurity
- Section 144: NET Guard
- Section 145: Cyber Security Enhancement Act of 2002
- Part D: Office of Science and Technology
- Section 161: Establishment of Office; Director
- Subchapter V: NATIONAL EMERGENCY MANAGEMENT
- Section 321c: Department and Agency officials
- Subchapter VIII: COORDINATION WITH NON-FEDERAL ENTITIES; INSPECTOR GENERAL; UNITED STATES SECRET SERVICE; COAST GUARD; GENERAL PROVISIONS
- Part I: Information Sharing
- Section 485: Information sharing
- Subchapter X: CONSTRUCTION
- Section 511: Information security responsibilities of certain agencies
- Subchapter XIII: EMERGENCY COMMUNICATIONS
- Section 571: Office of Emergency Communications
- Section 572: National Emergency Communications Plan
- Title 10: ARMED FORCES
- Subtitle A: General Military Law
- Part IV: SERVICE, SUPPLY, AND PROCUREMENT
- Chapter 131: PLANNING AND COORDINATION
- Section 2222: Defense business systems: architecture, accountability, and modernization
- Section 2223: Information technology: additional responsibilities of Chief Information Officers
- Chapter 137: PROCUREMENT GENERALLY
- Section 2304: Contracts: competition requirements
- Section 2315: Law inapplicable to the procurement of automatic data processing equipment and services for certain defense purposes
- Chapter 140: PROCUREMENT OF COMMERCIAL ITEMS
- Section 2377: Preference for acquisition of commercial items
- Title 15: COMMERCE AND TRADE
- Chapter 7: NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
- Section 278g: International activities
- Section 278g-3: Computer standards program
- Section 278g-4: Information Security and Privacy Advisory Board
- Chapter 14A: AID TO SMALL BUSINESS
- Section 632: Definitions
- Chapter 100: CYBER SECURITY RESEARCH AND DEVELOPMENT
- Section 7406: National Institute of Standards and Technology programs
- Title 18: CRIMES AND CRIMINAL PROCEDURE
- Part I: CRIMES
- Chapter 119: WIRE AND ELECTRONIC COMMUNICATIONS INTERCEPTION AND INTERCEPTION OF ORAL COMMUNICATIONS
- Section 2510: Definitions
- Title 31: MONEY AND FINANCE
- Subtitle I: GENERAL
- Chapter 5: OFFICE OF MANAGEMENT AND BUDGET
- Subchapter I: ORGANIZATION
- Section 501: Office of Management and Budget
- Chapter 9: AGENCY CHIEF FINANCIAL OFFICERS
- Section 901: Establishment of agency Chief Financial Officers
- Subtitle II: THE BUDGET PROCESS
- Chapter 11: THE BUDGET AND FISCAL, BUDGET, AND PROGRAM INFORMATION
- Section 1115: Federal Government and agency performance plans
- Subtitle III: FINANCIAL MANAGEMENT
- Chapter 35: ACCOUNTING AND COLLECTION
- Subchapter II: ACCOUNTING REQUIREMENTS, SYSTEMS, AND INFORMATION
- Section 3512: Executive agency accounting and other financial management reports and plans
- Title 40: PUBLIC BUILDINGS, PROPERTY, AND WORKS
- Subtitle III: INFORMATION TECHNOLOGY MANAGEMENT
- Chapter 111: GENERAL
- Section 11101: Definitions
- Chapter 113: RESPONSIBILITY FOR ACQUISITIONS OF INFORMATION TECHNOLOGY
- Subchapter I: DIRECTOR OF OFFICE OF MANAGEMENT AND BUDGET
- Section 11302: Capital planning and investment control
- Subchapter III: OTHER RESPONSIBILITIES
- Section 11331: Responsibilities for Federal information systems standards
- Title 42: THE PUBLIC HEALTH AND WELFARE
- Chapter 7: SOCIAL SECURITY
- Subchapter XVIII: HEALTH INSURANCE FOR AGED AND DISABLED
- Part E: Miscellaneous Provisions
- Section 1395kk-1: Contracts with medicare administrative contractors
- Chapter 21E: PRIVACY AND CIVIL LIBERTIES PROTECTION AND OVERSIGHT
- Section 2000ee: Privacy and Civil Liberties Oversight Board
- Chapter 68: DISASTER RELIEF
- Subchapter IV-B: EMERGENCY PREPAREDNESS
- Section 5195c: Critical infrastructures protection
- Title 44: PUBLIC PRINTING AND DOCUMENTS
- Chapter 35: COORDINATION OF FEDERAL INFORMATION POLICY
- Subchapter I: FEDERAL INFORMATION POLICY
- Section 3502: Definitions
- Section 3504: Authority and functions of Director
- Section 3518: Effect on existing laws and regulations
- Chapter 36: MANAGEMENT AND PROMOTION OF ELECTRONIC GOVERNMENT SERVICES
- Section 3602: Office of Electronic Government
- Section 3603: Chief Information Officers Council
- Title 47: TELECOMMUNICATIONS
- Chapter 5: WIRE OR RADIO COMMUNICATION
- Subchapter VI: MISCELLANEOUS PROVISIONS
- Section 606: War powers of President
- Title 50: WAR AND NATIONAL DEFENSE
- Chapter 15: NATIONAL SECURITY
- Section 401a: Definitions
- Chapter 36: FOREIGN INTELLIGENCE SURVEILLANCE
- Subchapter I: ELECTRONIC SURVEILLANCE
- Section 1801: Definitions
- Section 1810: Civil liability
- Subchapter II: PHYSICAL SEARCHES
- Section 1828: Civil liability
- Other Citations
- 41 U.S.C. 421(a)
- 44 U.S.C. 3554(a)(3)
- 41 U.S.C. 414b
- 44 U.S.C. 3552(a)(3)(D)
- 44 U.S.C. 3552
- 44 U.S.C. 3553
- 44 U.S.C. 3553(c)(1)(A)
- 44 U.S.C. 3551
- 41 U.S.C. 264b
- 41 U.S.C. 253(f)
- 44 U.S.C. 3553(c)
- 41 U.S.C. 253
- 44 U.S.C. 3554
Other Citations
- 5 U.S.C. Chapter 45
- 5 U.S.C. Chapter 5
- 5 U.S.C. Chapter 53
- 18 U.S.C. Chapter 206
- 44 U.S.C. Chapter 35