H. R. 285
IN THE HOUSE OF REPRESENTATIVES
January 6, 2005
Mr. Thornberry (for himself and Ms. Zoe Lofgren of California) introduced the following bill; which was referred to the Select Committee on Homeland Security
To amend the Homeland Security Act of 2002 to enhance cybersecurity, and for other purposes.
This Act may be cited as the
Department of Homeland Security Cybersecurity Enhancement Act of 2005.
Assistant Secretary for Cybersecurity
Subtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following:
Assistant Secretary for Cybersecurity
There shall be in the Directorate for Information Analysis and Infrastructure Protection a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity (in this section referred to as the
Assistant Secretary), who shall assist the Secretary in promoting cybersecurity for the Nation.
The Assistant Secretary, subject to the direction and control of the Secretary, shall have primary authority within the Department for all cybersecurity-related critical infrastructure protection programs of the Department, including with respect to policy formulation and program management.
The responsibilities of the Assistant Secretary shall include the following:
To establish and manage—
a national cybersecurity response system that includes the ability to—
analyze the effect of cybersecurity threat information on national critical infrastructure; and
aid in the detection and warning of attacks on, and in the restoration of, cybersecurity infrastructure in the aftermath of such attacks;
a national cybersecurity threat and vulnerability reduction program that identifies cybersecurity vulnerabilities that would have a national effect on critical infrastructure, performs vulnerability assessments on information technologies, and coordinates the mitigation of such vulnerabilities;
a national cybersecurity awareness and training program that promotes cybersecurity awareness among the public and the private sectors and promotes cybersecurity training and education programs;
a government cybersecurity program to coordinate and consult with Federal, State, and local governments to enhance their cybersecurity programs; and
a national security and international cybersecurity cooperation program to help foster Federal efforts to enhance international cybersecurity awareness and cooperation.
To coordinate with the private sector on the program under paragraph (1) as appropriate, and to promote cybersecurity information sharing, vulnerability assessment, and threat warning regarding critical infrastructure.
To coordinate with other directorates and offices within the Department on the cybersecurity aspects of their missions.
To coordinate with the Under Secretary for Emergency Preparedness and Response to ensure that the National Response Plan developed pursuant to section 502(6) of the Homeland Security Act of 2002 (6 U.S.C. 312(6)) includes appropriate measures for the recovery of the cybersecurity elements of critical infrastructure.
To develop processes for information sharing with the private sector, consistent with section 214, that—
promote voluntary cybersecurity best practices, standards, and benchmarks that are responsive to rapid technology changes and to the security needs of critical infrastructure; and
consider roles of Federal, State, local, and foreign governments and the private sector, including the insurance industry and auditors.
To coordinate with the Chief Information Officer of the Department in establishing a secure information sharing architecture and information sharing processes, including with respect to the Department’s operation centers.
To consult with the Electronic Crimes Task Force of the United States Secret Service on private sector outreach and information activities.
To consult with the Office for Domestic Preparedness to ensure that realistic cybersecurity scenarios are incorporated into tabletop and recovery exercises.
To consult and coordinate, as appropriate, with other Federal agencies on cybersecurity-related programs, policies, and operations.
To consult and coordinate within the Department and, where appropriate, with other relevant Federal agencies, on security of digital control systems, such as Supervisory Control and Data Acquisition (SCADA) systems.
Authority over the National Communications System
The Assistant Secretary shall have primary authority within the Department over the National Communications System.
The table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to subtitle A of title II the following:
203. Assistant Secretary for Cybersecurity
Section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101) is amended by adding at the end the following:
The term cybersecurity means the prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation
In this paragraph—
each of the terms damage and computer has the meaning that term has in section 1030 of title 18, United States Code; and
each of the terms electronic communications system, electronic communication service, wire communication, and electronic communication has the meaning that term has in section 2510 of title 18, United States Code.