S. 3342 (112th): SECURE IT

Jun 27, 2012 (112th Congress, 2011–2013)
Died (Reported by Committee)
John McCain
Senior Senator from Arizona
Read Text »
Last Updated
Jun 28, 2012
116 pages
Related Bills
S. 2151 (Related)

Referred to Committee
Last Action: Mar 01, 2012

H.R. 4263 (Related)
SECURE IT Act of 2012

Referred to Committee
Last Action: Mar 27, 2012


This bill was introduced on June 28, 2012, in a previous session of Congress, but was not enacted.

Introduced Jun 27, 2012
Reported by Committee Jun 28, 2012
Full Title

A bill to improve information security, and for other purposes.


No summaries available.

Primary Source

THOMAS.gov (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here. Data comes via the congress project.


Get a bill status widget for your website »


Click a format for a citation suggestion:


S. stands for Senate bill.

A bill must be passed by both the House and Senate in identical form and then be signed by the president to become law.

The bill’s title was written by its sponsor.

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.

Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 or SECURE IT - Authorizes private entities to employ countermeasures and use cybersecurity systems to obtain, identify, or possess cyber threat information on its own networks or the networks of another entity with such entity's authorization.
Allows private entities, nonfederal government agencies, or state, tribal, or local governments to voluntarily disclose cyber threat information to designated cybersecurity centers or to each other to assist with preventing, investigating, or mitigating threats to information security.
Requires such entities and governments providing electronic communication, remote computing, or information security services to a federal agency to inform the agency of a significant cyber incident involving the federal information system of that agency that: (1) is directly known as a result of providing such services and directly related to the provision of such services, and (2) has impeded or will impede the performance of a critical mission of the federal agency.
Defines "significant cyber incident" as a cyber incident resulting in, or an attempted cyber incident that, if successful, would have resulted in:
(1) the exfiltration from a federal information system (an information system used or operated by an executive agency, contractor, or another organization on behalf of an executive agency) of data essential to the operation of the such a system, or
(2) an incident in which an operational or technical control essential to the security or operation of a such a system was defeated.
Directs federal agencies receiving such significant cyber incident information to report the information to a cybersecurity center.
Permits cyber threat information provided to a cybersecurity center to be disclosed to, retained by, or used by, consistent with otherwise applicable federal law, the federal government for a cybersecurity or national security purpose or to prevent, investigate, or prosecute various criminal offenses for which law enforcement officials are authorized, under existing law, to seek a court order authorizing an interception of wire, oral, or electronic communications.
Prohibits the disclosure, retention, or use of such information for any use not expressly permitted.
Prohibits federal, state, tribal, or local agencies from directly using such information to regulate an entity's lawful activities.
Sets forth conditions with regard to information provided to a cybersecurity center including: (1) the disclosure of such information to state, tribal, or local governments; (2) the use, distribution, and any prerequisite consent necessary for sharing such information; and (3) the legal treatment of such information under specified privileges, exemptions, ex parte communications rules, and requirements for disclosing public information and records.
Provides legal protections to entities engaged in authorized cybersecurity activities.
Directs the Director of National Intelligence (DNI) and Secretary of Defense (DOD) to develop procedures for sharing, through cybersecurity centers, classified and unclassified information.
Authorizes the Council of the Inspectors General on Integrity and Efficiency to review compliance by the cybersecurity centers and federal agencies with required procedures, including privacy and civil liberty protections through anonymization or other methods.
Amends the Federal Information Security Management Act of 2002 to replace existing information security procedures for federal agencies with a new framework for coordinating and securing federal information.
Directs the Secretary of Commerce to issue compulsory and binding policies and directives governing agency information security operations. Requires that national security systems be overseen as directed by the President.
Requires each agency to comply with such policies and provide risk-commensurate information security protections for information systems used or operated by the agency or a contractor or other organization on an agency's behalf.
Requires each agency's Chief Information Officer to develop an agencywide information security program.
Directs the Office of Management and Budget (OMB), in coordination with the Department of Homeland Security (DHS), to designate an entity to conduct an ongoing security analysis of agency information systems using automated processes. Requires each agency to develop a timeline for the implementation of technology facilitating continuous monitoring and threat assessments. Sets forth separate requirements for national security systems.
Requires that federal information systems be based on National Institute of Standards and Technology (NIST) standards.
Amends the Computer Fraud and Abuse Act to increase and further delineate the criminal penalties for computer fraud and related activities.
Establishes an offense for aggravated damage to a public or private critical infrastructure computer that manages or controls systems or assets vital to national defense, national security, national economic security, or public health or safety.
Amends the High-Performance Computing Act of 1991 to re-designate the National High-Performance Computing Program as the Networking and Information Technology Research and Development Program.
Requires the Director of the Office of Science and Technology Policy (STP) to establish goals for inter-agency collaborative research and development with Program Component Areas, industry, institutions of higher education, federal laboratories, and international organizations. Directs agencies to develop a five-year strategic plan.
Requires that agencies be encouraged under the Program to address application areas with potential for contributions to national economic competitiveness and other societal benefits including technical solutions to cybersecurity, health care, energy management, transportation, cyber-physical systems, physical and behavioral phenomena, and privacy protection.
Defines "cyber-physical systems" as physical or engineered systems whose networking and information technology functions and physical elements are integrated and actively connected to the physical world through sensors, actuators, or other means to perform monitoring and control functions.
Requires the STP Director to convene a task force to report to Congress on options for the research, development, and organizational structure of cyber-physical systems.
Requires the National Science Foundation (NSF) to carry out a Federal Cyber Scholarship-for-Service program.
Requires the NIST to coordinate federal agencies engaged in the development of international technical standards.
Amends the Cyber Security Research and Development Act to add research areas eligible for NSF computer and network security research grants. Authorizes various grant programs through FY2013.

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.

No summary available.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

Use the comment space below for discussion of the merits of S. 3342 (112th) with other GovTrack users.
Your comments are not read by Congressional staff.

comments powered by Disqus