S. 413 (112th): Cybersecurity and Internet Freedom Act of 2011

Introduced:
Feb 17, 2011 (112th Congress, 2011–2013)
Status:
Died (Referred to Committee)
Sponsor
Joseph Lieberman
Senator from Connecticut
Party
Independent
Text
Read Text »
Last Updated
Feb 17, 2011
Length
221 pages
Related Bills
H.R. 4257 (Related)
Federal Information Security Amendments Act of 2012

Passed House
Last Action: Apr 26, 2012

H.R. 1136 (Related)
Executive Cyberspace Coordination Act of 2011

Referred to Committee
Last Action: Mar 16, 2011

 
Status

This bill was introduced on February 17, 2011, in a previous session of Congress, but was not enacted.

Progress
Introduced Feb 17, 2011
Referred to Committee Feb 17, 2011
 
Full Title

A bill to amend the Homeland Security Act of 2002 and other laws to enhance the security and resiliency of the cyber and communications infrastructure of the United States.

Summary

No summaries available.

Cosponsors
2 cosponsors (1D, 1R) (show)
Committees

Senate Homeland Security and Governmental Affairs

The committee chair determines whether a bill will move past the committee stage.

 
Primary Source

THOMAS.gov (The Library of Congress)

GovTrack gets most information from THOMAS, which is updated generally one day after events occur. Activity since the last update may not be reflected here. Data comes via the congress project.

Widget

Get a bill status widget for your website »

Citation

Click a format for a citation suggestion:

Notes

S. stands for Senate bill.

A bill must be passed by both the House and Senate in identical form and then be signed by the president to become law.

The bill’s title was written by its sponsor.

GovTrack’s Bill Summary

We don’t have a summary available yet.

Library of Congress Summary

The summary below was written by the Congressional Research Service, which is a nonpartisan division of the Library of Congress.


2/17/2011--Introduced.
Cybersecurity and Internet Freedom Act of 2011 - Internet Freedom Act - Declares that neither the President, the Director of the National Center for Cybersecurity and Communications, nor any officer or employee of the U.S. government shall have the authority to shut down the Internet.
Establishes in the Executive Office of the President an Office of Cyberspace Policy, which shall:
(1) develop a national strategy to increase the security and resiliency of cyberspace;
(2) oversee, coordinate, and integrate federal policies and activities relating to cyberspace security and resiliency;
(3) ensure that all federal agencies comply with appropriate guidelines, policies, and directives from the Department of Homeland Security (DHS), other federal agencies with responsibilities relating to cyberspace security or resiliency, and the National Center for Cybersecurity and Communications (established by this Act); and
(4) ensure that federal agencies have access to, receive, and appropriately disseminate law enforcement, intelligence, terrorism, and any other information relevant to the security of specified federal, military, and intelligence information infrastructure.
Requires the President to appoint a Director of Cyberspace Policy.
Provides for access by the Director to specified cybersecurity-related information.
Requires the Director to submit an annual report describing the activities, ongoing projects, and plans of the federal government designed to meet national strategy goals and objectives.
Amends the Homeland Security Act of 2002 (HSA) to establish within DHS a National Center for Cybersecurity and Communications (NCCC), which shall be headed by a Director, who shall:
(1) work cooperatively with the private sector and lead the federal effort to secure, protect, and ensure the resiliency of the federal and national information infrastructure; and
(2) work with the Assistant Secretary for Infrastructure Protection to coordinate the information, communications, and physical infrastructure protection responsibilities and activities of NCCC and the Office of Infrastructure Protection. Transfers to NCCC the National Cyber Security Division, the Office of Emergency Communications, and the National Communications System.
Establishes within NCCC the United States Computer Emergency Readiness Team, which shall: (1) collect, coordinate, and disseminate information on risks to specified federal information infrastructure and security controls; and (2) establish a mechanism for engagement with the private sector.
Requires the NCCC Director to:
(1) establish a program for sharing information with and between NCCC and other federal agencies;
(2) develop guidelines to protect the privacy and civil liberties of U.S. persons and intelligence sources and methods;
(3) establish a program to promote and provide technical assistance relating to the implementation of best practices and related standards and guidelines for securing the national information infrastructure; and
(4) identify and evaluate the cyber risks to covered critical infrastructure on a continuous and sector-by-sector basis and issue regulations establishing risk-based security performance requirements to secure covered critical infrastructure against cyber risks.
Authorizes the President to issue a declaration of a national cyber emergency to covered critical infrastructure if there is an ongoing or imminent action by any individual or entity to exploit a cyber risk in a manner that attempts to disrupt the operation of the information infrastructure essential to the reliable operation of covered critical infrastructure.
Requires the President to notify the owners and operators of the infrastructure of the nature of the emergency, consistent with the protection of intelligence sources and methods.
Requires the NCCC Director to take specified steps, including immediately directing the owners and operators to implement required response plans and to ensure that emergency actions represent the least disruptive means feasible to operations.
Prohibits any other federal entity, pursuant to such authority, from:
(1) restricting or prohibiting communications over, and not specifically directed to or from, covered critical infrastructure unless the Director determines that no other emergency action will preserve the reliable operation of such infrastructure or the national information infrastructure;
(2) controlling covered critical infrastructure;
(3) compelling the disclosure of information unless specifically authorized by law; or
(4) intercepting a wire, oral, or electronic communication, accessing a stored electronic or wire communication, installing or using a pen register or trap and trace device, or conducting electronic surveillance relating to an incident unless otherwise authorized by specified statutes.
Requires the President to ensure that any declaration or extension is reported to the appropriate congressional committees before the Director mandates any emergency measure or actions. Terminates such an emergency measure or action 30 days after the President's declaration and authorizes extensions for not more than 3 additional 30-day periods under certain conditions if approved by a joint resolution by Congress.
Requires each owner or operator of covered critical infrastructure to certify to the NCCC Director whether the owner or operator has developed and implemented approved security measures and any applicable emergency measures or actions required for any cyber risks and national cyber emergencies.
Sets forth civil penalties for violations.
Requires the DHS Secretary and the private sector to develop, periodically update, and implement a supply chain risk management strategy designed to ensure the security of the federal information infrastructure.
Sets forth provisions regarding the information security authority and functions of the NCCC Director and executive agency responsibilities.
Requires the Director to annually oversee, coordinate, and develop guidance for the effective implementation of operational evaluations of the federal information infrastructure and agency information security programs and practices to determine their effectiveness.
Authorizes the Director to order the isolation of any component of the federal information infrastructure if:
(1) an agency does not implement measures in an approved risk-based plan; and
(2) the failure to comply presents a significant danger to the federal information infrastructure.
Establishes in the executive branch a Federal Information Security Taskforce, which shall be the principal interagency forum for collaboration regarding best practices and recommendations for agency information security and the security of the federal information infrastructure.
Requires each agency with an Inspector General appointed under the Inspector General Act of 1978 to assess the adequacy and effectiveness of the information security program and evaluations.
Requires the assessments to be performed in accordance with standards developed by the Government Accountability Office, in collaboration with the Council of Inspectors General on Integrity and Efficiency, with assistance from the Taskforce. Provides for the delegation of the Director's authorities to the Secretary of Defense and the Director of the Central Intelligence Agency (CIA) under specified circumstances where unauthorized access, use, disclosure, disruption, modification, or destruction of information would have a debilitating impact on the missions of the Department of Defense (DOD) and the CIA.
Requires the Director of the Office of Personnel Management (OPM) and the NCCC Director to assess the readiness and capacity of the federal workforce to meet the needs of the cybersecurity mission of the federal government.
Requires the OPM Director to develop a comprehensive workforce strategy that enhances the readiness, capacity, training, and recruitment and retention of federal cybersecurity personnel.
Requires the head of each federal agency to:
(1) develop a strategic cybersecurity workforce plan as part of its performance plan; and
(2) measure and collect information on indicators of the effectiveness of the recruitment and hiring of a workforce needed to fulfill the agency's cybersecurity mission.
Requires the OPM Director, in coordination with:
(1) the NCCC Director, to develop and issue comprehensive occupation classifications for federal employees engaged in cybersecurity missions; and
(2) the NCCC Director, the Director of National Intelligence, the Secretary of Defense, and the Chief Information Officers Council (CIOC), to establish a cybersecurity awareness and education curriculum that shall be required for all federal employees and contractors engaged in the design, development, or operation of agency information infrastructure.
Amends HSA to direct the Under Secretary for Science and Technology, in coordination with the NCCC Director, to carry out a research and development program for the purpose of improving the security of information infrastructure.
Directs the DHS Secretary to establish a National Cybersecurity Advisory Council to advise the NCCC Director.
Amends HSA to direct the Secretary: (1) in establishing and maintaining a prioritized critical information infrastructure list, to consider cyber risks and consequences by sector; and (2) to establish and maintain a list of systems or assets that constitute covered critical infrastructure.
Sets forth provisions regarding: (1) identification of covered critical infrastructure, compliance with requirements regarding such designation, and development of a process under which an owner or operator of a system or asset that may constitute covered critical infrastructure may request that it be identified as such; and (2) the use of acquisition authorities by NCCC and a semiannual reporting requirement.
Requires the Administrator for Electronic Government and Information Technology, in coordination with CIOC, the Taskforce, and the Council on Inspectors General on Integrity and Efficiency, to evaluate and report on agency adoption and implementation of appropriate information security related policies, memoranda, and directives issued by the Office of Management and Budget (OMB).

House Republican Conference Summary

The summary below was written by the House Republican Conference, which is the caucus of Republicans in the House of Representatives.


No summary available.

House Democratic Caucus Summary

The House Democratic Caucus does not provide summaries of bills.

So, yes, we display the House Republican Conference’s summaries when available even if we do not have a Democratic summary available. That’s because we feel it is better to give you as much information as possible, even if we cannot provide every viewpoint.

We’ll be looking for a source of summaries from the other side in the meanwhile.

Use the comment space below for discussion of the merits of S. 413 (112th) with other GovTrack users.
Your comments are not read by Congressional staff.

comments powered by Disqus