skip to main content

H.R. 3510 (114th): Department of Homeland Security Cybersecurity Strategy Act of 2015


The text of the bill below is as of Oct 6, 2015 (Reported by House Committee).

Summary of this bill

###Congress Seeks Reliable Cybersecurity Objectives from DHS

The House has approved H.R. 3510, a bill instructing the Department of Homeland Security (DHS) to create cybersecurity objectives; i.e,. tasks to achieve objectives, projected timelines, and costs.

Rep. Cedric Richmond (D-LA2), ranking member of the House Homeland Security committee’s subcommittee on cybersecurity, is the bill’s main sponsor. He has said, “I am determined to keep our nation's computer systems incorruptible through thoughtful cybersecurity policy.”

According to the House GOP’s Legislative Digest, DHS is not allowed to cover dollars for the National Protection and Programs Directorate (NPPD) without Congress’ approval. NPPD is a specific DHS infrastructure overseeing ...


IB

Union Calendar No. 216

114th CONGRESS

1st Session

H. R. 3510

[Report No. 114–284]

IN THE HOUSE OF REPRESENTATIVES

September 15, 2015

introduced the following bill; which was referred to the Committee on Homeland Security

October 6, 2015

Additional sponsors: Mr. Ratcliffe, Mr. McCaul, and Mr. Thompson of Mississippi

October 6, 2015

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed

Strike out all after the enacting clause and insert the part printed in italic

For text of introduced bill, see copy of bill as introduced on September 15, 2015


A BILL

To amend the Homeland Security Act of 2002 to require the Secretary of Homeland Security to develop a cybersecurity strategy for the Department of Homeland Security, and for other purposes.


1.

Short title

This Act may be cited as the Department of Homeland Security Cybersecurity Strategy Act of 2015.

2.

Cybersecurity strategy for the Department of Homeland Security

(a)

In general

Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.) is amended by adding at the end the following new section:

230.

Cybersecurity strategy

(a)

In general

Not later than 60 days after the date of the enactment of this section, the Secretary shall develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.

(b)

Contents

The strategy required under subsection (a) shall include the following:

(1)

Strategic and operational goals and priorities to successfully execute the full range of the Secretary’s cybersecurity responsibilities.

(2)

Information on the programs, policies, and activities that are required to successfully execute the full range of the Secretary’s cybersecurity responsibilities, including programs, policies, and activities in furtherance of the following:

(A)

Cybersecurity functions set forth in the second section 226 (relating to the national cybersecurity and communications integration center).

(B)

Cybersecurity investigations capabilities.

(C)

Cybersecurity research and development.

(D)

Engagement with international cybersecurity partners.

(c)

Considerations

In developing the strategy required under subsection (a), the Secretary shall—

(1)

consider—

(A)

the cybersecurity strategy for the Homeland Security Enterprise published by the Secretary in November 2011;

(B)

the Department of Homeland Security Fiscal Years 2014–2018 Strategic Plan; and

(C)

the most recent Quadrennial Homeland Security Review issued pursuant to section 707; and

(2)

include information on the roles and responsibilities of components and offices of the Department, to the extent practicable, to carry out such strategy.

(d)

Implementation plan

Not later than 90 days after the development of the strategy required under subsection (a), the Secretary shall issue an implementation plan for the strategy that includes the following:

(1)

Strategic objectives and corresponding tasks.

(2)

Projected timelines and costs for such tasks.

(3)

Metrics to evaluate performance of such tasks.

(e)

Congressional oversight

The Secretary shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate for assessment the following:

(1)

A copy of the strategy required under subsection (a) upon issuance.

(2)

A copy of the implementation plan required under subsection (d) upon issuance, together with detailed information on any associated legislative or budgetary proposals.

(f)

Prohibition on reorganization

In the event that the strategy required under subsection (a) or implementation plan required under subsection (d) includes actions to reorganize departmental components or offices, such actions may not be executed without prior congressional authorization.

(g)

Classified information

The strategy required under subsection (a) shall be in an unclassified form but may contain a classified annex.

(h)

Rule of construction

Nothing in this section may be construed as permitting the Department to engage in monitoring, surveillance, exfiltration, or other collection activities for the purpose of tracking an individual’s personally identifiable information.

(i)

Definitions

In this section:

(1)

Cybersecurity risk

The term cybersecurity risk has the meaning given such term in the second section 226, relating to the national cybersecurity and communications integration center.

(2)

Homeland Security Enterprise

The term Homeland Security Enterprise means relevant governmental and nongovernmental entities involved in homeland security, including Federal, State, local, and tribal government officials, private sector representatives, academics, and other policy experts.

(3)

Incident

The term incident has the meaning given such term in the second section 226, relating to the national cybersecurity and communications integration center.

.

(b)

Clerical amendment

The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by adding at the end of the list of items for subtitle C of title II the following new item:

Sec. 230. Cybersecurity strategy.

.

(c)

Amendment to definition

Paragraph (2) of subsection (a) of the second section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148; relating to the national cybersecurity and communications integration center) is amended to read as follows:

(2)

the term incident means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system, or actually or imminently jeopardizes, without lawful authority, an information system;

.

October 6, 2015

Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed