skip to main content

S. 594 (115th): National Cybersecurity Preparedness Consortium Act of 2018


The text of the bill below is as of Dec 4, 2018 (Reported by Senate Committee). The bill was not enacted into law.


II

Calendar No. 714

115th CONGRESS

2d Session

S. 594

[Report No. 115–410]

IN THE SENATE OF THE UNITED STATES

March 9, 2017

(for himself, Mr. Cruz, Mr. Leahy, Mr. Boozman, and Mr. Cotton) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

December 4, 2018

Reported by , with an amendment

Strike out all after the enacting clause and insert the part printed in italic

A BILL

To authorize the Secretary of Homeland Security to work with cybersecurity consortia for training, and for other purposes.

1.

Short title

This Act may be cited as the National Cybersecurity Preparedness Consortium Act of 2017.

2.

Definitions

In this Act—

(1)

the term consortium means a group primarily composed of nonprofit entities, including academic institutions, that develop, update, and deliver cybersecurity training in support of homeland security;

(2)

the terms cybersecurity risk and incident have the meanings given those terms in section 227(a) of the Homeland Security Act of 2002 (6 U.S.C. 148(a));

(3)

the term Department means the Department of Homeland Security; and

(4)

the term Secretary means the Secretary of Homeland Security.

3.

National Cybersecurity Preparedness Consortium

(a)

In general

The Secretary may work with a consortium, including the National Cybersecurity Preparedness Consortium, to support efforts to address cybersecurity risks and incidents, including threats of terrorism and acts of terrorism.

(b)

Assistance to the NCCIC

The Secretary may work with a consortium to assist the national cybersecurity and communications integration center of the Department (established under section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148)) to—

(1)

provide training to State and local first responders and officials specifically for preparing for and responding to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism, in accordance with applicable law;

(2)

develop and update a curriculum utilizing existing programs and models in accordance with such section 227, for State and local first responders and officials, related to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism;

(3)

provide technical assistance services to build and sustain capabilities in support of preparedness for and response to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism, in accordance with such section 227;

(4)

conduct cross-sector cybersecurity training and simulation exercises for entities, including State and local governments, critical infrastructure owners and operators, and private industry, to encourage community-wide coordination in defending against and responding to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism, in accordance with section 228(c) of the Homeland Security Act of 2002 (6 U.S.C. 149(c));

(5)

help States and communities develop cybersecurity information sharing programs, in accordance with section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148), for the dissemination of homeland security information related to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism; and

(6)

help incorporate cybersecurity risk and incident prevention and response (including related to threats of terrorism and acts of terrorism) into existing State and local emergency plans, including continuity of operations plans.

(c)

Prohibition on duplication

In carrying out the functions under subsection (b), the Secretary shall, to the greatest extent practicable, seek to prevent unnecessary duplication of existing programs or efforts of the Department.

(d)

Considerations regarding selection of a consortium

In selecting a consortium with which to work under this Act, the Secretary shall take into consideration the following:

(1)

Any prior experience conducting cybersecurity training and exercises for State and local entities.

(2)

Geographic diversity of the members of any such consortium so as to cover different regions throughout the United States.

(e)

Metrics

If the Secretary works with a consortium under subsection (a), the Secretary shall measure the effectiveness of the activities undertaken by the consortium under this Act.

(f)

Outreach

The Secretary shall conduct outreach to universities and colleges, including historically Black colleges and universities, Hispanic-serving institutions, Tribal Colleges and Universities, and other minority-serving institutions, regarding opportunities to support efforts to address cybersecurity risks and incidents, including threats of terrorism and acts of terrorism, by working with the Secretary under subsection (a).

(g)

Termination

The authority to carry out this Act shall terminate on the date that is 5 years after the date of enactment of this Act.

1.

Short title

This Act may be cited as the National Cybersecurity Preparedness Consortium Act of 2018.

2.

Definitions

In this Act—

(1)

the term consortium means a group primarily composed of nonprofit entities, including academic institutions, that develop, update, and deliver cybersecurity training in support of homeland security;

(2)

the terms cybersecurity risk and incident have the meanings given those terms in section 227(a) of the Homeland Security Act of 2002 (6 U.S.C. 148(a));

(3)

the term Department means the Department of Homeland Security; and

(4)

the term Secretary means the Secretary of Homeland Security.

3.

National cybersecurity preparedness consortium

(a)

In general

The Secretary may work with a consortium to support efforts to address cybersecurity risks and incidents.

(b)

Assistance to the NCCIC

The Secretary may work with a consortium to assist the national cybersecurity and communications integration center of the Department (established under section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148)) to—

(1)

provide training to State and local first responders and officials specifically for preparing for and responding to cybersecurity risks and incidents, in accordance with applicable law;

(2)

develop and update a curriculum utilizing existing programs and models in accordance with such section 227, for State and local first responders and officials, related to cybersecurity risks and incidents;

(3)

provide technical assistance services to build and sustain capabilities in support of preparedness for and response to cybersecurity risks and incidents, including threats of terrorism and acts of terrorism, in accordance with such section 227;

(4)

conduct cross-sector cybersecurity training and simulation exercises for entities, including State and local governments, critical infrastructure owners and operators, and private industry, to encourage community-wide coordination in defending against and responding to cybersecurity risks and incidents, in accordance with section 228(c) of the Homeland Security Act of 2002 (6 U.S.C. 149(c));

(5)

help States and communities develop cybersecurity information sharing programs, in accordance with section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148), for the dissemination of homeland security information related to cybersecurity risks and incidents; and

(6)

help incorporate cybersecurity risk and incident prevention and response into existing State and local emergency plans, including continuity of operations plans.

(c)

Considerations regarding selection of a consortium

In selecting a consortium with which to work under this Act, the Secretary shall take into consideration the following:

(1)

Any prior experience conducting cybersecurity training and exercises for State and local entities.

(2)

Geographic diversity of the members of any such consortium so as to cover different regions throughout the United States.

(d)

Metrics

If the Secretary works with a consortium under subsection (a), the Secretary shall measure the effectiveness of the activities undertaken by the consortium under this Act.

(e)

Outreach

The Secretary shall conduct outreach to universities and colleges, including historically Black colleges and universities, Hispanic-serving institutions, Tribal Colleges and Universities, and other minority-serving institutions, regarding opportunities to support efforts to address cybersecurity risks and incidents, by working with the Secretary under subsection (a).

4.

Rule of construction

Nothing in this Act may be construed to authorize a consortium to control or direct any law enforcement agency in the exercise of the duties of the law enforcement agency.

December 4, 2018

Reported with an amendment