EINSTEIN Act of 2015
Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS) to deploy, operate, and maintain (to make available for use by any federal agency, with or without reimbursement) capabilities to protect federal agency information and federal civilian information systems, including technologies to continuously diagnose, detect, prevent, and mitigate against cybersecurity risks involving such information or systems.
Authorizes the DHS Secretary to access, and allows federal agency heads to disclose to the Secretary, information traveling to or from or stored on such systems, regardless of from where the Secretary accesses such information, notwithstanding any law that would otherwise restrict or prevent such disclosures.
Authorizes the Secretary to retain, use, and disclose information obtained through such activities only to protect federal agency information and federal civilian information systems from cybersecurity risks or in furtherance of the national cybersecurity and communications integration center's (NCCIC's) authority, or, with DOJ approval and if disclosure of such information is not otherwise prohibited by law, to law enforcement only to investigate, prosecute, disrupt, or otherwise respond to:
Provides liability protections to private entities authorized to assist the Secretary for such purposes.
Redefines for purposes of the NCCIC's cybersecurity functions: (1) "cybersecurity risk" to exclude actions that solely involve a violation of a consumer term of service or a consumer licensing agreement; and (2) "incident" to include an occurrence that actually or imminently jeopardizes, without lawful authority, an information system, thereby replacing a standard that includes occurrences that constitute a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3305 Introduced in House (IH)]
114th CONGRESS
1st Session
H. R. 3305
To help enhance American network security and mitigate cybersecurity
risks, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 29, 2015
Mr. Hurd of Texas (for himself, Mr. McCaul, and Mr. Ratcliffe)
introduced the following bill; which was referred to the Committee on
Oversight and Government Reform, and in addition to the Committee on
Homeland Security, for a period to be subsequently determined by the
Speaker, in each case for consideration of such provisions as fall
within the jurisdiction of the committee concerned
_______________________________________________________________________
A BILL
To help enhance American network security and mitigate cybersecurity
risks, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``EINSTEIN Act of 2015''.
SEC. 2. PROTECTION OF FEDERAL CIVILIAN INFORMATION SYSTEMS.
(a) In General.--Subtitle C of title II of the Homeland Security
Act of 2002 (6 U.S.C. 141 et seq.) is amended by adding at the end the
following new section:
``SEC. 230. AVAILABLE PROTECTION OF FEDERAL CIVILIAN INFORMATION
SYSTEMS.
``(a) In General.--The Secretary shall deploy, operate, and
maintain, to make available for use by any Federal agency, with or
without reimbursement, capabilities to protect Federal agency
information and Federal civilian information systems, including
technologies to diagnose, detect, prevent, and mitigate against
cybersecurity risks involving Federal agency information or Federal
civilian information systems.
``(b) Activities.--In carrying out this section, the Secretary
may--
``(1) access, and Federal agency heads may disclose to the
Secretary or a private entity providing assistance to the
Secretary under paragraph (2), information traveling to or from
or stored on a Federal civilian information system, regardless
of from where the Secretary or a private entity providing
assistance to the Secretary under paragraph (2) accesses such
information, notwithstanding any other provision of law that
would otherwise restrict or prevent Federal agency heads from
disclosing such information to the Secretary or a private
entity providing assistance to the Secretary under paragraph
(2);
``(2) enter into contracts or other agreements, or
otherwise request and obtain the assistance of, private
entities to deploy, operate, and maintain technologies in
accordance with subsection (a); and
``(3) retain, use, and disclose information obtained
through the conduct of activities authorized under this section
only to protect Federal agency information and Federal civilian
information systems from cybersecurity risks or in furtherance
of the national cybersecurity and communications integration
center's authority under the second section 226, or, with the
approval of the Attorney General and if disclosure of such
information is not otherwise prohibited by law, to law
enforcement only to investigate, prosecute, disrupt, or
otherwise respond to--
``(A) a violation of section 1030 of title 18,
United States Code;
``(B) an imminent threat of death or serious bodily
harm;
``(C) a serious threat to a minor, including sexual
exploitation or threats to physical safety; or
``(D) an attempt, or conspiracy, to commit an
offense described in any of subparagraphs (A) through
(C).
``(c) Conditions.--Contracts or other agreements under subsection
(b)(2) shall include appropriate provisions barring--
``(1) the disclosure of information to any entity other
than the Department or a Federal agency disclosing information
in accordance with subsection (b)(1) that can be used to
identify specific persons and is reasonably believed to be
unrelated to a cybersecurity risk; and
``(2) the use of any information to which such private
entity gains access in accordance with this section for any
purpose other than to protect Federal agency information and
Federal civilian information systems against cybersecurity
risks or to administer any such contract or other agreement.
``(d) Limitation.--No cause of action shall lie in any court
against a private entity for assistance provided to the Secretary in
accordance with this section and a contract or agreement under
subsection (b)(2).
``(e) Definition.--The term `cybersecurity risk' has the meaning
given such term in the second section 226 (relating to the national
cybersecurity and communications integration center).''.
(b) Definitions.--Paragraphs (1) and (2) of the second section 226
of the Homeland Security Act of 2002 (6 U.S.C. 148; relating to the
national cybersecurity and communications integration center) are
amended to read as follows:
``(1)(A) except as provided in subparagraph (B), the term
`cybersecurity risk' means threats to and vulnerabilities of
information or information systems and any related consequences
caused by or resulting from unauthorized access, use,
disclosure, degradation, disruption, modification, or
destruction of such information or information systems,
including such related consequences caused by an act of
terrorism; and
``(B) such term does not include any action that solely
involves a violation of a consumer term of service or a
consumer licensing agreement;
``(2) the term `incident' means an occurrence that actually
or imminently jeopardizes, without lawful authority, the
integrity, confidentiality, or availability of information on
an information system, or actually or imminently jeopardizes,
without lawful authority, an information system;''.
(c) Clerical Amendment.--The table of contents of the Homeland
Security Act of 2002 is amended by adding at the end the following new
item:
``Sec. 230. Available protection of Federal civilian information
systems.''.
<all>
Introduced in House
Introduced in House
Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line