State and Local Cyber Protection Act of 2015
(Sec. 2) This bill amends the Homeland Security Act of 2002 to require the Department of Homeland Security's (DHS's) national cybersecurity and communications integration center (NCCIC) to assist state and local governments with cybersecurity by:
The NCCIC's privacy and civil liberties training must include: (1) reasonable limits on the receipt, retention, use, and disclosure of information associated with specific persons that is not necessary for cybersecurity purposes; (2) data integrity standards requiring the prompt removal and destruction of obsolete or erroneous names and personal information that is unrelated to the risk or incident information; and (3) safeguards and confidentiality protections for cyber threat indicators and defensive measures, including information that is proprietary or business-sensitive that may be used to identify specific persons from unauthorized access or acquisition.
The NCCIC must seek feedback from state and local governments on the effectiveness of such activities and provide such information to Congress.
[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3869 Introduced in House (IH)]
<DOC>
114th CONGRESS
1st Session
H. R. 3869
To amend the Homeland Security Act of 2002 to require State and local
coordination on cybersecurity with the national cybersecurity and
communications integration center, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
November 2, 2015
Mr. Hurd of Texas (for himself and Mr. Ratcliffe) introduced the
following bill; which was referred to the Committee on Homeland
Security
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to require State and local
coordination on cybersecurity with the national cybersecurity and
communications integration center, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``State and Local Cyber Protection Act
of 2015''.
SEC. 2. STATE AND LOCAL COORDINATION ON CYBERSECURITY WITH THE NATIONAL
CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.
(a) In General.--The second section 226 of the Homeland Security
Act of 2002 (6 U.S.C. 148; relating to the national cybersecurity and
communications integration center) is amended by adding at the end the
following new subsection:
``(g) State and Local Coordination on Cybersecurity.--
``(1) In general.--The Center shall, to the extent
practicable--
``(A) assist State and local governments, upon
request, in identifying information system
vulnerabilities;
``(B) assist State and local governments, upon
request, in identifying information security
protections commensurate with cybersecurity risks and
the magnitude of the potential harm resulting from the
unauthorized access, use, disclosure, disruption,
modification, or destruction of--
``(i) information collected or maintained
by or on behalf of a State or local government;
or
``(ii) information systems used or operated
by an agency or by a contractor of a State or
local government or other organization on
behalf of a State or local government;
``(C) in consultation with State and local
governments, provide and periodically update via a web
portal tools, products, resources, policies,
guidelines, and procedures related to information
security;
``(D) work with senior State and local government
officials, including State and local Chief Information
Officers, through national associations to coordinate a
nationwide effort to ensure effective implementation of
tools, products, resources, policies, guidelines, and
procedures related to information security to secure
and ensure the resiliency of State and local
information systems;
``(E) provide, upon request, operational and
technical cybersecurity training to State and local
government and fusion center analysts and operators to
address cybersecurity risks or incidents;
``(F) provide, in coordination with the Chief
Privacy Officer and the Chief Civil Rights and Civil
Liberties Officer of the Department, privacy and civil
liberties training to State and local governments
related to cybersecurity;
``(G) provide, upon request, operational and
technical assistance to State and local governments to
implement tools, products, resources, policies,
guidelines, and procedures on information security by--
``(i) deploying technology to assist such
State or local government to continuously
diagnose and mitigate against cyber threats and
vulnerabilities, with or without reimbursement;
``(ii) compiling and analyzing data on
State and local information security; and
``(iii) developing and conducting targeted
operational evaluations, including threat and
vulnerability assessments, on the information
systems of State and local governments;
``(H) assist State and local governments to develop
policies and procedures for coordinating vulnerability
disclosures, to the extent practicable, consistent with
international and national standards in the information
technology industry, including standards developed by
the National Institute of Standards and Technology; and
``(I) ensure that State and local governments, as
appropriate, are made aware of the tools, products,
resources, policies, guidelines, and procedures on
information security developed by the Department and
other appropriate Federal departments and agencies for
ensuring the security and resiliency of Federal
civilian information systems.
``(2) Training.--Privacy and civil liberties training
provided pursuant to subparagraph (F) of paragraph (1) shall
include processes, methods, and information that--
``(A) are consistent with the Department's Fair
Information Practice Principles developed pursuant to
section 552a of title 5, United States Code (commonly
referred to as the `Privacy Act of 1974' or the
`Privacy Act');
``(B) reasonably limit, to the greatest extent
practicable, the receipt, retention, use, and
disclosure of information related to cybersecurity
risks and incidents associated with specific persons
that is not necessary, for cybersecurity purposes, to
protect an information system or network of information
systems from cybersecurity risks or to mitigate
cybersecurity risks and incidents in a timely manner;
``(C) minimize any impact on privacy and civil
liberties;
``(D) provide data integrity through the prompt
removal and destruction of obsolete or erroneous names
and personal information that is unrelated to the
cybersecurity risk or incident information shared and
retained by the Center in accordance with this section;
``(E) include requirements to safeguard cyber
threat indicators and defensive measures retained by
the Center, including information that is proprietary
or business-sensitive that may be used to identify
specific persons from unauthorized access or
acquisition;
``(F) protect the confidentiality of cyber threat
indicators and defensive measures associated with
specific persons to the greatest extent practicable;
and
``(G) ensure all relevant constitutional, legal,
and privacy protections are observed.''.
(b) Congressional Oversight.--Not later than two years after the
date of the enactment of this Act, the national cybersecurity and
communications integration center of the Department of Homeland
Security shall provide to the Committee on Homeland Security of the
House of Representatives and the Committee on Homeland Security and
Governmental Affairs of the Senate information on the activities and
effectiveness of such activities under subsection (g) of the second
section 226 of the Homeland Security Act of 2002 (6 U.S.C. 148;
relating to the national cybersecurity and communications integration
center), as added by subsection (a) of this section, on State and local
information security. The center shall seek feedback from State and
local governments regarding the effectiveness of such activities and
include such feedback in the information required to be provided under
this subsection.
<all>
Introduced in House
Introduced in House
Referred to the House Committee on Homeland Security.
Committee Consideration and Mark-up Session Held.
Ordered to be Reported by Voice Vote.
Reported by the Committee on Homeland Security. H. Rept. 114-363.
Reported by the Committee on Homeland Security. H. Rept. 114-363.
Placed on the Union Calendar, Calendar No. 276.
Mr. Hurd (TX) moved to suspend the rules and pass the bill, as amended.
Considered under suspension of the rules. (consideration: CR H9255-9257)
DEBATE - The House proceeded with forty minutes of debate on H.R. 3869.
Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.(text: CR H9255)
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line
On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. (text: CR H9255)
Motion to reconsider laid on the table Agreed to without objection.
The title of the measure was amended. Agreed to without objection.
Received in the Senate and Read twice and referred to the Committee on Homeland Security and Governmental Affairs.