113 S2519 RS: National Cybersecurity and Communications Integration Center Act of 2014 U.S. Senate 2014-06-24 text/xml EN Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.

IICalendar No. 526113th CONGRESS2d SessionS. 2519[Report No. 113–240]IN THE SENATE OF THE UNITED STATESJune 24, 2014Mr. Carper (for himself and Mr. Coburn) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental AffairsJuly 31, 2014Reported by Mr. Carper, with an amendmentInsert the part printed in italicA BILLTo codify an existing operations center for cybersecurity.

1.

Short title

This Act may be cited as the National Cybersecurity and Communications Integration Center Act of 2014.

2.

National Cybersecurity and Communications Integration Center

(a)

In general

Subtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following:

210G.

Operations center

(a)

Functions

There is in the Department an operations center, which may carry out the responsibilities of the Under Secretary appointed under section 103(a)(1)(H) with respect to security and resilience, including by—(1)serving as a Federal civilian information sharing interface for cybersecurity;(2)providing shared situational awareness to enable real-time, integrated, and operational actions across the Federal Government;(3)sharing cybersecurity threat, vulnerability, impact, and incident information and analysis by and among Federal, State, and local government entities and private sector entities;(4)coordinating cybersecurity information sharing throughout the Federal Government;(5)conducting analysis of cybersecurity risks and incidents;(6)upon request, providing timely technical assistance to Federal and non-Federal entities with respect to cybersecurity threats and attribution, vulnerability mitigation, and incident response and remediation; and(7)providing recommendations on security and resilience measures to Federal and non-Federal entities.(b)

Composition

The operations center shall be composed of—(1)personnel or other representatives of Federal agencies, including civilian and law enforcement agencies and elements of the intelligence community, as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)); and(2)representatives from State and local governments and other non-Federal entities, including—(A)representatives from information sharing and analysis organizations; and(B)private sector owners and operators of critical information systems.(c)

Annual report

Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, and every year thereafter for 3 years, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the operations center, which shall include—(1)an analysis of the performance of the operations center in carrying out the functions under subsection (a);(2)information on the composition of the center, including—(A)the number of representatives from non-Federal entities that are participating in the operations center, including the number of representatives from States, nonprofit organizations, and private sector entities, respectively; and(B)the number of requests from non-Federal entities to participate in the operations center and the response to such requests, including—(i)the average length of time to fulfill such identified requests by the Federal agency responsible for fulfilling such requests; and(ii)a description of any obstacles or challenges to fulfilling such requests; and(3)the policies and procedures established by the operations center to safeguard privacy and civil liberties.(d)

GAO report

Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the effectiveness of the operations center.(e)

No right or benefit

The provision of assistance or information to, and inclusion in the operations center of, governmental or private entities under this section shall be at the discretion of the Under Secretary appointed under section 103(a)(1)(H). The provision of certain assistance or information to, or inclusion in the operations center of, one governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, to similar assistance or information for any other governmental or private entity.

.(b)

Technical and conforming amendment

The table of contents in section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note) is amended by inserting after the item relating to section 210F the following:Sec. 210G. Operations center..

3.

Rule of construction

(a)

Definition

In this section, the term critical infrastructure has the meaning given that term under section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101).(b)

Rule of construction

Nothing in this Act shall be construed to grant the Secretary of Homeland Security any authority to promulgate regulations or set standards relating to the cybersecurity of private sector critical infrastructure that was not in effect on the day before the date of enactment of this Act.

July 31, 2014Reported with an amendment