[Congressional Bills 108th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5068 Introduced in House (IH)]






108th CONGRESS
  2d Session
                                H. R. 5068

 To amend the Homeland Security Act of 2002 to enhance cybersecurity, 
                        and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 13, 2004

 Mr. Thornberry (for himself and Ms. Lofgren) introduced the following 
bill; which was referred to the Select Committee on Homeland Security, 
    and in addition to the Committee on Science, for a period to be 
subsequently determined by the Speaker, in each case for consideration 
  of such provisions as fall within the jurisdiction of the committee 
                               concerned

_______________________________________________________________________

                                 A BILL


 
 To amend the Homeland Security Act of 2002 to enhance cybersecurity, 
                        and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Department of Homeland Security 
Cybersecurity Enhancement Act of 2004''.

SEC. 2. ASSISTANT SECRETARY FOR CYBERSECURITY.

    (a) In General.--Subtitle A of title II of the Homeland Security 
Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the 
following:

``SEC. 203. ASSISTANT SECRETARY FOR CYBERSECURITY.

    ``(a) In General.--There shall be in the Directorate for 
Information Analysis and Infrastructure Protection a National 
Cybersecurity Office headed by an Assistant Secretary for Cybersecurity 
(in this section referred to as the `Assistant Secretary'), who shall 
assist the Secretary in promoting cybersecurity for the Nation.
    ``(b) General Authority.--The Assistant Secretary, subject to the 
direction and control of the Secretary, shall have primary authority 
within the Department for all cybersecurity-related critical 
infrastructure protection programs of the Department, including with 
respect to policy formulation and program management.
    ``(c) Responsibilities.--The responsibilities of the Assistant 
Secretary shall include the following:
            ``(1) To establish and manage--
                    ``(A) a national cybersecurity response system that 
                includes the ability to--
                            ``(i) analyze the effect of cybersecurity 
                        threat information on national critical 
                        infrastructure; and
                            ``(ii) aid in the detection and warning of 
                        attacks on, and in the restoration of, 
                        cybersecurity infrastructure in the aftermath 
                        of such attacks;
                    ``(B) a national cybersecurity threat and 
                vulnerability reduction program that identifies 
                cybersecurity vulnerabilities that would have a 
                national effect on critical infrastructure, performs 
                vulnerability assessments on information technologies, 
                and coordinates the mitigation of such vulnerabilities;
                    ``(C) a national cybersecurity awareness and 
                training program that promotes cybersecurity awareness 
                among the public and the private sectors and promotes 
                cybersecurity training and education programs;
                    ``(D) a government cybersecurity program to 
                coordinate and consult with Federal, State, and local 
                governments to enhance their cybersecurity programs; 
                and
                    ``(E) a national security and international 
                cybersecurity cooperation program to help foster 
                Federal efforts to enhance international cybersecurity 
                awareness and cooperation.
            ``(2) To coordinate with the private sector on the program 
        under paragraph (1) as appropriate, and to promote 
        cybersecurity information sharing, vulnerability assessment, 
        and threat warning regarding critical infrastructure.
            ``(3) To coordinate with other directorates and offices 
        within the Department on the cybersecurity aspects of their 
        missions.
            ``(4) To coordinate with the Under Secretary for Emergency 
        Preparedness and Response to ensure that the National Response 
        Plan developed pursuant to section 502(6) of the Homeland 
        Security Act of 2002 (6 U.S.C. 312(6)) includes appropriate 
        measures for the recovery of the cybersecurity elements of 
        critical infrastructure.
            ``(5) To develop processes for information sharing with the 
        private sector, consistent with section 214, that--
                    ``(A) promote voluntary cybersecurity best 
                practices, standards, and benchmarks that are 
                responsive to rapid technology changes and to the 
                security needs of critical infrastructure; and
                    ``(B) consider roles of Federal, State, local, and 
                foreign governments and the private sector, including 
                the insurance industry and auditors.
            ``(6) To coordinate with the Chief Information Officer of 
        the Department in establishing a secure information sharing 
        architecture and information sharing processes, including with 
        respect to the Department's operation centers.
            ``(7) To consult with the Electronic Crimes Task Force of 
        the United States Secret Service on private sector outreach and 
        information activities.
            ``(8) To consult with the Office for Domestic Preparedness 
        to ensure that realistic cybersecurity scenarios are 
        incorporated into tabletop and recovery exercises.
            ``(9) To consult and coordinate, as appropriate, with other 
        Federal agencies on cybersecurity-related programs, policies, 
        and operations.
            ``(10) To consult and coordinate within the Department and, 
        where appropriate, with other relevant Federal agencies, on 
        security of digital control systems, such as Supervisory 
        Control and Data Acquisition (SCADA) systems.
    ``(d) Authority Over the National Communications System.--The 
Assistant Secretary shall have primary authority within the Department 
over the National Communications System.''.
    (b) Clerical Amendment.--The table of contents in section 1(b) of 
such Act is amended by adding at the end of the items relating to 
subtitle A of title II the following:

``203. Assistant Secretary for Cybersecurity.''.

SEC. 3. CYBERSECURITY DEFINED.

    Section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101) is 
amended by adding at the end the following:
            ``(17)(A) The term `cybersecurity' means the prevention of 
        damage to, the protection of, and the restoration of computers, 
        electronic communications systems, electronic communication 
        services, wire communication, and electronic communication, 
        including information contained therein, to ensure its 
        availability, integrity, authentication, confidentiality, and 
        nonrepudiation.
            ``(B) In this paragraph--
                    ``(i) each of the terms `damage' and `computer' has 
                the meaning that term has in section 1030 of title 18, 
                United States Code; and
                    ``(ii) each of the terms `electronic communications 
                system', `electronic communication service', `wire 
                communication', and `electronic communication' has the 
                meaning that term has in section 2510 of title 18, 
                United States Code.''.
                                 <all>