 
 
I 
108th CONGRESS 2d Session 
H. R. 5068 
IN THE HOUSE OF REPRESENTATIVES 
 
September 13, 2004 
Mr. Thornberry (for himself and Ms. Lofgren) introduced the following bill; which was referred to the Select Committee on Homeland Security, and in addition to the Committee on Science, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned 
 
A BILL 
To amend the Homeland Security Act of 2002 to enhance cybersecurity, and for other purposes. 
 
 
1.Short titleThis Act may be cited as the Department of Homeland Security Cybersecurity Enhancement Act of 2004. 
2.Assistant Secretary for Cybersecurity 
(a)In generalSubtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following: 
 
203.Assistant Secretary for Cybersecurity 
(a)In generalThere shall be in the Directorate for Information Analysis and Infrastructure Protection a National Cybersecurity Office headed by an Assistant Secretary for Cybersecurity (in this section referred to as the Assistant Secretary), who shall assist the Secretary in promoting cybersecurity for the Nation. 
(b)General authorityThe Assistant Secretary, subject to the direction and control of the Secretary, shall have primary authority within the Department for all cybersecurity-related critical infrastructure protection programs of the Department, including with respect to policy formulation and program management. 
(c)ResponsibilitiesThe responsibilities of the Assistant Secretary shall include the following: 
(1)To establish and manage— 
(A)a national cybersecurity response system that includes the ability to— 
(i)analyze the effect of cybersecurity threat information on national critical infrastructure; and 
(ii)aid in the detection and warning of attacks on, and in the restoration of, cybersecurity infrastructure in the aftermath of such attacks; 
(B)a national cybersecurity threat and vulnerability reduction program that identifies cybersecurity vulnerabilities that would have a national effect on critical infrastructure, performs vulnerability assessments on information technologies, and coordinates the mitigation of such vulnerabilities; 
(C)a national cybersecurity awareness and training program that promotes cybersecurity awareness among the public and the private sectors and promotes cybersecurity training and education programs; 
(D)a government cybersecurity program to coordinate and consult with Federal, State, and local governments to enhance their cybersecurity programs; and 
(E)a national security and international cybersecurity cooperation program to help foster Federal efforts to enhance international cybersecurity awareness and cooperation. 
(2)To coordinate with the private sector on the program under paragraph (1) as appropriate, and to promote cybersecurity information sharing, vulnerability assessment, and threat warning regarding critical infrastructure. 
(3)To coordinate with other directorates and offices within the Department on the cybersecurity aspects of their missions. 
(4)To coordinate with the Under Secretary for Emergency Preparedness and Response to ensure that the National Response Plan developed pursuant to section 502(6) of the Homeland Security Act of 2002 (6 U.S.C. 312(6)) includes appropriate measures for the recovery of the cybersecurity elements of critical infrastructure. 
(5)To develop processes for information sharing with the private sector, consistent with section 214, that— 
(A)promote voluntary cybersecurity best practices, standards, and benchmarks that are responsive to rapid technology changes and to the security needs of critical infrastructure; and 
(B)consider roles of Federal, State, local, and foreign governments and the private sector, including the insurance industry and auditors. 
(6)To coordinate with the Chief Information Officer of the Department in establishing a secure information sharing architecture and information sharing processes, including with respect to the Department’s operation centers. 
(7)To consult with the Electronic Crimes Task Force of the United States Secret Service on private sector outreach and information activities. 
(8)To consult with the Office for Domestic Preparedness to ensure that realistic cybersecurity scenarios are incorporated into tabletop and recovery exercises. 
(9)To consult and coordinate, as appropriate, with other Federal agencies on cybersecurity-related programs, policies, and operations. 
(10)To consult and coordinate within the Department and, where appropriate, with other relevant Federal agencies, on security of digital control systems, such as Supervisory Control and Data Acquisition (SCADA) systems. 
(d)Authority over the National Communications SystemThe Assistant Secretary shall have primary authority within the Department over the National Communications System.. 
(b)Clerical amendmentThe table of contents in section 1(b) of such Act is amended by adding at the end of the items relating to subtitle A of title II the following: 
 
 
203. Assistant Secretary for Cybersecurity. 
3.Cybersecurity definedSection 2 of the Homeland Security Act of 2002 (6 U.S.C. 101) is amended by adding at the end the following: 
 
(17) 
(A)The term cybersecurity means the prevention of damage to, the protection of, and the restoration of computers, electronic communications systems, electronic communication services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. 
(B)In this paragraph— 
(i)each of the terms damage and computer has the meaning that term has in section 1030 of title 18, United States Code; and 
(ii)each of the terms electronic communications system, electronic communication service, wire communication, and electronic communication has the meaning that term has in section 2510 of title 18, United States Code.. 
 
