
	
		I
		111th CONGRESS
		2d Session
		H. R. 6351
		IN THE HOUSE OF REPRESENTATIVES
		
			September 29, 2010
			Mr. Langevin (for
			 himself, Mr. Ruppersberger, and
			 Mr. Bartlett) introduced the following
			 bill; which was referred to the Committee
			 on Homeland Security, and in addition to the Committee on
			 Oversight and Government
			 Reform, for a period to be subsequently determined by the
			 Speaker, in each case for consideration of such provisions as fall within the
			 jurisdiction of the committee concerned
		
		A BILL
		To establish the Executive Cyber Director in the
		  Executive Office of the President, to clarify the authority of the Secretary of
		  Homeland Security and the Executive Cyber Director with respect to critical
		  information infrastructure policy creation, verification, and enforcement
		  measures, and for other purposes.
	
	
		1.Short titleThis Act may be cited as the
			 Strengthening Cybersecurity for
			 Critical Infrastructure Act.
		2.DefinitionsIn this Act—
			(1)the term critical information
			 infrastructure means the electronic information and communications
			 systems, software, and assets that control, protect, process, transmit,
			 receive, program, or store information in any form, including data, voice, and
			 video, relied upon by critical infrastructure, industrial control systems such
			 as, but not limited to, supervisory control and data acquisition systems, and
			 programmable logic controllers. This shall also include such systems of the
			 Federal Government;
			(2)the term
			 critical infrastructure has the meaning given that term in section
			 2 of the Homeland Security Act of 2002 (6 U.S.C. 101); and
			(3)the term
			 Secretary means the Secretary of Homeland Security.
			3.Authority of
			 Secretary
			(a)In
			 generalThe Secretary shall
			 have primary authority in the executive branch of the Federal Government in
			 creation, verification, and enforcement of measures with respect to the
			 protection of critical information infrastructure, including promulgating
			 risk-informed information security practices and standards applicable to
			 critical information infrastructures that are not owned by or under the direct
			 control of the Federal Government. These efforts shall be carried out with the
			 consultation of appropriate private sector bodies, including private owners and
			 operators of the infrastructure affected by these measures.
			(b)Other Federal
			 agenciesIn establishing
			 measures with respect to the protection of critical information infrastructure
			 the Secretary shall—
				(1)consult with the Secretary of Commerce, the
			 Secretary of Defense, the National Institute of Standards and Technology, and
			 other sector specific Federal regulatory agencies in exercising the authority
			 referred to in subsection (a); and
				(2)coordinate,
			 through the Executive Office of the President, with sector specific Federal
			 regulatory agencies, including the Federal Energy Regulatory Commission, in
			 establishing enforcement mechanisms under the authority referred to in
			 subsection (a).
				(c)Auditing
			 authorityThe Secretary
			 may—
				(1)conduct such audits as are necessary to
			 ensure that appropriate measures are taken to secure critical information
			 infrastructure;
				(2)issue such
			 subpoenas as are necessary to determine compliance with Federal regulatory
			 requirements for securing critical information infrastructure; and
				(3)authorize sector specific Federal
			 regulatory agencies to undertake such audits.
				4.Establishment and
			 authority of Executive Cyber Director
			(a)EstablishmentThere is established within the Executive
			 Office of the President an office to be known as the National Office for
			 Cyberspace. There shall be at the head of the Office the Executive Cyber
			 Director, who shall be appointed by the President by and with the advice and
			 consent of the Senate.
			(b)AuthorityThe Executive Cyber Director shall have
			 primary authority in the executive branch of the Federal Government in leading
			 interagency coordination on security policies relating to the creation,
			 verification, and enforcement of measures to protect critical information
			 infrastructure.
			
