[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[S. 2519 Reported in Senate (RS)]

                                                       Calendar No. 526
113th CONGRESS
  2d Session
                                S. 2519

                          [Report No. 113-240]

       To codify an existing operations center for cybersecurity.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             June 24, 2014

Mr. Carper (for himself and Mr. Coburn) introduced the following bill; 
which was read twice and referred to the Committee on Homeland Security 
                        and Governmental Affairs

                             July 31, 2014

               Reported by Mr. Carper, with an amendment
                  [Insert the part printed in italic]

_______________________________________________________________________

                                 A BILL


 
       To codify an existing operations center for cybersecurity.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``National Cybersecurity and 
Communications Integration Center Act of 2014''.

SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.

    (a) In General.--Subtitle A of title II of the Homeland Security 
Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the 
following:

``SEC. 210G. OPERATIONS CENTER.

    ``(a) Functions.--There is in the Department an operations center, 
which may carry out the responsibilities of the Under Secretary 
appointed under section 103(a)(1)(H) with respect to security and 
resilience, including by--
            ``(1) serving as a Federal civilian information sharing 
        interface for cybersecurity;
            ``(2) providing shared situational awareness to enable 
        real-time, integrated, and operational actions across the 
        Federal Government;
            ``(3) sharing cybersecurity threat, vulnerability, impact, 
        and incident information and analysis by and among Federal, 
        State, and local government entities and private sector 
        entities;
            ``(4) coordinating cybersecurity information sharing 
        throughout the Federal Government;
            ``(5) conducting analysis of cybersecurity risks and 
        incidents;
            ``(6) upon request, providing timely technical assistance 
        to Federal and non-Federal entities with respect to 
        cybersecurity threats and attribution, vulnerability 
        mitigation, and incident response and remediation; and
            ``(7) providing recommendations on security and resilience 
        measures to Federal and non-Federal entities.
    ``(b) Composition.--The operations center shall be composed of--
            ``(1) personnel or other representatives of Federal 
        agencies, including civilian and law enforcement agencies and 
        elements of the intelligence community, as such term is defined 
        under section 3(4) of the National Security Act of 1947 (50 
        U.S.C. 3003(4)); and
            ``(2) representatives from State and local governments and 
        other non-Federal entities, including--
                    ``(A) representatives from information sharing and 
                analysis organizations; and
                    ``(B) private sector owners and operators of 
                critical information systems.
    ``(c) Annual Report.--Not later than 1 year after the date of 
enactment of the National Cybersecurity and Communications Integration 
Center Act of 2014, and every year thereafter for 3 years, the 
Secretary shall submit to the Committee on Homeland Security and 
Governmental Affairs of the Senate and the Committee on Homeland 
Security of the House of Representatives a report on the operations 
center, which shall include--
            ``(1) an analysis of the performance of the operations 
        center in carrying out the functions under subsection (a);
            ``(2) information on the composition of the center, 
        including--
                    ``(A) the number of representatives from non-
                Federal entities that are participating in the 
                operations center, including the number of 
                representatives from States, nonprofit organizations, 
                and private sector entities, respectively; and
                    ``(B) the number of requests from non-Federal 
                entities to participate in the operations center and 
                the response to such requests, including--
                            ``(i) the average length of time to fulfill 
                        such identified requests by the Federal agency 
                        responsible for fulfilling such requests; and
                            ``(ii) a description of any obstacles or 
                        challenges to fulfilling such requests; and
            ``(3) the policies and procedures established by the 
        operations center to safeguard privacy and civil liberties.
    ``(d) GAO Report.--Not later than 1 year after the date of 
enactment of the National Cybersecurity and Communications Integration 
Center Act of 2014, the Comptroller General of the United States shall 
submit to the Committee on Homeland Security and Governmental Affairs 
of the Senate and the Committee on Homeland Security of the House of 
Representatives a report on the effectiveness of the operations center.
    ``(e) No Right or Benefit.--The provision of assistance or 
information to, and inclusion in the operations center of, governmental 
or private entities under this section shall be at the discretion of 
the Under Secretary appointed under section 103(a)(1)(H). The provision 
of certain assistance or information to, or inclusion in the operations 
center of, one governmental or private entity pursuant to this section 
shall not create a right or benefit, substantive or procedural, to 
similar assistance or information for any other governmental or private 
entity.''.
    (b) Technical and Conforming Amendment.--The table of contents in 
section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note) 
is amended by inserting after the item relating to section 210F the 
following:

``Sec. 210G. Operations center.''.

SEC. 3. RULE OF CONSTRUCTION.

    (a) Definition.--In this section, the term ``critical 
infrastructure'' has the meaning given that term under section 2 of the 
Homeland Security Act of 2002 (6 U.S.C. 101).
    (b) Rule of Construction.--Nothing in this Act shall be construed 
to grant the Secretary of Homeland Security any authority to promulgate 
regulations or set standards relating to the cybersecurity of private 
sector critical infrastructure that was not in effect on the day before 
the date of enactment of this Act.
                                                       Calendar No. 526

113th CONGRESS

  2d Session

                                S. 2519

                          [Report No. 113-240]

_______________________________________________________________________

                                 A BILL

       To codify an existing operations center for cybersecurity.

_______________________________________________________________________

                             July 31, 2014

                       Reported with an amendment