[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3878 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 288
114th CONGRESS
  1st Session
                                H. R. 3878

                      [Report No. 114-379, Part I]

To enhance cybersecurity information sharing and coordination at ports 
             in the United States, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            November 2, 2015

 Mrs. Torres introduced the following bill; which was referred to the 
  Committee on Homeland Security, and in addition to the Committee on 
  Transportation and Infrastructure, for a period to be subsequently 
   determined by the Speaker, in each case for consideration of such 
 provisions as fall within the jurisdiction of the committee concerned

                           December 15, 2015

  Additional sponsors: Mrs. Miller of Michigan, Mr. Richmond, and Mr. 
                               Lowenthal

                           December 15, 2015

   Reported from the Committee on Homeland Security with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

                           December 15, 2015

    The Committee on Transportation and Infrastructure discharged; 
committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed
    [For text of introduced bill, see copy of bill as introduced on 
                           November 2, 2015]


_______________________________________________________________________

                                 A BILL


 
To enhance cybersecurity information sharing and coordination at ports 
             in the United States, and for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening Cybersecurity 
Information Sharing and Coordination in Our Ports Act of 2015''.

SEC. 2. IMPROVING CYBERSECURITY RISK ASSESSMENTS, INFORMATION SHARING, 
              AND COORDINATION.

    The Secretary of Homeland Security shall--
            (1) develop and implement a maritime cybersecurity risk 
        assessment model within 120 days after the date of the 
        enactment of this Act, consistent with the National Institute 
        of Standards and Technology Framework for Improving Critical 
        Infrastructure Cybersecurity and any update to that document 
        pursuant to Public Law 113-274, to evaluate current and future 
        cybersecurity risks (as that term is defined in the second 
        section 226 of the Homeland Security Act of 2002 (6 U.S.C. 
        148));
            (2) evaluate, on a periodic basis but not less than once 
        every two years, the effectiveness of the cybersecurity risk 
        assessment model established under paragraph (1);
            (3) seek to ensure participation of at least one 
        information sharing and analysis organization (as that term is 
        defined in section 212 of the Homeland Security Act of 2002 (6 
        U.S.C. 131)) representing the maritime community in the 
        National Cybersecurity and Communications Integration Center, 
        pursuant to subsection (d)(1)(B) of the second section 226 of 
        the Homeland Security Act of 2002 (6 U.S.C. 148);
            (4) establish guidelines for voluntary reporting of 
        maritime-related cybersecurity risks and incidents (as such 
        terms are defined in the second section 226 of the Homeland 
        Security Act of 2002 (6 U.S.C. 148)) to the Center (as that 
        term is defined subsection (b) of the second section 226 of the 
        Homeland Security Act of 2002 (6 U.S.C. 148)), and other 
        appropriate Federal agencies; and
            (5) request the National Maritime Security Advisory 
        Committee established under section 70112 of title 46, United 
        States Code, to report and make recommendations to the 
        Secretary on enhancing the sharing of information related to 
        cybersecurity risks and incidents between relevant Federal 
        agencies and State, local, and tribal governments and 
        consistent with the responsibilities of the Center (as that 
        term is defined subsection (b) of the second section 226 of the 
        Homeland Security Act of 2002 (6 U.S.C. 148)); relevant public 
        safety and emergency response agencies; relevant law 
        enforcement and security organizations; maritime industry; port 
        owners and operators; and terminal owners and operators.

SEC. 3. CYBERSECURITY ENHANCEMENTS TO MARITIME SECURITY ACTIVITIES.

    The Secretary of Homeland Security, acting through the Commandant 
of the Coast Guard, shall direct--
            (1) each Area Maritime Security Advisory Committee 
        established under section 70112 of title 46, United States 
        Code, to facilitate the sharing of cybersecurity risks and 
        incidents to address port-specific cybersecurity risks, which 
        may include the establishment of a working group of members of 
        Area Maritime Security Advisory Committees to address port-
        specific cybersecurity vulnerabilities; and
            (2) that any area maritime security plan and facility 
        security plan required under section 70103 of title 46, United 
        States Code approved after the development of the cybersecurity 
        risk assessment model required by paragraph (1) of section 2 
        include a mitigation plan to prevent, manage, and respond to 
        cybersecurity risks.

SEC. 4. VULNERABILITY ASSESSMENTS AND SECURITY PLANS.

    Title 46, United States Code, is amended--
            (1) in section 70102(b)(1)(C), by inserting 
        ``cybersecurity,'' after ``physical security,''; and
            (2) in section 70103(c)(3)(C), by striking ``and'' after 
        the semicolon at the end of clause (iv), by redesignating 
        clause (v) as clause (vi), and by inserting after clause (iv) 
        the following:
                    ``(v) cybersecurity; and''.
                                                 Union Calendar No. 288

114th CONGRESS

  1st Session

                               H. R. 3878

                      [Report No. 114-379, Part I]

_______________________________________________________________________

                                 A BILL

To enhance cybersecurity information sharing and coordination at ports 
             in the United States, and for other purposes.

_______________________________________________________________________

                           December 15, 2015

   Reported from the Committee on Homeland Security with an amendment

                           December 15, 2015

    The Committee on Transportation and Infrastructure discharged; 
committed to the Committee of the Whole House on the State of the Union 
                       and ordered to be printed