[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[H.R. 584 Introduced in House (IH)]

<DOC>






115th CONGRESS
  1st Session
                                H. R. 584

To amend the Homeland Security Act of 2002 to enhance preparedness and 
 response capabilities for cyber attacks, bolster the dissemination of 
 homeland security information related to cyber threats, and for other 
                               purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            January 17, 2017

  Mr. Donovan (for himself, Mr. Payne, Mr. McCaul, and Mr. Ratcliffe) 
 introduced the following bill; which was referred to the Committee on 
                           Homeland Security

_______________________________________________________________________

                                 A BILL


 
To amend the Homeland Security Act of 2002 to enhance preparedness and 
 response capabilities for cyber attacks, bolster the dissemination of 
 homeland security information related to cyber threats, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Preparedness Act of 2017''.

SEC. 2. INFORMATION SHARING.

    Title II of the Homeland Security Act of 2002 is amended--
            (1) in section 210A (6 U.S.C. 124h)--
                    (A) in subsection (b)--
                            (i) in paragraph (10), by inserting before 
                        the semicolon at the end the following: ``, 
                        including, in coordination with the national 
                        cybersecurity and communications integration 
                        center under section 227, access to timely 
                        technical assistance, risk management support, 
                        and incident response capabilities with respect 
                        to cyber threat indicators, defensive measures, 
                        cybersecurity risks, and incidents (as such 
                        terms are defined in such section), which may 
                        include attribution, mitigation, and 
                        remediation, and the provision of information 
                        and recommendations on security and resilience, 
                        including implications of cybersecurity risks 
                        to equipment and technology related to the 
                        electoral process'';
                            (ii) in paragraph (11), by striking ``and'' 
                        after the semicolon;
                            (iii) by redesignating paragraph (12) as 
                        paragraph (14); and
                            (iv) by inserting after paragraph (11) the 
                        following new paragraphs:
            ``(12) review information relating to cybersecurity risks 
        that is gathered by State, local, and regional fusion centers, 
        and incorporate such information, as appropriate, into the 
        Department's own information relating to cybersecurity risks;
            ``(13) ensure the dissemination to State, local, and 
        regional fusion centers of information relating to 
        cybersecurity risks; and'';
                    (B) in subsection (c)(2)--
                            (i) by redesignating subparagraphs (C) 
                        through (G) as subparagraphs (D) through (H), 
                        respectively; and
                            (ii) by inserting after subparagraph (B) 
                        the following new subparagraph:
                    ``(C) The national cybersecurity and communications 
                integration center under section 227.'';
                    (C) in subsection (d)--
                            (i) in paragraph (3), by striking ``and'' 
                        after the semicolon;
                            (ii) by redesignating paragraph (4) as 
                        paragraph (5); and
                            (iii) by inserting after paragraph (3) the 
                        following new paragraph:
            ``(4) assist, in coordination with the national 
        cybersecurity and communications integration center under 
        section 227, fusion centers in using information relating to 
        cybersecurity risks to develop a comprehensive and accurate 
        threat picture; and''; and
                    (D) in subsection (j)--
                            (i) by redesignating paragraphs (1) through 
                        (5) as paragraphs (2) through (6), 
                        respectively; and
                            (ii) by inserting before paragraph (2), as 
                        so redesignated, the following new paragraph:
            ``(1) the term `cybersecurity risk' has the meaning given 
        that term in section 227;''; and
            (2) in section 227 (6 U.S.C. 148)--
                    (A) in subsection (c)--
                            (i) in paragraph (5)(B), by inserting ``, 
                        including State and major urban area fusion 
                        centers, as appropriate'' before the semicolon 
                        at the end;
                            (ii) in paragraph (7), in the matter 
                        preceding subparagraph (A), by striking 
                        ``information and recommendations'' each place 
                        it appears and inserting ``information, 
                        recommendations, and best practices''; and
                            (iii) in paragraph (9), by inserting ``best 
                        practices,'' after ``defensive measures,''; and
                    (B) in subsection (d)(1)(B)(ii), by inserting ``and 
                State and major urban area fusion centers, as 
                appropriate'' before the semicolon at the end.

SEC. 3. HOMELAND SECURITY GRANTS.

    Subsection (a) of section 2008 of the Homeland Security Act of 2002 
(6 U.S.C. 609) is amended--
            (1) by redesignating paragraphs (4) through (14) as 
        paragraphs (5) through (15), respectively; and
            (2) by inserting after paragraph (3) the following new 
        paragraph:
            ``(4) enhancing cybersecurity, including preparing for and 
        responding to cybersecurity risks and incidents (as such terms 
        are defined in section 227) and developing statewide cyber 
        threat information analysis and dissemination activities;''.

SEC. 4. SENSE OF CONGRESS.

    It is the sense of Congress that to facilitate the timely 
dissemination to appropriate State, local, and private sector 
stakeholders of homeland security information related to cyber threats, 
the Secretary of Homeland Security should, to the greatest extent 
practicable, work to share actionable information related to cyber 
threats in an unclassified form.
                                 <all>