[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 2392 Introduced in Senate (IS)]

<DOC>






115th CONGRESS
  2d Session
                                S. 2392

 To amend the Homeland Security Act of 2002 to authorize the Secretary 
   of Homeland Security to designate cybersecurity technologies that 
qualify for protection under systems of risk and litigation management.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 7, 2018

  Mr. Daines introduced the following bill; which was read twice and 
referred to the Committee on Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
 To amend the Homeland Security Act of 2002 to authorize the Secretary 
   of Homeland Security to designate cybersecurity technologies that 
qualify for protection under systems of risk and litigation management.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Cyber Support for Anti-Terrorism by 
Fostering Effective Technologies Act of 2018'' or the ``Cyber SAFETY 
Act of 2018''.

SEC. 2. INCLUSION OF QUALIFYING CYBER INCIDENTS.

    Subtitle G of title VIII of the Homeland Security Act of 2002 (6 
U.S.C. 441 et seq.) is amended--
            (1) in section 862(b) (6 U.S.C. 441(b))--
                    (A) in the heading, by striking ``Designation of 
                Qualified Anti-terrorism Technologies'' and inserting 
                ``Designation of Anti-Terrorism and Cybersecurity 
                Technologies'';
                    (B) in the matter preceding paragraph (1), by 
                inserting ``or cybersecurity'' after ``anti-
                terrorism'';
                    (C) in paragraphs (3), (4), and (5), by inserting 
                ``or cybersecurity'' after ``anti-terrorism'' each 
                place that term appears; and
                    (D) in paragraph (7)--
                            (i) by inserting ``or cybersecurity'' after 
                        ``Anti-terrorism''; and
                            (ii) by inserting ``or qualifying cyber 
                        incidents'' after ``acts of terrorism'';
            (2) in section 863 (6 U.S.C. 442)--
                    (A) by inserting ``or cybersecurity'' after ``anti-
                terrorism'' each place that term appears;
                    (B) by inserting ``or qualifying cyber incident'' 
                after ``act of terrorism'' each place that term 
                appears;
                    (C) by inserting ``or qualifying cyber incidents'' 
                after ``acts of terrorism'' each place that term 
                appears; and
                    (D) in subsection (d)(3)--
                            (i) by striking ``(3) Certificate.--'' and 
                        inserting the following: ``(3) Certificates.--
                    ``(A) Certificates for anti-terrorism 
                technologies.--''; and
                            (ii) by adding at the end the following:
                    ``(B) Certificates for cybersecurity 
                technologies.--
                            ``(i) In general.--For cybersecurity 
                        technology reviewed and approved by the 
                        Secretary, the Secretary will issue a 
                        certificate of conformance to the Seller and 
                        place the cybersecurity technology on an 
                        Approved Product List for Homeland Security.
                            ``(ii) Subsequent review.--Not less 
                        frequently than once every 2 years, the 
                        Secretary shall conduct a new review of any 
                        cybersecurity technology for which the 
                        Secretary issued a certification under clause 
                        (i).'';
            (3) in section 864 (6 U.S.C. 443)--
                    (A) by inserting ``or cybersecurity'' after ``anti-
                terrorism'' each place that term appears; and
                    (B) by inserting ``or qualifying cyber incident'' 
                after ``act of terrorism'' each place that term 
                appears; and
            (4) in section 865 (6 U.S.C. 444)--
                    (A) in paragraph (1)--
                            (i) in the heading, by inserting ``or 
                        cybersecurity'' after ``anti-terrorism'';
                            (ii) by inserting ``or cybersecurity'' 
                        after ``anti-terrorism'';
                            (iii) by inserting ``or qualifying cyber 
                        incidents'' after ``acts of terrorism''; and
                            (iv) by inserting ``or incidents'' after 
                        ``such acts''; and
                    (B) by adding at the end the following:
            ``(7) Qualifying cyber incident.--The term `qualifying 
        cyber incident' has the meaning given the term `incident' in 
        section 3552(b) of title 44, United States Code.
            ``(8) Final agency action.--The determination by the 
        Secretary that an act of terrorism or qualifying cyber incident 
        has occurred shall constitute a final agency action subject to 
        review under chapter 7 of title 5, United States Code.''.
                                 <all>