

115 S3309 RS: DHS Cyber Incident Response Teams Act of 2018
U.S. Senate
2018-07-31
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



IICalendar No. 716115th CONGRESS2d SessionS. 3309[Report No. 115–412]IN THE SENATE OF THE UNITED STATESJuly 31, 2018Ms. Hassan (for herself and Mr. Portman) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental AffairsDecember 4, 2018Reported by Mr. Johnson, with an amendmentStrike out all after the enacting clause and insert the part printed in italicA BILLTo authorize cyber incident response teams at the Department of Homeland Security, and for other
			 purposes.
	
 1.Short titleThis Act may be cited as the DHS Cyber Incident Response Teams Act of 2018. 2.Department of Homeland Security cyber incident response teams (a)In generalSection 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is amended—
 (1)in subsection (d)(1)(B)(iv), by inserting , including cybersecurity specialists after entities; (2)by redesignating subsections (f) through (m) as subsections (g) through (n), respectively;
 (3)by inserting after subsection (e) the following:  (f)Cyber incident response teams (1)In generalThe Center shall maintain cyber hunt and incident response teams for the purpose of providing, as appropriate and upon request, assistance, including—
 (A)assistance to asset owners and operators in restoring services following a cyber incident; (B)identification of cybersecurity risk and unauthorized cyber activity;
 (C)mitigation strategies to prevent, deter, and protect against cybersecurity risks; (D)recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate; and
 (E)such other capabilities as the Under Secretary appointed under section 103(a)(1)(H) determines appropriate.
 (2)Cybersecurity specialistsThe Secretary may include cybersecurity specialists from the private sector on cyber hunt and incident response teams.
 (3)Associated metricsThe Center shall continually assess and evaluate the cyber incident response teams and the operations of those cyber incident response teams using robust metrics.
 (4)ReportAt the conclusion of each of the first 4 fiscal years after the date of the enactment of this subsection, the Center shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report that includes—
 (A)information relating to the metrics used for evaluation and assessment of the cyber incident response teams and operations under paragraph (3), including the resources and staffing of those cyber incident response teams; and
 (B)for the period covered by the report— (i)the total number of incident response requests received;
 (ii)the number of incident response tickets opened; and (iii)a statement of—
 (I)all interagency staffing of incident response teams; and (II)the interagency collaborations established to support incident response teams.; and
 (4)in subsection (g), as so redesignated— (A)in paragraph (1), by inserting , or any team or activity of the Center, after Center; and
 (B)in paragraph (2), by inserting , or any team or activity of the Center, after Center. (b)No additional funds authorizedNo additional funds are authorized to be appropriated to carry out the requirements of this Act and the amendments made by this Act. Such requirements shall be carried out using amounts otherwise authorized to be appropriated.
	
 1.Short titleThis Act may be cited as the DHS Cyber Incident Response Teams Act of 2018. 2.Department of Homeland Security cyber hunt and incident response teams (a)In generalSection 227 of the Homeland Security Act of 2002 (6 U.S.C. 148) is amended—
 (1)in subsection (d)(1)(B)(iv), by inserting , including cybersecurity specialists after entities; (2)by redesignating subsections (f) through (m) as subsections (g) through (n), respectively;
 (3)by inserting after subsection (e) the following:  (f)Cyber hunt and incident response teams (1)In generalThe Center shall maintain cyber hunt and incident response teams for the purpose of leading Federal asset response activities and providing timely technical assistance to Federal and non-Federal entities, including across all critical infrastructure sectors, regarding actual or potential security incidents, as appropriate and upon request, including—
 (A)assistance to asset owners and operators in restoring services following a cyber incident; (B)identification and analysis of cybersecurity risk and unauthorized cyber activity;
 (C)mitigation strategies to prevent, deter, and protect against cybersecurity risks; (D)recommendations to asset owners and operators for improving overall network and control systems security to lower cybersecurity risks, and other recommendations, as appropriate; and
 (E)such other capabilities as the Secretary determines appropriate.
 (2)Associated metricsThe Center shall continually assess and evaluate the cyber hunt and incident response teams and the operations of those cyber hunt and incident response teams using robust metrics.
 (3)ReportAt the conclusion of each of the first 4 fiscal years after the date of enactment of the DHS Cyber Incident Response Teams Act of 2018, the Center shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report that includes—
 (A)information relating to the metrics used for evaluation and assessment of the cyber hunt and incident response teams and operations under paragraph (2), including the resources and staffing of those cyber hunt and incident response teams; and
 (B)for the period covered by the report— (i)the total number of incident response requests received;
 (ii)the number of incident response tickets opened; and (iii)a statement of—
 (I)all interagency staffing of cyber hunt and incident response teams; and (II)the interagency collaborations established to support cyber hunt and incident response teams.
 (4)Cybersecurity specialistsAfter notice to, and with the approval of, the entity requesting action by or technical assistance from the Center, the Secretary may include cybersecurity specialists from the private sector on a cyber hunt and incident response team.; and
 (4)in subsection (g), as so redesignated— (A)in paragraph (1), by inserting , or any team or activity of the Center, after Center; and
 (B)in paragraph (2), by inserting , or any team or activity of the Center, after Center. (b)No additional funds authorizedNo additional funds are authorized to be appropriated to carry out the requirements of this Act and the amendments made by this Act. Such requirements shall be carried out using amounts otherwise authorized to be appropriated.December 4, 2018Reported with an amendment