[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1158 Introduced in House (IH)]

<DOC>






116th CONGRESS
  1st Session
                                H. R. 1158

    To authorize cyber incident response teams at the Department of 
               Homeland Security, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           February 13, 2019

 Mr. McCaul (for himself, Mr. Langevin, Mr. Katko, Mr. Ruppersberger, 
and Mr. Ratcliffe) introduced the following bill; which was referred to 
                   the Committee on Homeland Security

_______________________________________________________________________

                                 A BILL


 
    To authorize cyber incident response teams at the Department of 
               Homeland Security, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``DHS Cyber Incident Response Teams 
Act of 2019''.

SEC. 2. DEPARTMENT OF HOMELAND SECURITY CYBER INCIDENT RESPONSE TEAMS.

    (a) In General.--Section 2209 of the Homeland Security Act of 2002 
(6 U.S.C. 148) is amended--
            (1) in subsection (d)(1)(B)(iv), by inserting ``, including 
        cybersecurity specialists'' after ``entities'';
            (2) by redesignating subsections (f) through (m) as 
        subsections (g) through (n), respectively;
            (3) by inserting after subsection (d) the following new 
        subsection (f):
    ``(f) Cyber Incident Response Teams.--
            ``(1) In general.--The Center shall maintain cyber hunt and 
        incident response teams for the purpose of providing, as 
        appropriate and upon request, assistance, including the 
        following:
                    ``(A) Assistance to asset owners and operators in 
                restoring services following a cyber incident.
                    ``(B) The identification of cybersecurity risk and 
                unauthorized cyber activity.
                    ``(C) Mitigation strategies to prevent, deter, and 
                protect against cybersecurity risks.
                    ``(D) Recommendations to asset owners and operators 
                for improving overall network and control systems 
                security to lower cybersecurity risks, and other 
                recommendations, as appropriate.
                    ``(E) Such other capabilities as the Under 
                Secretary appointed under section 103(a)(1)(H) 
                determines appropriate.
            ``(2) Cybersecurity specialists.--The Secretary may include 
        cybersecurity specialists from the private sector on cyber hunt 
        and incident response teams.
            ``(3) Associated metrics.--The Center shall continually 
        assess and evaluate the cyber incident response teams and their 
        operations using robust metrics.
            ``(4) Submittal of information to congress.--Upon the 
        conclusion of each of the first four fiscal years ending after 
        the date of the enactment of this subsection, the Center shall 
        submit to the Committee on Homeland Security of the House of 
        Representatives and the Homeland Security and Governmental 
        Affairs Committee of the Senate, information on the metrics 
        used for evaluation and assessment of the cyber incident 
        response teams and operations pursuant to paragraph (3), 
        including the resources and staffing of such cyber incident 
        response teams. Such information shall include each of the 
        following for the period covered by the report:
                    ``(A) The total number of incident response 
                requests received.
                    ``(B) The number of incident response tickets 
                opened.
                    ``(C) All interagency staffing of incident response 
                teams.
                    ``(D) The interagency collaborations established to 
                support incident response teams.''; and
            (4) in subsection (g), as redesignated by paragraph (2)--
                    (A) in paragraph (1), by inserting ``, or any team 
                or activity of the Center,'' after ``Center''; and
                    (B) in paragraph (2), by inserting ``, or any team 
                or activity of the Center,'' after ``Center''.
    (b) No Additional Funds Authorized.--No additional funds are 
authorized to be appropriated to carry out the requirements of this Act 
and the amendments made by this Act. Such requirements shall be carried 
out using amounts otherwise authorized to be appropriated.
                                 <all>