[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5394 Introduced in House (IH)]

<DOC>






116th CONGRESS
  1st Session
                                H. R. 5394

     To amend the Homeland Security Act of 2002 to require certain 
 coordination between the Department of Homeland Security and Federal 
and non-Federal entities relating to cybersecurity risks and incidents, 
                        and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           December 11, 2019

Mr. Taylor (for himself, Mr. Rogers of Alabama, Mr. Hurd of Texas, Mr. 
Panetta, Mr. Green of Texas, Mr. Guest, and Ms. Slotkin) introduced the 
    following bill; which was referred to the Committee on Homeland 
Security, and in addition to the Committee on Oversight and Reform, for 
a period to be subsequently determined by the Speaker, in each case for 
consideration of such provisions as fall within the jurisdiction of the 
                          committee concerned

_______________________________________________________________________

                                 A BILL


 
     To amend the Homeland Security Act of 2002 to require certain 
 coordination between the Department of Homeland Security and Federal 
and non-Federal entities relating to cybersecurity risks and incidents, 
                        and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Strengthening State and Local 
Cybersecurity Defenses Act''.

SEC. 2. COOPERATION RELATING TO CYBERSECURITY RISKS AND INCIDENTS.

    Subtitle A of title XXII of the Homeland Security Act of 2002 (6 
U.S.C. 652 et seq.) is amended--
            (1) in section 2201 (6 U.S.C. 651)--
                    (A) by redesignating paragraphs (4), (5), and (6) 
                as paragraphs (5), (6), and (7), respectively; and
                    (B) by inserting after paragraph (3) the following 
                new paragraph:
            ``(4) Entity.--The term `entity' includes--
                    ``(A) an association, corporation, whether for-
                profit or nonprofit, partnership, proprietorship, 
                organization, institution, establishment, or 
                individual, whether domestic or foreign;
                    ``(B) a government agency or other governmental 
                entity, whether domestic or foreign, including State, 
                local, Tribal, and territorial government entities; and
                    ``(C) the general public.'';
            (2) in section 2209 of the Homeland Security Act of 2002 (6 
        U.S.C. 659), by adding at the end the following new subsection:
    ``(n) Coordination.--The Director shall, to the extent practicable, 
and in coordination as appropriate with Federal and non-Federal 
entities, such as the Multi-State Information Sharing and Analysis 
Center--
            ``(1) conduct exercises with Federal and non-Federal 
        entities;
            ``(2) provide operational and technical cybersecurity 
        training related to cyber threat indicators, defensive 
        measures, cybersecurity risks, and incidents to Federal and 
        non-Federal entities to address cybersecurity risks or 
        incidents, with or without reimbursement;
            ``(3) assist Federal and non-Federal entities, upon 
        request, in sharing cyber threat indicators, defensive 
        measures, cybersecurity risks, and incidents from and to the 
        Federal Government as well as among Federal and non-Federal 
        entities, in order to increase situational awareness and help 
        prevent incidents;
            ``(4) provide Federal and non-Federal entities timely 
        notifications containing specific incident and malware 
        information that may affect such entities or individuals with 
        respect to whom such entities have a relationship;
            ``(5) provide and periodically update via a web portal and 
        other means tools, products, resources, policies, guidelines, 
        controls, procedures, and other cybersecurity standards and 
        best practices and procedures related to information security;
            ``(6) work with senior Federal and non-Federal officials, 
        including State and local Chief Information Officers, senior 
        election officials, and through national associations, to 
        coordinate a nationwide effort to ensure effective 
        implementation of tools, products, resources, policies, 
        guidelines, controls, procedures, and other cybersecurity 
        standards and best practices and procedures related to 
        information security to secure and ensure the resiliency of 
        Federal and non-Federal information systems, including election 
        systems;
            ``(7) provide, upon request, operational and technical 
        assistance to Federal and non-Federal entities to implement 
        tools, products, resources, policies, guidelines, controls, 
        procedures, and other cybersecurity standards and best 
        practices and procedures related to information security, 
        including by, as appropriate, deploying and sustaining 
        cybersecurity technologies, such as an intrusion detection 
        capability, to assist such Federal and non-Federal entities in 
        detecting cybersecurity risks and incidents;
            ``(8) assist Federal and non-Federal entities in developing 
        policies and procedures for coordinating vulnerability 
        disclosures, to the extent practicable, consistent with 
        international and national standards in the information 
        technology industry;
            ``(9) ensure that Federal and non-Federal entities, as 
        appropriate, are made aware of the tools, products, resources, 
        policies, guidelines, controls, procedures, and other 
        cybersecurity standards and best practices and procedures 
        related to information security developed by the Department and 
        other appropriate Federal entities for ensuring the security 
        and resiliency of civilian information systems; and
            ``(10) promote cybersecurity education and awareness 
        through engagements with Federal and non-Federal entities.''.
                                 <all>