[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 1846 Referred in House (RFH)]

<DOC>






116th CONGRESS
  1st Session
                                S. 1846


_______________________________________________________________________


                     IN THE HOUSE OF REPRESENTATVES

                           November 26, 2019

Referred to the Committee on Homeland Security, and in addition to the 
  Committee on Oversight and Reform, and the Committee on Energy and 
Commerce, for a period to be subsequently determined by the Speaker, in 
   each case for consideration of such provisions as fall within the 
                jurisdiction of the committee concerned

_______________________________________________________________________

                                 AN ACT


 
 To amend the Homeland Security Act of 2002 to provide for engagements 
 with State, local, Tribal, and territorial governments, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``State and Local Government 
Cybersecurity Act of 2019''.

SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

    Subtitle A of title XXII of the Homeland Security Act of 2002 (6 
U.S.C. 651 et seq.) is amended--
            (1) in section 2201 (6 U.S.C. 651)--
                    (A) by redesignating paragraphs (4), (5), and (6) 
                as paragraphs (5), (6), and (7), respectively; and
                    (B) by inserting after paragraph (3) the following:
            ``(4) Entity.--The term `entity' shall include--
                    ``(A) an association, corporation, whether for-
                profit or nonprofit, partnership, proprietorship, 
                organization, institution, establishment, or 
                individual, whether domestic or foreign;
                    ``(B) a governmental agency or other governmental 
                entity, whether domestic or foreign, including State, 
                local, Tribal, and territorial government entities; and
                    ``(C) the general public.''; and
            (2) in section 2202 (6 U.S.C. 652)--
                    (A) in subsection (c)--
                            (i) in paragraph (10), by striking ``and'' 
                        at the end;
                            (ii) by redesignating paragraph (11) as 
                        paragraph (12); and
                            (iii) by inserting after paragraph (10) the 
                        following:
            ``(11) carry out the authority of the Secretary under 
        subsection (e)(1)(R); and''; and
                    (B) in subsection (e)(1), by adding at the end the 
                following:
                    ``(R) To make grants to and enter into cooperative 
                agreements or contracts with States, local, Tribal, and 
                territorial governments, and other non-Federal entities 
                as the Secretary determines necessary to carry out the 
                responsibilities of the Secretary related to 
                cybersecurity and infrastructure security under this 
                Act and any other provision of law, including grants, 
                cooperative agreements, and contracts that provide 
                assistance and education related to cyber threat 
                indicators, defensive measures and cybersecurity 
                technologies, cybersecurity risks, incidents, analysis, 
                and warnings.''; and
            (3) in section 2209 (6 U.S.C. 659)--
                    (A) in subsection (c)(6), by inserting 
                ``operational and'' after ``timely'';
                    (B) in subsection (d)(1)(E), by inserting ``, 
                including an entity that collaborates with election 
                officials,'' after ``governments''; and
                    (C) by adding at the end the following:
    ``(n) Coordination on Cybersecurity for Federal and Non-Federal 
Entities.--
            ``(1) Coordination.--The Center shall, to the extent 
        practicable, and in coordination as appropriate with Federal 
        and non-Federal entities, such as the Multi-State Information 
        Sharing and Analysis Center--
                    ``(A) conduct exercises with Federal and non-
                Federal entities;
                    ``(B) provide operational and technical 
                cybersecurity training related to cyber threat 
                indicators, defensive measures, cybersecurity risks, 
                and incidents to Federal and non-Federal entities to 
                address cybersecurity risks or incidents, with or 
                without reimbursement;
                    ``(C) assist Federal and non-Federal entities, upon 
                request, in sharing cyber threat indicators, defensive 
                measures, cybersecurity risks, and incidents from and 
                to the Federal Government as well as among Federal and 
                non-Federal entities, in order to increase situational 
                awareness and help prevent incidents;
                    ``(D) provide notifications containing specific 
                incident and malware information that may affect them 
                or their customers and residents;
                    ``(E) provide and periodically update via a web 
                portal and other means tools, products, resources, 
                policies, guidelines, controls, and other cybersecurity 
                standards and best practices and procedures related to 
                information security;
                    ``(F) work with senior Federal and non-Federal 
                officials, including State and local Chief Information 
                Officers, senior election officials, and through 
                national associations, to coordinate a nationwide 
                effort to ensure effective implementation of tools, 
                products, resources, policies, guidelines, controls, 
                and procedures related to information security to 
                secure and ensure the resiliency of Federal and non-
                Federal information systems and including election 
                systems;
                    ``(G) provide, upon request, operational and 
                technical assistance to Federal and non-Federal 
                entities to implement tools, products, resources, 
                policies, guidelines, controls, and procedures on 
                information security, including by, as appropriate, 
                deploying and sustaining cybersecurity technologies, 
                such as an intrusion detection capability, to assist 
                those Federal and non-Federal entities in detecting 
                cybersecurity risks and incidents;
                    ``(H) assist Federal and non-Federal entities in 
                developing policies and procedures for coordinating 
                vulnerability disclosures, to the extent practicable, 
                consistent with international and national standards in 
                the information technology industry;
                    ``(I) ensure that Federal and non-Federal entities, 
                as appropriate, are made aware of the tools, products, 
                resources, policies, guidelines, controls, and 
                procedures on information security developed by the 
                Department and other appropriate Federal departments 
                and agencies for ensuring the security and resiliency 
                of civilian information systems; and
                    ``(J) promote cybersecurity education and awareness 
                through engagements with Federal and non-Federal 
                entities.
    ``(o) Report.--Not later than 1 year after the date of enactment of 
this subsection, and every 2 years thereafter, the Secretary shall 
submit to the Committee on Homeland Security and Governmental Affairs 
of the Senate and the Committee on Homeland Security of the House of 
Representatives a report on the status of cybersecurity measures that 
are in place, and any gaps that exist, in each State and in the largest 
urban areas of the United States.''.

            Passed the Senate November 21, 2019.

            Attest:

                                                JULIE E. ADAMS,

                                                             Secretary.