[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 4023 Introduced in Senate (IS)]

<DOC>






116th CONGRESS
  2d Session
                                S. 4023

                   To enhance maritime cybersecurity.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             June 22, 2020

  Mr. Markey introduced the following bill; which was read twice and 
   referred to the Committee on Commerce, Science, and Transportation

_______________________________________________________________________

                                 A BILL


 
                   To enhance maritime cybersecurity.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Enhancing Maritime Cybersecurity Act 
of 2020''.

SEC. 2. MARITIME CYBERSECURITY.

    (a) Definitions.--In this section:
            (1) Administrator.--The term ``Administrator'' means the 
        Administrator of the Maritime Administration.
            (2) Commandant.--The term ``Commandant'' means the 
        Commandant of the United States Coast Guard.
            (3) Cyber incident.--The term ``cyber incident'' has the 
        meaning given the term ``significant cyber incident'' in 
        Presidential Policy Directive 41 (July 26, 2016, relating to 
        United States Cyber Incident Coordination).
            (4) Director.--The term ``Director'' means the Director of 
        the Cybersecurity and Infrastructure Security Agency of the 
        Department of Homeland Security.
            (5) Maritime operators.--The term ``maritime operators'' 
        means the owners or operators of commercial maritime vessels, 
        the owners or operators of port terminals, and port 
        authorities.
    (b) Cybersecurity Resources.--
            (1) In general.--Not later than 2 years after the date of 
        enactment of this Act, the Director, in consultation with the 
        Administrator and the Commandant, shall ensure the availability 
        of a resource, or a consolidated series of resources, to assist 
        maritime operators in identifying, detecting, protecting 
        against, responding to, and recovering from cyber incidents.
            (2) Development.--In developing the resource under 
        paragraph (1), the Director and the Administrator shall--
                    (A) use the cybersecurity framework established by 
                the National Institute of Standards and Technology and 
                required by Executive Order 13636 of February 12, 2013 
                (78 Fed. Reg. 11739; relating to improving critical 
                infrastructure cybersecurity);
                    (B) use the guidelines on maritime cyber risk 
                management issued by the International Maritime 
                Organization on July 5, 2017, or any successor 
                document;
                    (C) establish a structured cybersecurity assessment 
                and development program;
                    (D) consult with appropriate maritime operators, 
                agencies, industry stakeholders, and cybersecurity 
                experts; and
                    (E) provide for a period of public comment and 
                review on the resource.
    (c) Cyber Coordinator.--Not later than 2 years after the date of 
enactment of this Act, the Administrator shall designate an office as a 
``cyber coordinator'', which shall be responsible for the following:
            (1) Coordinating with the Director and the Commandant on 
        cybersecurity activities for the commercial maritime sector and 
        cyber incidents that affect maritime operators.
            (2) Ensuring that maritime operators are aware of available 
        secure methods of notifying the United States Government of 
        cyber incidents.
            (3) Notifying the Director and the Commandant of 
        unaddressed cyber incidents that affect maritime operators.
            (4) Ensuring that maritime operators have access to 
        educational resources, conducting outreach, and ensuring 
        awareness on fundamental principles and best practices in 
        cybersecurity for maritime systems, including the cyber 
        resource developed under this section.
                                 <all>