

116 S4023 IS: Enhancing Maritime Cybersecurity Act of 2020
U.S. Senate
2020-06-22
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.



II116th CONGRESS2d SessionS. 4023IN THE SENATE OF THE UNITED STATESJune 22, 2020Mr. Markey introduced the following bill; which was read twice and referred to the Committee on Commerce, Science, and TransportationA BILLTo enhance maritime cybersecurity.1.Short titleThis Act may be cited as the Enhancing Maritime Cybersecurity Act of 2020.2.Maritime Cybersecurity(a)DefinitionsIn this section:(1)AdministratorThe term Administrator means the Administrator of the Maritime Administration.(2)CommandantThe term Commandant means the Commandant of the United States Coast Guard.(3)Cyber incidentThe term cyber incident has the meaning given the term significant cyber incident in Presidential Policy Directive 41 (July 26, 2016, relating to United States Cyber Incident Coordination).(4)DirectorThe term Director means the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.(5)Maritime operatorsThe term maritime operators means the owners or operators of commercial maritime vessels, the owners or operators of port terminals, and port authorities.(b)Cybersecurity resources(1)In generalNot later than 2 years after the date of enactment of this Act, the Director, in consultation with the Administrator and the Commandant, shall ensure the availability of a resource, or a consolidated series of resources, to assist maritime operators in identifying, detecting, protecting against, responding to, and recovering from cyber incidents.(2)DevelopmentIn developing the resource under paragraph (1), the Director and the Administrator shall—(A)use the cybersecurity framework established by the National Institute of Standards and Technology and required by Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11739; relating to improving critical infrastructure cybersecurity);(B)use the guidelines on maritime cyber risk management issued by the International Maritime Organization on July 5, 2017, or any successor document;(C)establish a structured cybersecurity assessment and development program;(D)consult with appropriate maritime operators, agencies, industry stakeholders, and cybersecurity experts; and(E)provide for a period of public comment and review on the resource.(c)Cyber coordinatorNot later than 2 years after the date of enactment of this Act, the Administrator shall designate an office as a cyber coordinator, which shall be responsible for the following:(1)Coordinating with the Director and the Commandant on cybersecurity activities for the commercial maritime sector and cyber incidents that affect maritime operators.(2)Ensuring that maritime operators are aware of available secure methods of notifying the United States Government of cyber incidents.(3)Notifying the Director and the Commandant of unaddressed cyber incidents that affect maritime operators.(4)Ensuring that maritime operators have access to educational resources, conducting outreach, and ensuring awareness on fundamental principles and best practices in cybersecurity for maritime systems, including the cyber resource developed under this section.