[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5658 Reported in House (RH)]

<DOC>





                                                 Union Calendar No. 175
117th CONGRESS
  2d Session
                                H. R. 5658

                          [Report No. 117-245]

To require the Secretary of Homeland Security to submit a report on the 
cybersecurity roles and responsibilities of the Federal Government, and 
                          for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            October 21, 2021

  Mr. Bacon (for himself, Mr. Torres of New York, Mr. Katko, and Mr. 
  Garbarino) introduced the following bill; which was referred to the 
                     Committee on Homeland Security

                           February 11, 2022

   Additional sponsors: Mr. Delgado, Ms. Spanberger, and Ms. Slotkin

                           February 11, 2022

  Reported with an amendment, committed to the Committee of the Whole 
       House on the State of the Union, and ordered to be printed
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]
[For text of introduced bill, see copy of bill as introduced on October 
                               21, 2021]


_______________________________________________________________________

                                 A BILL


 
To require the Secretary of Homeland Security to submit a report on the 
cybersecurity roles and responsibilities of the Federal Government, and 
                          for other purposes.


 


    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``DHS Roles and Responsibilities in 
Cyber Space Act''.

SEC. 2. FINDINGS.

    Congress finds the following:
            (1) The Department of Homeland Security, through the 
        Cybersecurity and Infrastructure Security Agency, is the lead 
        Federal coordinator for securing critical infrastructure across 
        all 16 sectors, in coordination with designated Sector Risk 
        Management Agencies.
            (2) Cyber incidents require technical resources and are 
        only sometimes sector specific.
            (3) The Cybersecurity and Infrastructure Security Agency is 
        the central agency that can quickly analyze and coordinate 
        mitigations when a malicious cyber campaign spans multiple 
        sectors.
            (4) Section 2209 of the Homeland Security Act of 2002 
        authorizes the Cybersecurity and Infrastructure Security Agency 
        as the Federal civilian interface for multi-directional and 
        cross-sector sharing of information related to cyber threat 
        indicators with and between the government and the private 
        sector.
            (5) Section 2209 of the Homeland Security Act of 2002 
        authorizes the Cybersecurity and Infrastructure Security Agency 
        to facilitate cross-sector coordination to address 
        cybersecurity risks and incidents, including cybersecurity 
        risks and incidents that may be related or could have 
        consequential impacts across multiple sectors.
            (6) Presidential Policy Directive-41 directs the Department 
        of Homeland Security, via the national cybersecurity and 
        communications integration center, to be the lead Federal 
        agency for asset response during a significant cyber incident.
            (7) The functions of the national cybersecurity and 
        communications integration center are carried about by the 
        Cybersecurity and Infrastructure Security Agency's 
        Cybersecurity Division.
            (8) Presidential Policy Directive-21 directs the Department 
        of Homeland Security to lead the coordination of critical 
        infrastructure protection among the Sector Risk Management 
        Agencies.
            (9) Section 9002 of the William M. (Mac) Thornberry 
        National Defense Authorization Act for Fiscal Year 2021 
        codified the duties of Sector Risk Management Agencies for 
        critical infrastructure sectors, laying out the roles and 
        responsibilities they have in coordinating with the 
        Cybersecurity and Infrastructure Security Agency to secure the 
        nation's critical infrastructure.
            (10) Enhancing the security and resilience of our critical 
        infrastructure is a priority for Congress and for the Nation.
            (11) The Department of Homeland Security maintains and 
        continues to build partnerships across all infrastructure 
        sectors to enhance control systems cybersecurity.
            (12) Section 1731 of the William M. (Mac) Thornberry 
        National Defense Authorization Act for Fiscal Year 2021 
        directed the Secretary of Homeland Security to submit a report 
        on the potential for better coordination of Federal 
        cybersecurity efforts at an integrated cybersecurity center 
        within the Cybersecurity and Infrastructure Security Agency.

SEC. 3. REPORT ON CYBERSECURITY ROLES AND RESPONSIBILITIES OF THE 
              DEPARTMENT OF HOMELAND SECURITY.

    (a) In General.--Not later than one year after the date of the 
enactment of this Act, the Secretary of Homeland Security, in 
coordination with the Director of the Cybersecurity and Infrastructure 
Security Agency of the Department of Homeland Security, shall submit to 
the Committee on Homeland Security of the House of Representatives and 
the Committee on Homeland Security and Governmental Affairs of the 
Senate a report on the roles and responsibilities of the Department and 
its components relating to cyber incident response.
    (b) Contents.--The report required under subsection (a) shall 
include the following:
            (1) A review of how the cyber incident response plans under 
        section 2210(c) of the Homeland Security Act of 2002 (6 U.S.C. 
        660(c)) are utilized in the Federal Government's response to a 
        cyber incident.
            (2) An explanation of the roles and responsibilities of the 
        Department of Homeland Security and its components with 
        responsibility for, or in support of, the Federal Government's 
        response to a cyber incident, including primary responsibility 
        for working with impacted private sector entities.
            (3) An explanation of which and how authorities of the 
        Department and its components are utilized in the Federal 
        Government's response to a cyber incident.
            (4) Recommendations to provide further clarity for roles 
        and responsibilities of the Department and its components 
        relating to cyber incident response.
                                                 Union Calendar No. 175

117th CONGRESS

  2d Session

                               H. R. 5658

                          [Report No. 117-245]

_______________________________________________________________________

                                 A BILL

To require the Secretary of Homeland Security to submit a report on the 
cybersecurity roles and responsibilities of the Federal Government, and 
                          for other purposes.

_______________________________________________________________________

                           February 11, 2022

  Reported with an amendment, committed to the Committee of the Whole 
       House on the State of the Union, and ordered to be printed