[Congressional Bills 117th Congress]
[From the U.S. Government Publishing Office]
[S. 2520 Reported in Senate (RS)]

<DOC>





                                                      Calendar No.  152
117th CONGRESS
  1st Session
                                S. 2520

                          [Report No. 117-42]

 To amend the Homeland Security Act of 2002 to provide for engagements 
 with State, local, Tribal, and territorial governments, and for other 
                               purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 28, 2021

  Mr. Peters (for himself, Mr. Portman, and Ms. Rosen) introduced the 
 following bill; which was read twice and referred to the Committee on 
               Homeland Security and Governmental Affairs

                            October 21, 2021

               Reported by Mr. Peters, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
 To amend the Homeland Security Act of 2002 to provide for engagements 
 with State, local, Tribal, and territorial governments, and for other 
                               purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``State and Local Government 
Cybersecurity Act of 2021''.</DELETED>

<DELETED>SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 
              2002.</DELETED>

<DELETED>    Subtitle A of title XXII of the Homeland Security Act of 
2002 (6 U.S.C. 651 et seq.) is amended--</DELETED>
        <DELETED>    (1) in section 2201 (6 U.S.C. 651)--</DELETED>
                <DELETED>    (A) by redesignating paragraphs (4), (5), 
                and (6) as paragraphs (5), (6), and (7), respectively; 
                and</DELETED>
                <DELETED>    (B) by inserting after paragraph (3) the 
                following:</DELETED>
        <DELETED>    ``(4) Entity.--The term `entity' shall include--
        </DELETED>
                <DELETED>    ``(A) an association, corporation, whether 
                for-profit or nonprofit, partnership, proprietorship, 
                organization, institution, establishment, or 
                individual, whether domestic or foreign;</DELETED>
                <DELETED>    ``(B) a governmental agency or other 
                governmental entity, whether domestic or foreign, 
                including State, local, Tribal, and territorial 
                government entities; and</DELETED>
                <DELETED>    ``(C) the general public.'';</DELETED>
        <DELETED>    (2) in section 2202 (6 U.S.C. 652)--</DELETED>
                <DELETED>    (A) in subsection (c)--</DELETED>
                        <DELETED>    (i) in paragraph (11), by striking 
                        ``and'' at the end;</DELETED>
                        <DELETED>    (ii) in the first paragraph (12), 
                        by striking ``and'' at the end;</DELETED>
                        <DELETED>    (iii) by redesignating the second 
                        and third paragraphs (12) as paragraphs (13) 
                        and (15), respectively;</DELETED>
                        <DELETED>    (iv) in paragraph (13), as so 
                        redesignated, by striking ``and'' at the end; 
                        and</DELETED>
                        <DELETED>    (v) by inserting after paragraph 
                        (13), as so redesignated, the 
                        following:</DELETED>
        <DELETED>    ``(14) carry out the authority of the Secretary 
        under subsection (e)(1)(S); and''; and</DELETED>
                <DELETED>    (B) in subsection (e)(1), by adding at the 
                end the following:</DELETED>
                <DELETED>    ``(S) To make grants to and enter into 
                cooperative agreements or contracts with States, local, 
                Tribal, and territorial governments, and other non-
                Federal entities as the Secretary determines necessary 
                to carry out the responsibilities of the Secretary 
                related to cybersecurity and infrastructure security 
                under this Act and any other provision of law, 
                including grants, cooperative agreements, and contracts 
                that provide assistance and education related to cyber 
                threat indicators, defensive measures and cybersecurity 
                technologies, cybersecurity risks, incidents, analysis, 
                and warnings.''; and</DELETED>
        <DELETED>    (3) in section 2209 (6 U.S.C. 659)--</DELETED>
                <DELETED>    (A) in subsection (c)(6), by inserting 
                ``operational and'' before ``timely'';</DELETED>
                <DELETED>    (B) in subsection (d)(1)(E), by inserting 
                ``, including an entity that collaborates with election 
                officials,'' after ``governments''; and</DELETED>
                <DELETED>    (C) by adding at the end the 
                following:</DELETED>
<DELETED>    ``(p) Coordination on Cybersecurity for Federal and Non-
Federal Entities.--</DELETED>
        <DELETED>    ``(1) Coordination.--The Center shall, to the 
        extent practicable, and in coordination as appropriate with 
        Federal and non-Federal entities, such as the Multi-State 
        Information Sharing and Analysis Center--</DELETED>
                <DELETED>    ``(A) conduct exercises with Federal and 
                non-Federal entities;</DELETED>
                <DELETED>    ``(B) provide operational and technical 
                cybersecurity training related to cyber threat 
                indicators, proactive and defensive measures, 
                cybersecurity risks and vulnerabilities, and incident 
                response and management to Federal and non-Federal 
                entities to address cybersecurity risks or incidents, 
                with or without reimbursement;</DELETED>
                <DELETED>    ``(C) assist Federal and non-Federal 
                entities, upon request, in sharing actionable and real 
                time cyber threat indicators, defensive measures, 
                cybersecurity risks, and incidents from and to the 
                Federal Government as well as among Federal and non-
                Federal entities, in order to increase situational 
                awareness and help prevent incidents;</DELETED>
                <DELETED>    ``(D) provide notifications containing 
                specific incident and malware information that may 
                affect them or their customers and residents;</DELETED>
                <DELETED>    ``(E) provide and periodically update via 
                an easily accessible platform and other means tools, 
                products, resources, policies, guidelines, controls, 
                and other cybersecurity standards and best practices 
                and procedures related to information 
                security;</DELETED>
                <DELETED>    ``(F) work with senior Federal and non-
                Federal officials, including State, local, Tribal, and 
                territorial Chief Information Officers, senior election 
                officials, and through national associations, to 
                coordinate a nationwide effort to ensure effective 
                implementation of tools, products, resources, policies, 
                guidelines, controls, and procedures related to 
                information security to secure and ensure the 
                resiliency of Federal and non-Federal information 
                systems, including election systems;</DELETED>
                <DELETED>    ``(G) provide, upon request, operational 
                and technical assistance to Federal and non-Federal 
                entities to implement tools, products, resources, 
                policies, guidelines, controls, and procedures on 
                information security, including by, as appropriate, 
                deploying and sustaining cybersecurity technologies, 
                such as an intrusion and threat detection capability, 
                to assist those Federal and non-Federal entities in 
                detecting cybersecurity risks and incidents;</DELETED>
                <DELETED>    ``(H) assist Federal and non-Federal 
                entities in developing policies and procedures for 
                coordinating vulnerability disclosures, to the extent 
                practicable, consistent with international and national 
                standards in the information technology 
                industry;</DELETED>
                <DELETED>    ``(I) ensure that Federal and non-Federal 
                entities, as appropriate, are made aware of the tools, 
                products, resources, policies, guidelines, controls, 
                and procedures on information security developed by the 
                Department and other appropriate Federal departments 
                and agencies for ensuring the security and resiliency 
                of civilian information systems; and</DELETED>
                <DELETED>    ``(J) promote cybersecurity education and 
                awareness through engagements with Federal and non-
                Federal entities.</DELETED>
<DELETED>    ``(q) Report.--Not later than 1 year after the date of 
enactment of this subsection, and every 2 years thereafter, the 
Secretary shall submit to the Committee on Homeland Security and 
Governmental Affairs of the Senate and the Committee on Homeland 
Security of the House of Representatives a report on--</DELETED>
        <DELETED>    ``(1) the status of cybersecurity measures that 
        are in place, and any gaps that exist, in each State and in the 
        largest urban areas of the United States;</DELETED>
        <DELETED>    ``(2) the services and capabilities that the 
        Agency directly provides to governmental agencies or other 
        governmental entities; and</DELETED>
        <DELETED>    ``(3) the services and capabilities that the 
        Agency indirectly provides to governmental agencies or other 
        governmental entities through an entity described in section 
        2201(4)(B).''.</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``State and Local Government 
Cybersecurity Act of 2021''.

SEC. 2. AMENDMENTS TO THE HOMELAND SECURITY ACT OF 2002.

    Subtitle A of title XXII of the Homeland Security Act of 2002 (6 
U.S.C. 651 et seq.) is amended--
            (1) in section 2201 (6 U.S.C. 651), by adding at the end 
        the following:
            ``(7) SLTT entity.--The term `SLTT entity' means a domestic 
        government entity that is a State government, local government, 
        Tribal government, territorial government, or any subdivision 
        thereof.''; and
            (2) in section 2209 (6 U.S.C. 659)--
                    (A) in subsection (c)(6), by inserting 
                ``operational and'' before ``timely'';
                    (B) in subsection (d)(1)(E), by inserting ``, 
                including an entity that collaborates with election 
                officials,'' after ``governments''; and
                    (C) by adding at the end the following:
    ``(p) Coordination on Cybersecurity for SLTT Entities.--
            ``(1) Coordination.--The Center shall, upon request and to 
        the extent practicable, and in coordination as appropriate with 
        Federal and non-Federal entities, such as the Multi-State 
        Information Sharing and Analysis Center--
                    ``(A) conduct exercises with SLTT entities;
                    ``(B) provide operational and technical 
                cybersecurity training to SLTT entities to address 
                cybersecurity risks or incidents, with or without 
                reimbursement, related to--
                            ``(i) cyber threat indicators;
                            ``(ii) defensive measures;
                            ``(iii) cybersecurity risks;
                            ``(iv) vulnerabilities; and
                            ``(v) incident response and management;
                    ``(C) in order to increase situational awareness 
                and help prevent incidents, assist SLTT entities in 
                sharing, in real time, with the Federal Government as 
                well as among SLTT entities, actionable--
                            ``(i) cyber threat indicators;
                            ``(ii) defensive measures;
                            ``(iii) information about cybersecurity 
                        risks; and
                            ``(iv) information about incidents;
                    ``(D) provide SLTT entities notifications 
                containing specific incident and malware information 
                that may affect them or their residents;
                    ``(E) provide to, and periodically update, SLTT 
                entities via an easily accessible platform and other 
                means--
                            ``(i) information about tools;
                            ``(ii) information about products;
                            ``(iii) resources;
                            ``(iv) policies;
                            ``(v) guidelines;
                            ``(vi) controls; and
                            ``(vii) other cybersecurity standards and 
                        best practices and procedures related to 
                        information security;
                    ``(F) work with senior SLTT entity officials, 
                including chief information officers and senior 
                election officials and through national associations, 
                to coordinate the effective implementation by SLTT 
                entities of tools, products, resources, policies, 
                guidelines, controls, and procedures related to 
                information security to secure the information systems, 
                including election systems, of SLTT entities;
                    ``(G) provide operational and technical assistance 
                to SLTT entities to implement tools, products, 
                resources, policies, guidelines, controls, and 
                procedures on information security;
                    ``(H) assist SLTT entities in developing policies 
                and procedures for coordinating vulnerability 
                disclosures consistent with international and national 
                standards in the information technology industry; and
                    ``(I) promote cybersecurity education and awareness 
                through engagements with Federal agencies and non-
                Federal entities.
    ``(q) Report.--Not later than 1 year after the date of enactment of 
this subsection, and every 2 years thereafter, the Secretary shall 
submit to the Committee on Homeland Security and Governmental Affairs 
of the Senate and the Committee on Homeland Security of the House of 
Representatives a report on the services and capabilities that the 
Agency directly and indirectly provides to SLTT entities.''.
                                                      Calendar No.  152

117th CONGRESS

  1st Session

                                S. 2520

                          [Report No. 117-42]

_______________________________________________________________________

                                 A BILL

 To amend the Homeland Security Act of 2002 to provide for engagements 
 with State, local, Tribal, and territorial governments, and for other 
                               purposes.

_______________________________________________________________________

                            October 21, 2021

                       Reported with an amendment