Interagency task force and report on the targeting of United States critical infrastructure by People’s Republic of China state-sponsored cyber actors

(a)

Definitions

In this section:(1)

Appropriate congressional committees

The term appropriate congressional committees means—(A)the Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, and the Select Committee on Intelligence of the Senate; and(B)the Committee on Homeland Security, the Committee on the Judiciary, and the Permanent Select Committee on Intelligence of the House of Representatives. (2)

Asset

The term asset means a person, structure, facility, information, material, equipment, network, or process, whether physical or virtual, that enables the services, functions, or capabilities of an organization. (3)

Critical infrastructure

The term critical infrastructure has the meaning given the term in section 1016(e) of the Critical Infrastructures Protection Act of 2001 (42 U.S.C. 5195c(e)).(4)

Cybersecurity threat

The term cybersecurity threat has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).(5)

Director

The term Director means the Director of the Cybersecurity and Infrastructure Security Agency. (6)

Homeland Security Enterprise

The term Homeland Security Enterprise has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).(7)

Incident

The term incident has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).(8)

Information sharing

The term information sharing means the bidirectional sharing of timely and relevant information concerning a cybersecurity threat posed by a State-sponsored cyber actor of the People’s Republic of China to United States critical infrastructure.(9)

Intelligence community

The term intelligence community has the meaning given the term in section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)).(10)

Locality

The term locality means any local government authority or agency or component thereof within a State having jurisdiction over matters at a county, municipal, or other local government level.(11)

Secretary

The term Secretary means the Secretary of Homeland Security. (12)

Sector

The term sector means a collection of assets, systems, networks, entities, or organizations that provide or enable a common function for national security (including national defense and continuity of Government), national economic security, national public health or safety, or any combination thereof.(13)

Sector Risk Management Agency

The term Sector Risk Management Agency has the meaning given the term in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).(14)

State

The term State means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Northern Mariana Islands, the United States Virgin Islands, Guam, American Samoa, and any other territory or possession of the United States.(15)

Systems

The term systems means a combination of personnel, structures, facilities, information, materials, equipment, networks, or processes, whether physical or virtual, integrated or interconnected for a specific purpose that enables the services, functions, or capabilities of an organization. (16)

Task force

The term task force means the joint interagency task force established under subsection (b). (17)

United States

The term United States, when used in a geographic sense, means any State of the United States.(18)

Volt Typhoon

The term Volt Typhoon means the People’s Republic of China State-sponsored cyber actor described in the Cybersecurity and Infrastructure Security Agency cybersecurity advisory entitled PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure, issued on February 07, 2024, or any successor advisory.(b)

Interagency task force

Not later than 120 days after the date of enactment of this Act, the Secretary, acting through the Director, in consultation with the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies as determined by the Director, shall establish a joint interagency task force to facilitate collaboration and coordination among the Sector Risk Management Agencies assigned a Federal role or responsibility in National Security Memorandum–22, issued April 30, 2024 (relating to critical infrastructure security and resilience), or any successor document, to detect, analyze, and respond to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China by ensuring that the actions of those agencies are aligned and mutually reinforcing.(c)

Chairs

(1)

Chairperson

The Director, or the designee of the Director, shall serve as the Chairperson of the task force.(2)

Vice Chairperson

The Director of the Federal Bureau of Investigation, or the designee of the Director, shall serve as the Vice Chairperson of the task force.(d)

Composition

(1)

In general

The task force shall consist of appropriate representatives of the departments and agencies specified in subsection (b) appointed by the Chairperson in consultation with the Vice Chairperson.(2)

Qualifications

To materially assist in the activities of the task force, representatives under paragraph (1) shall be subject matter experts who have familiarity and technical expertise regarding cybersecurity, digital forensics, or threat intelligence analysis, or in-depth knowledge of the tactics, techniques, and procedures commonly used by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(e)

Vacancy

Any vacancy occurring in the membership of the task force shall be filled in the same manner in which the original appointment was made.(f)

Establishment flexibility

To avoid redundancy, the task force may coordinate with any preexisting task force, working group, or cross-intelligence effort within the Homeland Security Enterprise or the intelligence community that has examined or responded to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(g)

Task force reports; briefing

(1)

Initial report

Not later than 540 days after the establishment of the task force, the task force shall submit to the appropriate congressional committees the first report containing the initial findings, conclusions, and recommendations of the task force.(2)

Annual report

Not later than 1 year after the date of the submission of the initial report under paragraph (1), and annually thereafter for 5 years, the task force shall submit to the appropriate congressional committees an annual report containing the findings, conclusions, and recommendations of the task force.(3)

Contents

The reports under this subsection shall include the following:(A)An assessment at the lowest classification feasible of the sector-specific risks, trends relating to incidents impacting sectors, and tactics, techniques, and procedures utilized by or relating to State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(B)An assessment of additional resources and authorities needed by Federal departments and agencies to better counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(C)A classified assessment of the extent of potential destruction, compromise, or disruption to United States critical infrastructure by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China in the event of a major crisis or future conflict between the People’s Republic of China and the United States.(D)A classified assessment of the ability of the United States to counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China in the event of a major crisis or future conflict between the People’s Republic of China and the United States, including with respect to different cybersecurity measures and recommendations that could mitigate such a threat.(E)A classified assessment of the ability of State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China to disrupt operations of the United States Armed Forces by hindering mobility across critical infrastructure such as rail, aviation, and ports, including how such disruption would impair the ability of the United States Armed Forces to deploy and maneuver forces effectively.(F)A classified assessment of the economic and social ramifications of a disruption to 1 or multiple United States critical infrastructure sectors by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China in the event of a major crisis or future conflict between the People’s Republic of China and the United States.(G)Such recommendations as the task force may have for the Homeland Security Enterprise, the intelligence community, or critical infrastructure owners and operators to improve the detection and mitigation of the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(H)A one-time plan for an awareness campaign to familiarize critical infrastructure owners and operators with security resources and support offered by Federal departments and agencies to mitigate the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China.(4)

Briefing

Not later than 30 days after the date of the submission of each report under this subsection, the task force shall provide to the appropriate congressional committees a classified briefing on the findings, conclusions, and recommendations of the task force.(5)

Form

Each report under this subsection shall be submitted in classified form, consistent with the protection of intelligence sources and methods, but may include an unclassified executive summary.(6)

Publication

The unclassified executive summary of each report required under this subsection shall be published on a publicly accessible website of the Department of Homeland Security.(h)

Access to information

(1)

In general

The Secretary, the Director, the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies, as determined by the Director, shall provide to the task force such information, documents, analysis, assessments, findings, evaluations, inspections, audits, or reviews relating to efforts to counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People’s Republic of China as the task force considers necessary to carry out this section.(2)

Receipt, handling, storage, and dissemination

Information, documents, analysis, assessments, findings, evaluations, inspections, audits, and reviews described in this subsection shall be received, handled, stored, and disseminated only by members of the task force consistent with all applicable statutes, regulations, and Executive orders.(3)

Security clearances for task force members

No member of the task force may be provided with access to classified information under this section without the appropriate security clearances.(i)

Termination

The task force, and all the authorities of this section, shall terminate on the date that is 60 days after the final briefing required under subsection (g)(4).(j)

Exemption from FACA

Chapter 10 of title 5, United States Code, shall not apply to the task force.(k)

Exemption from Paperwork Reduction Act

Chapter 35 of title 44, United States Code (commonly known as the Paperwork Reduction Act), shall not apply to the task force.