[Congressional Record Volume 164, Number 24 (Wednesday, February 7, 2018)]
[Senate]
[Pages S705-S706]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
By Mr. DAINES:
S. 2392. A bill to amend the Homeland Security Act of 2002 to
authorize the Secretary of Homeland Security to designate cybersecurity
technologies that qualify for protection under systems of risk and
litigation management; to the Committee on Homeland Security and
Governmental Affairs.
Mr. DAINES. Mr. President, in recent years we have seen the inability
of the Federal government to quickly adapt to changing technology and
evolving cyber security threats. In June of 2015 the Office of
Personnel Management (OPM) announced it had fallen victim to a major
cyber breach, compromising the personally identifiable information of
more than 22 million current and former Federal employees, including
myself. Seven months later, nearly half a million more Americans had
their social security numbers stolen when the Internal Revenue Service
was hacked. We found out last year that the U.S. Securities and
Exchange Commission had been hacked in 2016.
I spent 28 years in the private sector, 12 years with a global cloud
computing company. We faced new cyber threats daily and our customers
expected security. We delivered, not once was our data compromised.
I know firsthand that industry has the talent and the incentive to
revolutionize cyber security and keep their information systems secure.
The Federal government should unbridle the private sector whenever
possible, utilizing their expertise, learning from their best
practices, and facilitating their innovation.
That is why I am introducing the Cyber Support for Anti-Terrorism by
Fostering Effective Technologies Act or the Cyber SAFETY Act. Since
2002, the Department of Homeland Security's existing SAFETY Act program
has successfully incentivized the private sector's development and
deployment of anti-terrorism and security technologies through limited
liability protections. It has ensured the threat of litigation does not
deter entrepreneurs from developing and commercializing products and
services that protect lives and infrastructure. This legislation will
simply expand the applicability of the program to ensure that cyber
security firms can qualify for these same protections. It will enable
cyber security firms to innovate and commercialize new technologies
without a technology mandate.
I ask my Senate colleagues to join me in support of this important
legislation.
Mr. President, I ask unanimous consent that the text of the bill be
printed in the Record.
There being no objection, the text of the bill was ordered to be
printed in the Record, as follows:
S. 2392
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Cyber Support for Anti-
Terrorism by Fostering Effective Technologies Act of 2018''
or the ``Cyber SAFETY Act of 2018''.
SEC. 2. INCLUSION OF QUALIFYING CYBER INCIDENTS.
Subtitle G of title VIII of the Homeland Security Act of
2002 (6 U.S.C. 441 et seq.) is amended--
(1) in section 862(b) (6 U.S.C. 441(b))--
(A) in the heading, by striking ``Designation of Qualified
Anti-terrorism Technologies'' and inserting ``Designation of
Anti-terrorism and Cybersecurity Technologies'';
(B) in the matter preceding paragraph (1), by inserting
``or cybersecurity'' after ``anti-terrorism'';
(C) in paragraphs (3), (4), and (5), by inserting ``or
cybersecurity'' after ``anti-terrorism'' each place that term
appears; and
(D) in paragraph (7)--
(i) by inserting ``or cybersecurity'' after ``Anti-
terrorism''; and
(ii) by inserting ``or qualifying cyber incidents'' after
``acts of terrorism'';
(2) in section 863 (6 U.S.C. 442)--
(A) by inserting ``or cybersecurity'' after ``anti-
terrorism'' each place that term appears;
(B) by inserting ``or qualifying cyber incident'' after
``act of terrorism'' each place that term appears;
(C) by inserting ``or qualifying cyber incidents'' after
``acts of terrorism'' each place that term appears; and
(D) in subsection (d)(3)--
(i) by striking ``(3) Certificate.--'' and inserting the
following: ``(3) Certificates.--
``(A) Certificates for anti-terrorism technologies.--'';
and
(ii) by adding at the end the following:
``(B) Certificates for cybersecurity technologies.--
``(i) In general.--For cybersecurity technology reviewed
and approved by the Secretary, the Secretary will issue a
certificate of conformance to the Seller and place the
cybersecurity technology on an Approved Product List for
Homeland Security.
``(ii) Subsequent review.--Not less frequently than once
every 2 years, the Secretary shall conduct a new review of
any cybersecurity technology for which the Secretary issued a
certification under clause (i).'';
(3) in section 864 (6 U.S.C. 443)--
(A) by inserting ``or cybersecurity'' after ``anti-
terrorism'' each place that term appears; and
(B) by inserting ``or qualifying cyber incident'' after
``act of terrorism'' each place that term appears; and
(4) in section 865 (6 U.S.C. 444)--
(A) in paragraph (1)--
(i) in the heading, by inserting ``or cybersecurity'' after
``anti-terrorism'';
(ii) by inserting ``or cybersecurity'' after ``anti-
terrorism'';
(iii) by inserting ``or qualifying cyber incidents'' after
``acts of terrorism''; and
(iv) by inserting ``or incidents'' after ``such acts''; and
(B) by adding at the end the following:
``(7) Qualifying cyber incident.--The term `qualifying
cyber incident' has the meaning given the term `incident' in
section 3552(b) of title 44, United States Code.
[[Page S706]]
``(8) Final agency action.--The determination by the
Secretary that an act of terrorism or qualifying cyber
incident has occurred shall constitute a final agency action
subject to review under chapter 7 of title 5, United States
Code.''.
______