[Congressional Record Volume 168, Number 83 (Monday, May 16, 2022)]
[House]
[Pages H4989-H4991]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




           DHS ROLES AND RESPONSIBILITIES IN CYBER SPACE ACT

  Mr. MALINOWSKI. Mr. Speaker, I move to suspend the rules and pass the 
bill (H.R. 5658) to require the Secretary of Homeland Security to 
submit a report on the cybersecurity roles and responsibilities of the 
Federal Government, and for other purposes, as amended.
  The Clerk read the title of the bill.
  The text of the bill is as follows:

                               H.R. 5658

       Be it enacted by the Senate and House of Representatives of 
     the United States of America in Congress assembled,

     SECTION 1. SHORT TITLE.

       This Act may be cited as the ``DHS Roles and 
     Responsibilities in Cyber Space Act''.

     SEC. 2. FINDINGS.

       Congress finds the following:
       (1) The Department of Homeland Security, through the 
     Cybersecurity and Infrastructure Security Agency, is the lead 
     Federal coordinator for securing critical infrastructure 
     across all 16 sectors, in coordination with designated Sector 
     Risk Management Agencies.
       (2) Cyber incidents require technical resources and are 
     only sometimes sector specific.
       (3) The Cybersecurity and Infrastructure Security Agency is 
     the central agency that can quickly analyze and coordinate 
     mitigations when a malicious cyber campaign spans multiple 
     sectors.
       (4) Section 2209 of the Homeland Security Act of 2002 
     authorizes the Cybersecurity and Infrastructure Security 
     Agency as the Federal civilian interface for multi-
     directional and cross-sector sharing of information related 
     to cyber threat indicators with and between the government 
     and the private sector.
       (5) Section 2209 of the Homeland Security Act of 2002 
     authorizes the Cybersecurity and Infrastructure Security 
     Agency to facilitate cross-sector coordination to address 
     cybersecurity risks

[[Page H4990]]

     and incidents, including cybersecurity risks and incidents 
     that may be related or could have consequential impacts 
     across multiple sectors.
       (6) Presidential Policy Directive-41 directs the Department 
     of Homeland Security, via the national cybersecurity and 
     communications integration center, to be the lead Federal 
     agency for asset response during a significant cyber 
     incident.
       (7) The functions of the national cybersecurity and 
     communications integration center are carried about by the 
     Cybersecurity and Infrastructure Security Agency's 
     Cybersecurity Division.
       (8) Presidential Policy Directive-21 directs the Department 
     of Homeland Security to lead the coordination of critical 
     infrastructure protection among the Sector Risk Management 
     Agencies.
       (9) Section 9002 of the William M. (Mac) Thornberry 
     National Defense Authorization Act for Fiscal Year 2021 
     codified the duties of Sector Risk Management Agencies for 
     critical infrastructure sectors, laying out the roles and 
     responsibilities they have in coordinating with the 
     Cybersecurity and Infrastructure Security Agency to secure 
     the nation's critical infrastructure.
       (10) Enhancing the security and resilience of our critical 
     infrastructure is a priority for Congress and for the Nation.
       (11) The Department of Homeland Security maintains and 
     continues to build partnerships across all infrastructure 
     sectors to enhance control systems cybersecurity.
       (12) Section 1731 of the William M. (Mac) Thornberry 
     National Defense Authorization Act for Fiscal Year 2021 
     directed the Secretary of Homeland Security to submit a 
     report on the potential for better coordination of Federal 
     cybersecurity efforts at an integrated cybersecurity center 
     within the Cybersecurity and Infrastructure Security Agency.

     SEC. 3. REPORT ON CYBERSECURITY ROLES AND RESPONSIBILITIES OF 
                   THE DEPARTMENT OF HOMELAND SECURITY.

       (a) In General.--Not later than one year after the date of 
     the enactment of this Act, the Secretary of Homeland 
     Security, in coordination with the Director of the 
     Cybersecurity and Infrastructure Security Agency of the 
     Department of Homeland Security, shall submit to the 
     Committee on Homeland Security of the House of 
     Representatives and the Committee on Homeland Security and 
     Governmental Affairs of the Senate a report on the roles and 
     responsibilities of the Department and its components 
     relating to cyber incident response.
       (b) Contents.--The report required under subsection (a) 
     shall include the following:
       (1) A review of how the cyber incident response plans under 
     section 2210(c) of the Homeland Security Act of 2002 (6 
     U.S.C. 660(c)) are utilized in the Federal Government's 
     response to a cyber incident.
       (2) An explanation of the roles and responsibilities of the 
     Department of Homeland Security and its components with 
     responsibility for, or in support of, the Federal 
     Government's response to a cyber incident, including primary 
     responsibility for working with impacted private sector 
     entities.
       (3) An explanation of which and how authorities of the 
     Department and its components are utilized in the Federal 
     Government's response to a cyber incident.
       (4) Recommendations to provide further clarity for roles 
     and responsibilities of the Department and its components 
     relating to cyber incident response.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New 
Jersey (Mr. Malinowski) and the gentleman from Kansas (Mr. LaTurner) 
each will control 20 minutes.
  The Chair recognizes the gentleman from New Jersey.


                             General Leave

  Mr. MALINOWSKI. Mr. Speaker, I ask unanimous consent that all Members 
may have 5 legislative days to revise and extend their remarks and to 
include extraneous material on this measure.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from New Jersey?
  There was no objection.
  Mr. MALINOWSKI. Mr. Speaker, I yield myself such time as I may 
consume.
  Mr. Speaker, given the magnitude and complexity of the current 
cybersecurity threat landscape, coordination among DHS components to 
address growing and evolving risks in cybersecurity is critical. It is 
important that DHS components coordinate in a manner that reflects how 
their respective expertise can fit into the broader DHS cybersecurity 
strategy.
  While the Cybersecurity and Infrastructure Security Agency has the 
most notable role in cybersecurity at DHS, other components also have 
considerable cyber expertise.
  For example, the Secret Service has a critical role in investigating 
cybercrimes, and the Transportation Security Administration and the 
Coast Guard provide cybersecurity support for the transportation 
sector.
  As DHS develops its cybersecurity strategy and incident response 
planning, it must consider how best to use each of these components and 
must carefully define roles and responsibilities so that components 
understand their duties during a cyber incident.
  To that end, H.R. 5658 directs DHS to provide a report to Congress 
that explains the roles and responsibilities of its components in cyber 
incident response. The report is to include information on how DHS' 
authorities and CISA's incident response plans are utilized in the 
Federal Government's overall cyber incident response efforts.
  This report will help ensure that DHS is developing a coordinated 
effort to provide Congress critical information regarding the 
authorities needed to facilitate effective cyber incident response.
  I thank Representative Bacon for collaborating with the Homeland 
Security Committee on this legislation.
  Mr. Speaker, I urge my colleagues to support this bill, and I reserve 
the balance of my time.
  Mr. LaTURNER. Mr. Speaker, I yield myself such time as I may consume.
  I rise today in support of H.R. 5658, the DHS Roles and 
Responsibilities in Cyber Space Act.
  Many recent cyber events, to include the Russian probing of U.S. 
critical infrastructure, have shown that enhancing the security and 
resilience of our critical infrastructure must be a top priority for 
Congress and for the Nation.
  The Cybersecurity and Infrastructure Security Agency, or CISA, is the 
lead Federal Agency for asset response during a significant cyber 
incident, as directed by Presidential Policy Directive 41. CISA is also 
the lead Federal coordinator for securing critical infrastructure 
across all 16 sectors, in coordination with designated sector risk 
management agencies.
  This bill outlines specific reporting requirements that DHS, in 
concert with CISA, must submit to Congress. These requirements include: 
review of utilization of Federal cyber incident response plans; 
explanation of roles and responsibilities of DHS in the Federal 
Government's response to a cyber incident; explanation of DHS 
authorities and how its components respond to a cyber incident; and 
recommendations to provide further clarity on roles and 
responsibilities of DHS in cyber incident response.
  This bill will help clarify Federal roles in cyber incident response, 
thereby eliminating confusion in the midst of an actual cyber event.
  I thank the gentleman from Nebraska (Mr. Bacon) for sponsoring this 
legislation.
  Mr. Speaker, I urge Members to join me in supporting H.R. 5658, and I 
yield back the balance of my time.
  Mr. MALINOWSKI. Mr. Speaker, I yield myself the balance of my time.
  Mr. Speaker, in recent years, we have seen several cyber incidents 
that have demonstrated the importance of effective incident response 
planning.
  With cyber incidents occurring across many sectors, DHS plays a 
unique role as the lead Federal coordinator for securing critical 
infrastructure. Passing this bill will help ensure that DHS and its 
components have the properly defined roles and responsibilities 
necessary to carry out this mission effectively.
  I urge my colleagues to support H.R. 5658. I am sure we all look 
forward to spending quality time together as we do roll call votes on 
all of these noncontroversial, bipartisan bills this week, and I yield 
back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from New Jersey (Mr. Malinowski) that the House suspend the 
rules and pass the bill, H.R. 5658, as amended.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. BISHOP of North Carolina. Mr. Speaker, on that I demand the yeas 
and nays.


 =========================== NOTE =========================== 

  
  May 16, 2022, on page H4990, in the third column the following 
appeared: The SPEAKER pro tempore. In the opinion of the Chair, 
two-thirds being in the affirmative, the ayes have it. Mr. MURPHY 
of North Carolina. Mr. Speaker, on that I demand the yeas and 
nays.
  
  The online version has been corrected to read: The SPEAKER pro 
tempore. In the opinion of the Chair, two-thirds being in the 
affirmative, the ayes have it. Mr. BISHOP of North Carolina. Mr. 
Speaker, on that I demand the yeas and nays.


 ========================= END NOTE ========================= 


  The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution 
8, the yeas and nays are ordered.
  Pursuant to clause 8 of rule XX, further proceedings on this motion 
are postponed.

[[Page H4991]]

  

                          ____________________