[Congressional Record Volume 168, Number 83 (Monday, May 16, 2022)]
[House]
[Pages H4989-H4991]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
DHS ROLES AND RESPONSIBILITIES IN CYBER SPACE ACT
Mr. MALINOWSKI. Mr. Speaker, I move to suspend the rules and pass the
bill (H.R. 5658) to require the Secretary of Homeland Security to
submit a report on the cybersecurity roles and responsibilities of the
Federal Government, and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows:
H.R. 5658
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``DHS Roles and
Responsibilities in Cyber Space Act''.
SEC. 2. FINDINGS.
Congress finds the following:
(1) The Department of Homeland Security, through the
Cybersecurity and Infrastructure Security Agency, is the lead
Federal coordinator for securing critical infrastructure
across all 16 sectors, in coordination with designated Sector
Risk Management Agencies.
(2) Cyber incidents require technical resources and are
only sometimes sector specific.
(3) The Cybersecurity and Infrastructure Security Agency is
the central agency that can quickly analyze and coordinate
mitigations when a malicious cyber campaign spans multiple
sectors.
(4) Section 2209 of the Homeland Security Act of 2002
authorizes the Cybersecurity and Infrastructure Security
Agency as the Federal civilian interface for multi-
directional and cross-sector sharing of information related
to cyber threat indicators with and between the government
and the private sector.
(5) Section 2209 of the Homeland Security Act of 2002
authorizes the Cybersecurity and Infrastructure Security
Agency to facilitate cross-sector coordination to address
cybersecurity risks
[[Page H4990]]
and incidents, including cybersecurity risks and incidents
that may be related or could have consequential impacts
across multiple sectors.
(6) Presidential Policy Directive-41 directs the Department
of Homeland Security, via the national cybersecurity and
communications integration center, to be the lead Federal
agency for asset response during a significant cyber
incident.
(7) The functions of the national cybersecurity and
communications integration center are carried about by the
Cybersecurity and Infrastructure Security Agency's
Cybersecurity Division.
(8) Presidential Policy Directive-21 directs the Department
of Homeland Security to lead the coordination of critical
infrastructure protection among the Sector Risk Management
Agencies.
(9) Section 9002 of the William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
codified the duties of Sector Risk Management Agencies for
critical infrastructure sectors, laying out the roles and
responsibilities they have in coordinating with the
Cybersecurity and Infrastructure Security Agency to secure
the nation's critical infrastructure.
(10) Enhancing the security and resilience of our critical
infrastructure is a priority for Congress and for the Nation.
(11) The Department of Homeland Security maintains and
continues to build partnerships across all infrastructure
sectors to enhance control systems cybersecurity.
(12) Section 1731 of the William M. (Mac) Thornberry
National Defense Authorization Act for Fiscal Year 2021
directed the Secretary of Homeland Security to submit a
report on the potential for better coordination of Federal
cybersecurity efforts at an integrated cybersecurity center
within the Cybersecurity and Infrastructure Security Agency.
SEC. 3. REPORT ON CYBERSECURITY ROLES AND RESPONSIBILITIES OF
THE DEPARTMENT OF HOMELAND SECURITY.
(a) In General.--Not later than one year after the date of
the enactment of this Act, the Secretary of Homeland
Security, in coordination with the Director of the
Cybersecurity and Infrastructure Security Agency of the
Department of Homeland Security, shall submit to the
Committee on Homeland Security of the House of
Representatives and the Committee on Homeland Security and
Governmental Affairs of the Senate a report on the roles and
responsibilities of the Department and its components
relating to cyber incident response.
(b) Contents.--The report required under subsection (a)
shall include the following:
(1) A review of how the cyber incident response plans under
section 2210(c) of the Homeland Security Act of 2002 (6
U.S.C. 660(c)) are utilized in the Federal Government's
response to a cyber incident.
(2) An explanation of the roles and responsibilities of the
Department of Homeland Security and its components with
responsibility for, or in support of, the Federal
Government's response to a cyber incident, including primary
responsibility for working with impacted private sector
entities.
(3) An explanation of which and how authorities of the
Department and its components are utilized in the Federal
Government's response to a cyber incident.
(4) Recommendations to provide further clarity for roles
and responsibilities of the Department and its components
relating to cyber incident response.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from New
Jersey (Mr. Malinowski) and the gentleman from Kansas (Mr. LaTurner)
each will control 20 minutes.
The Chair recognizes the gentleman from New Jersey.
General Leave
Mr. MALINOWSKI. Mr. Speaker, I ask unanimous consent that all Members
may have 5 legislative days to revise and extend their remarks and to
include extraneous material on this measure.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from New Jersey?
There was no objection.
Mr. MALINOWSKI. Mr. Speaker, I yield myself such time as I may
consume.
Mr. Speaker, given the magnitude and complexity of the current
cybersecurity threat landscape, coordination among DHS components to
address growing and evolving risks in cybersecurity is critical. It is
important that DHS components coordinate in a manner that reflects how
their respective expertise can fit into the broader DHS cybersecurity
strategy.
While the Cybersecurity and Infrastructure Security Agency has the
most notable role in cybersecurity at DHS, other components also have
considerable cyber expertise.
For example, the Secret Service has a critical role in investigating
cybercrimes, and the Transportation Security Administration and the
Coast Guard provide cybersecurity support for the transportation
sector.
As DHS develops its cybersecurity strategy and incident response
planning, it must consider how best to use each of these components and
must carefully define roles and responsibilities so that components
understand their duties during a cyber incident.
To that end, H.R. 5658 directs DHS to provide a report to Congress
that explains the roles and responsibilities of its components in cyber
incident response. The report is to include information on how DHS'
authorities and CISA's incident response plans are utilized in the
Federal Government's overall cyber incident response efforts.
This report will help ensure that DHS is developing a coordinated
effort to provide Congress critical information regarding the
authorities needed to facilitate effective cyber incident response.
I thank Representative Bacon for collaborating with the Homeland
Security Committee on this legislation.
Mr. Speaker, I urge my colleagues to support this bill, and I reserve
the balance of my time.
Mr. LaTURNER. Mr. Speaker, I yield myself such time as I may consume.
I rise today in support of H.R. 5658, the DHS Roles and
Responsibilities in Cyber Space Act.
Many recent cyber events, to include the Russian probing of U.S.
critical infrastructure, have shown that enhancing the security and
resilience of our critical infrastructure must be a top priority for
Congress and for the Nation.
The Cybersecurity and Infrastructure Security Agency, or CISA, is the
lead Federal Agency for asset response during a significant cyber
incident, as directed by Presidential Policy Directive 41. CISA is also
the lead Federal coordinator for securing critical infrastructure
across all 16 sectors, in coordination with designated sector risk
management agencies.
This bill outlines specific reporting requirements that DHS, in
concert with CISA, must submit to Congress. These requirements include:
review of utilization of Federal cyber incident response plans;
explanation of roles and responsibilities of DHS in the Federal
Government's response to a cyber incident; explanation of DHS
authorities and how its components respond to a cyber incident; and
recommendations to provide further clarity on roles and
responsibilities of DHS in cyber incident response.
This bill will help clarify Federal roles in cyber incident response,
thereby eliminating confusion in the midst of an actual cyber event.
I thank the gentleman from Nebraska (Mr. Bacon) for sponsoring this
legislation.
Mr. Speaker, I urge Members to join me in supporting H.R. 5658, and I
yield back the balance of my time.
Mr. MALINOWSKI. Mr. Speaker, I yield myself the balance of my time.
Mr. Speaker, in recent years, we have seen several cyber incidents
that have demonstrated the importance of effective incident response
planning.
With cyber incidents occurring across many sectors, DHS plays a
unique role as the lead Federal coordinator for securing critical
infrastructure. Passing this bill will help ensure that DHS and its
components have the properly defined roles and responsibilities
necessary to carry out this mission effectively.
I urge my colleagues to support H.R. 5658. I am sure we all look
forward to spending quality time together as we do roll call votes on
all of these noncontroversial, bipartisan bills this week, and I yield
back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from New Jersey (Mr. Malinowski) that the House suspend the
rules and pass the bill, H.R. 5658, as amended.
The question was taken.
The SPEAKER pro tempore. In the opinion of the Chair, two-thirds
being in the affirmative, the ayes have it.
Mr. BISHOP of North Carolina. Mr. Speaker, on that I demand the yeas
and nays.
=========================== NOTE ===========================
May 16, 2022, on page H4990, in the third column the following
appeared: The SPEAKER pro tempore. In the opinion of the Chair,
two-thirds being in the affirmative, the ayes have it. Mr. MURPHY
of North Carolina. Mr. Speaker, on that I demand the yeas and
nays.
The online version has been corrected to read: The SPEAKER pro
tempore. In the opinion of the Chair, two-thirds being in the
affirmative, the ayes have it. Mr. BISHOP of North Carolina. Mr.
Speaker, on that I demand the yeas and nays.
========================= END NOTE =========================
The SPEAKER pro tempore. Pursuant to section 3(s) of House Resolution
8, the yeas and nays are ordered.
Pursuant to clause 8 of rule XX, further proceedings on this motion
are postponed.
[[Page H4991]]
____________________