|
The National Cybersecurity and Critical Infrastructure Protection Act of 2013 () is a bill that would amend the Homeland Security Act of 2002 to require the Secretary of the Department of Homeland Security (DHS) to conduct cybersecurity activities on behalf of the federal government and would codify the role of DHS in preventing and responding to cybersecurity incidents involving the Information Technology (IT) systems of federal civilian agencies and critical infrastructure in the United States.〔 The bill was introduced in the United States House of Representatives during the 113th United States Congress. ==Provisions of the bill== ''This summary is based largely on the summary provided by the Congressional Research Service, a public domain source.''〔(【引用サイトリンク】url=https://beta.congress.gov/bill/113th-congress/house-bill/3696 )〕 The National Cybersecurity and Critical Infrastructure Protection Act of 2013 would amend the Homeland Security Act of 2002 to require the United States Secretary of Homeland Security to conduct cybersecurity activities, including the provision of shared situational awareness among federal entities to enable real-time, integrated, and operational actions to protect from, prevent, mitigate, respond to, and recover from cyber incidents.〔 The bill would define “cyber incident” as an incident resulting in, or an attempt to cause an incident that, if successful, would: (1) jeopardize the security, integrity, confidentiality, or availability of an information system or network or any information stored on, processed on, or transiting such a system; (2) violate laws or procedures relating to system security, acceptable use policies, or acts of terrorism against an information system or network; or (3) deny access to or degrade, disrupt, or destruct an information system or network or defeat an operations or technical control of such a system or network.〔 The bill would direct the Secretary to coordinate with federal, state, and local governments, critical infrastructure owners and operators, and other cross-sector coordinating entities to: (1) facilitate a national effort to strengthen and maintain critical infrastructure from cyber threats; (2) ensure that United States Department of Homeland Security (DHS) policies and procedures enable critical infrastructure owners and operators to receive appropriate and timely cyber threat information; (3) seek industry sector-specific expertise to develop voluntary security and resiliency strategies and to ensure that the allocation of federal resources is cost effective and reduces burdens on critical infrastructure owners and operators; (4) upon request, provide risk management assistance to entities and education to critical infrastructure owners and operators; and (5) coordinate a research and development strategy for cybersecurity technologies.〔 The bill would direct the Secretary: (1) to manage federal efforts to secure federal civilian information systems (excluding national security, United States Department of Defense (DOD), military, and intelligence community systems) and, upon request, to support the efforts of critical infrastructure owners and operators to protect against cyber threats; (2) to direct a DHS entity to serve as a federal civilian entity by and among federal, state, and local governments, private entities, and critical infrastructure sectors to share cyber threat information; (3) to promote national awareness and educate the public regarding information system security; (4) upon request, to facilitate cyber incident response and recovery assistance and provide analysis and warnings related to threats to, and vulnerabilities of, critical information systems, crisis and consequence management support, and other remote or on-site technical assistance to federal, state, and local government entities and private entities for cyber incidents affecting critical infrastructure; and (5) engage with international partners.〔 The bill would require the Secretary to: (1) designate critical infrastructure sectors; and (2) recognize, for each sector, a Sector Coordinating Council (SCC) and at least one Information Sharing and Analysis Center (ISAC).〔 The bill would permit to be included as critical infrastructure sectors:〔 : *chemical; : *commercial facilities; : *communications; : *critical manufacturing; : *dams; : *Defense Industrial Base; : *emergency services; : *energy; : *financial services; : *food and agriculture; : *government facilities; : *healthcare and public health; : *information technology; : *nuclear reactors, materials, and waste; : *transportation systems; and : *water and wastewater systems. The bill would require SCCs to: (1) be composed of small, medium, and large critical infrastructure owners and operators, private entities, and representative trade associations; and (2) serve as a self-governing, self-organized, primary policy, planning, and strategic communications entity for coordinating with DHS, sector-specific agencies, and ISACs on security and resilience activities and emergency response and recovery efforts.〔 The bill would allow the Secretary to enter contracts with private entities that provide electronic communication, remote computing, or cybersecurity services. Prohibits causes of action against private entities that provide such assistance to the Secretary.〔 The bill would establish the National Cybersecurity and Communications Integration Center as a federal civilian information sharing interface to: (1) provide shared situational awareness to enable real-time, integrated, and operational actions across the federal government; and (2) share cyber threat information among federal, state, and local government entities, ISACs, private entities, and critical infrastructure owners and operators that have information sharing relationships.〔 The bill would require the Secretary to establish Cyber Incident Response Teams to provide technical assistance and recommendations to federal, state, and local government entities, private entities, and critical infrastructure owners and operators.〔 The bill would direct the Secretary, in coordination with SCCs, ISACs, and federal, state, and local governments, to develop, regularly update, and exercise a National Cybersecurity Incident Response Plan.〔 The bill would require the Secretary to develop a comprehensive workforce strategy to enhance the readiness, capacity, training, recruitment, and retention of DHS cybersecurity personnel, including a 5-year recruitment plan and 10-year projections of workforce needs.〔 The bill would redesignate the National Protection and Programs Directorate as the Cybersecurity and Infrastructure Protection Directorate.〔 The bill would direct the National Institute of Standards and Technology (NIST) to facilitate and support the development of a voluntary, industry-led set of standards and processes to reduce cyber risks to critical infrastructure. Prohibits NIST from requiring the use of specific solutions, products, services, or manufacturing or design techniques.〔 The bill would require the Secretary to: (1) meet biannually with each SCC, and (2) submit annual reports to Congress on the state of cybersecurity in each sector.〔 The bill would expand liability protections for technology providers under the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 to include designated cybersecurity technologies deployed in defense of qualifying cyber incidents, which include: (1) unlawful or unauthorized access incidents; (2) disruption of the integrity, operation, confidentiality, or availability of programmable electronic devices or communication networks; (3) misappropriation, corruption, or disruption of data, assets, information, or intellectual property; and (4) harm inside or outside the United States that results in damages, disruptions, or casualties severely affecting the U.S. population, infrastructure, economy, national morale, or federal, state, local, or tribal government functions.〔 The bill would prohibit this Act from being construed to: (1) create or authorize any new regulations or additional federal government regulatory authority, or (2) authorize the appropriation of any additional funds.〔 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「National Cybersecurity and Critical Infrastructure Protection Act of 2013」の詳細全文を読む スポンサード リンク
|