Sec. 7. Regulators of critical infrastructure
216 words·~1 min read·
/bill/113/s/1638/is/section-7A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section— the term critical infrastructure sector means any sector identified in Presidential Policy Directive–21, issued February 12, 2013 (or any successor thereto); and the term relevant agencies means— the sector-specific agencies identified in Presidential Policy Directive–21, issued February 12, 2013 (or any successor thereto); and each agency (as defined in section 3502(1) of title 44, United States Code) that has substantial regulatory authority in a critical infrastructure sector.
Not later than 180 days after the date of enactment of this Act, and annually thereafter for 3 years, the Secretary of Homeland Security, in consultation with relevant agencies, shall submit to Congress a report that describes the— nature and state of the vulnerabilities to cyber threats of each critical infrastructure sector; prevalence and seriousness of cyber threats in each critical infrastructure sector; recommended steps to thwart or diminish cyber threats; and the degree to which cybersecurity and information assurance cooperative activities with private sector partners developed by the Department of Defense and its defense industrial base have been employed in each critical infrastructure sector.
Each report submitted under this section— shall be in unclassified form; shall not— identify any individual private sector entity; and include proprietary or sensitive business information; and may include a classified annex as necessary to protect sources, methods, and national security.