Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 113th Congress · S. 2410 (Placed on Calendar Senate) — To authorize appropriations for fiscal year 2015 for military activities of the Department of Defense, for military c... · Sec. 1645

Sec. 1645. Reporting on penetrations into networks and information systems of operationally critical contractors

554 words·~3 min read·/bill/113/s/2410/pcs/section-1645

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Secretary of Defense shall establish procedures that require an operationally critical contractor to report to the component of the Department of Defense designated by the Secretary pursuant to subsection (d)(2)(A) when a network or information system of such operationally critical contractor is successfully penetrated by a known or suspected advanced persistent threat actor. For purposes of this section, advanced persistent threats shall consist of such threats as the Secretary shall specify for the procedures established under this subsection. The procedures established pursuant to subsection
(a)shall include a process for— designating operationally critical contractors; and notifying a contractor that it has been designated as an operationally critical contractor. The procedures established pursuant to subsection
(a)shall require each operationally critical contractor to rapidly report to the component of the Department designated pursuant to subsection (d)(2)(A) on each successful penetration of any network or information systems of such contractor. Each such report shall include the following: The technique or method used in such penetration. A sample of any malicious software, if discovered and isolated by the contractor, involved in such penetration. The procedures established pursuant to subsection
(a)shall include mechanisms for Department personnel to— if requested, assist operationally critical contractors in detecting and mitigating penetrations; and upon request, obtain access to equipment or information of an operationally critical contractor necessary to conduct forensic analysis in addition to any analysis conducted by such contractor. The procedures established pursuant to subsection
(a)shall provide for the reasonable protection of trade secrets, commercial or financial information, and information that can be used to identify a specific person. The procedures established pursuant to subsection
(a)shall permit the dissemination of information obtained or derived through the procedures to agencies that conduct counterintelligence investigations for their use in such investigations. The Secretary shall establish the procedures required by subsection
(a)by not later than 90 days after the date of the enactment of this Act. The procedures shall take effect on the date of establishment. Not later than 90 days after the date of the enactment of the Act, the Secretary shall complete an assessment of— requirements that were in effect on the day before the date of the enactment of this Act for contractors to share information with Department components regarding successful penetrations into networks or information systems of contractors; and Department policies and systems for sharing information on successful penetrations into networks or information systems of Department contractors. Upon completion of the assessment required by paragraph (1), the Secretary shall— designate a single Department component to receive reports from Department contractors or other governmental agencies on successful penetrations into Department contractor networks or information systems; and issue or revise guidance applicable to Department components that ensures the rapid sharing by the component designated pursuant to subparagraph
(A)of information relating to successful penetrations into networks or information systems of contractors with other appropriate Department components. In this section: The term contingency operation has the meaning given that term in section 101(a)(13) of title 10, United States Code. The term operationally critical contractor means a contractor designated by the Secretary for purposes of this section as a critical source of supply for airlift, sealift, intermodal transportation services, or logistical support that is essential to the mobilization, deployment, or sustainment of the Armed Forces in a contingency operation.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.