Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 114th Congress · H.R. 1560 (Received in Senate) — To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, to... · Sec. 202

Sec. 202. National Cybersecurity and Communications Integration Center

854 words·~4 min read·/bill/114/hr/1560/rds/section-202·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Subsection
(a)of the second section 226 of the Homeland Security Act of 2002 ( 6 U.S.C. 148 ; relating to the National Cybersecurity and Communications Integration Center) is amended— by amending paragraph
(1)to read as follows: except as provided in subparagraph (B), the term cybersecurity risk means threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of such information or information systems, including such related consequences caused by an act of terrorism; such term does not include any action that solely involves a violation of a consumer term of service or a consumer licensing agreement; . by amending paragraph
(2)to read as follows: the term incident means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system, or actually or imminently jeopardizes, without lawful authority, an information system; . in paragraph (3), by striking and at the end; in paragraph (4), by striking the period at the end and inserting ; and ; and by adding at the end the following new paragraphs: the term cyber threat indicator means technical information that is necessary to describe or identify— a method for probing, monitoring, maintaining, or establishing network awareness of an information system for the purpose of discerning technical vulnerabilities of such information system, if such method is known or reasonably suspected of being associated with a known or suspected cybersecurity risk, including communications that reasonably appear to be transmitted for the purpose of gathering technical information related to a cybersecurity risk; a method for defeating a technical or security control of an information system; a technical vulnerability, including anomalous technical behavior that may become a vulnerability; a method of causing a user with legitimate access to an information system or information that is stored on, processed by, or transiting an information system to inadvertently enable the defeat of a technical or operational control; a method for unauthorized remote identification of, access to, or use of an information system or information that is stored on, processed by, or transiting an information system that is known or reasonably suspected of being associated with a known or suspected cybersecurity risk; the actual or potential harm caused by a cybersecurity risk, including a description of the information exfiltrated as a result of a particular cybersecurity risk; any other attribute of a cybersecurity risk that cannot be used to identify specific persons reasonably believed to be unrelated to such cybersecurity risk, if disclosure of such attribute is not otherwise prohibited by law; or any combination of subparagraphs
(A)through (G); the term cybersecurity purpose means the purpose of protecting an information system or information that is stored on, processed by, or transiting an information system from a cybersecurity risk or incident, or the purpose of identifying the source of a cybersecurity risk or incident; except as provided in subparagraph (B), the term defensive measure means an action, device, procedure, signature, technique, or other measure applied to an information system or information that is stored on, processed by, or transiting an information system that detects, prevents, or mitigates a known or suspected cybersecurity risk or incident, or any attribute of hardware, software, process, or procedure that could enable or facilitate the defeat of a security control; such term does not include a measure that destroys, renders unusable, or substantially harms an information system or data on an information system not belonging to— the non-Federal entity, not including a State, local, or tribal government, operating such measure; or another Federal entity or non-Federal entity that is authorized to provide consent and has provided such consent to the non-Federal entity referred to in clause (i); the term network awareness means to scan, identify, acquire, monitor, log, or analyze information that is stored on, processed by, or transiting an information system; the term private entity means a non-Federal entity that is an individual or private group, organization, proprietorship, partnership, trust, cooperative, corporation, or other commercial or non-profit entity, including an officer, employee, or agent thereof; such term includes a component of a State, local, or tribal government performing utility services or an entity performing utility services; the term security control means the management, operational, and technical controls used to protect against an unauthorized effort to adversely affect the confidentially, integrity, or availability of an information system or information that is stored on, processed by, or transiting an information system; and the term sharing (including all conjugations thereof) means providing, receiving, and disseminating (including all conjugations of each of such terms). . Subparagraph
(B)of subsection (d)(1) of such second section 226 of the Homeland Security Act of 2002 is amended— in clause (i), by striking and local and inserting , local, and tribal ; in clause (ii)— by inserting , including information sharing and analysis centers before the semicolon; and by striking and at the end; in clause (iii), by inserting and after the semicolon at the end; and by adding at the end the following new clause: private entities; .
Connections1 off-index
1 reference not yet in our index
  • 6 USC 148
Citation graph
cites case law
Sec. 202
National Cybersecurity and Communications Integration Center
Cite6 USC 148
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.