Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 114th Congress · S. 2943 (Enrolled) — To authorize appropriations for fiscal year 2017 for military activities of the Department of Defense, for military c... · Sec. 1650

Sec. 1650. Evaluation of cyber vulnerabilities of Department of Defense critical infrastructure

701 words·~3 min read·/bill/114/s/2943/enr/section-1650·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 180 days after the date of the enactment of this Act, the Secretary shall submit to the congressional defense committees a plan for the evaluation of the cyber vulnerabilities of the critical infrastructure of the Department of Defense. The plan under paragraph
(1)shall include— an identification of each of the military installations to be evaluated; and an estimate of the cost of the evaluation. The plan under paragraph
(1)shall prioritize the evaluation of military installations based on the criticality of the infrastructure supporting such installations, as determined by the Chairman of the Joint Chiefs of Staff based on an assessment of— the Armed Forces stationed at such military installations; and threats to such military installations. The plan under paragraph
(1)shall build upon other efforts of Department of Defense relating to the identification and mitigation of cyber vulnerabilities of major weapon systems and critical infrastructure of the Department and shall not duplicate such efforts. Not later than 30 days after the date on which the Secretary submits the plan under subsection (a), the Secretary, acting through a covered research laboratory, shall initiate a pilot program under which the Secretary shall assess the feasibility and advisability of applying new, innovative methodologies or engineering approaches— to improve the defense of control systems against cyber attacks; to increase the resilience of military installations against cybersecurity threats; to prevent or mitigate the potential for high-consequence cyber attacks; and to inform future requirements for the development of such control systems. The Secretary shall carry out the pilot program under paragraph
(1)at not fewer than two military installations selected by the Secretary from among military installations that support the most critical mission-essential functions of the Department of Defense as identified in the plan under subsection (a). In carrying out the pilot program under paragraph (1), the Secretary may use tools and solutions developed under subsection (e). Not later than December 31, 2019, the Secretary shall submit to the congressional defense committees a final report on the pilot program that includes— a description of the activities carried out under the pilot program at each military installation concerned; an assessment of the value of the methodologies or tools applied during the pilot program in increasing the resilience of military installations against cybersecurity threats; recommendations for administrative or legislative actions to improve the ability of the Department to employ methodologies and tools for reducing cyber vulnerabilities in other activities of the Department of Defense; and recommendations for including such methodologies or tools as requirements for relevant activities, including technical requirements for systems or military construction projects. The authority of the Secretary to carry out the pilot program under this subsection shall terminate on September 30, 2019. Not later than December 31, 2020, the Secretary shall complete an evaluation of the cyber vulnerabilities of the critical infrastructure of the Department of Defense in accordance with the plan under subsection (a). The Secretary shall develop strategies for mitigating the risks of cyber vulnerabilities identified in the course of the evaluation under paragraph (1). The Secretary shall include in each quarterly cyber operations briefing submitted to Congress under section 484 of title 10, United States Code, a summary of any activities carried out as part of— the pilot program under subsection (b); or the evaluation under subsection (c). The Secretary may— develop tools that improve assessments of cyber vulnerabilities of Department of Defense critical infrastructure; conduct non-recurring engineering for the design of mitigation solutions for such vulnerabilities; and establish Department-wide information repositories to share findings relating to such assessments and to share such mitigation solutions. In this section: The term critical infrastructure of the Department of Defense means any asset of the Department of Defense of such extraordinary importance to the functioning of the Department and the operation of the Armed Forces that the incapacitation or destruction of such asset by a cyber attack would have a debilitating effect on the ability of the Department to fulfill its missions. The term covered research laboratory means— a research laboratory of the Department of Defense; or a research laboratory of the Department of Energy approved by the Secretary of Energy to carry out the pilot program under subsection (b).
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.