Sec. 407. Strategy to protect critical infrastructure at greatest risk
465 words·~2 min read·
/bill/114/s/754/es/section-407A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section: The term appropriate agency means, with respect to a covered entity— except as provided in subparagraph (B), the applicable sector-specific agency; or in the case of a covered entity that is regulated by a Federal entity, such Federal entity. The term appropriate agency head means, with respect to a covered entity, the head of the appropriate agency. The term covered entity means an entity identified pursuant to section 9(a) of Executive Order 13636 of February 12, 2013 (78 Fed. Reg. 11742), relating to identification of critical infrastructure where a cybersecurity incident could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.
The term appropriate congressional committees means— the Select Committee on Intelligence of the Senate; the Permanent Select Committee on Intelligence of the House of Representatives; the Committee on Homeland Security and Governmental Affairs of the Senate; the Committee on Homeland Security of the House of Representatives; the Committee on Energy and Natural Resources of the Senate; the Committee on Energy and Commerce of the House of Representatives; and the Committee on Commerce, Science, and Transportation of the Senate.
The term Secretary means the Secretary of the Department of Homeland Security. No later than 120 days after the date of the enactment of this Act, the Secretary, in conjunction with the appropriate agency head (as the case may be), shall submit to the appropriate congressional committees describing the extent to which each covered entity reports significant intrusions of information systems essential to the operation of critical infrastructure to the Department of Homeland Security or the appropriate agency head in a timely manner.
The report submitted under paragraph
(1)may include a classified annex. No later than 180 days after the date of the enactment of this Act, the Secretary, in conjunction with the appropriate agency head (as the case may be), shall conduct an assessment and develop a strategy that addresses each of the covered entities, to ensure that, to the greatest extent feasible, a cyber security incident affecting such entity would no longer reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security. The strategy submitted by the Secretary with respect to a covered entity shall include the following: An assessment of whether each entity should be required to report cyber security incidents. A description of any identified security gaps that must be addressed. Additional statutory authority necessary to reduce the likelihood that a cyber incident could cause catastrophic regional or national effects on public health or safety, economic security, or national security. The Secretary shall submit to the appropriate congressional committees the assessment and strategy required by paragraph (1). The assessment and strategy submitted under paragraph
(3)may each include a classified annex.
Connectionstraces to 1
Traces to 1 document
1 reference not yet in our index
- 78 FR 11742
Citation graph
cites case law
Sec. 407
Strategy to protect critical infrastructure at greatest risk
Fed. Reg.78 FR 11742
Cites 2Cited by 0 across 0 sources