Sec. 1640. Strategic Cybersecurity Program
532 words·~2 min read·
/bill/115/hr/2810/enr/section-1640·A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Defense, in consultation with the Director of the National Security Agency, shall submit to the congressional defense committees a plan for the establishment of a program to be known as the Strategic Cybersecurity Program or SCP (in this section referred to as the Program ). The Program shall be comprised of personnel assigned to the Program by the Secretary of Defense from among personnel, including regular and reserve members of the Armed Forces, civilian employees of the Department, and personnel of the research laboratories of the Department of Defense and the Department of Energy, who have particular expertise in the areas of responsibility described in subsection (c).
Any personnel assigned to the Program from among personnel of the Department of Energy shall be so assigned with the concurrence of the Secretary of Energy. Personnel assigned to the Program shall assist the Department of Defense in improving the cybersecurity of the following systems of the Federal Government: Offensive cyber systems. Long-range strike systems. Nuclear deterrent systems. National security systems. Critical infrastructure of the Department of Defense (as that term is defined in section 1650(f)(1) of the National Defense Authorization Act for Fiscal Year 2017 ( Public Law 114–328 ; 10 U.S.C. 2224 note)).
In carrying out the activities described in paragraph (1), the personnel assigned to the Program shall conduct appropriate reviews of existing systems and infrastructure and acquisition plans for proposed systems and infrastructure. The review of an acquisition plan for any proposed system or infrastructure shall be carried out before Milestone B approval for such system or infrastructure. The results of each review carried out under paragraph (2), including any remedial action recommended pursuant to such review, shall be made available to any agencies or organizations of the Department involved in the development, procurement, operation, or maintenance of the system or infrastructure concerned.
The plan required under subsection
(a)shall build upon, and shall not duplicate, other efforts of the Department of Defense relating to cybersecurity, including— the evaluation of cyber vulnerabilities of major weapon systems of the Department of Defense required under section 1647 of the National Defense Authorization Act for Fiscal Year 2016 (114–92; 129 Stat. 1118); the evaluation of cyber vulnerabilities of Department of Defense critical infrastructure required under section 1650 of the National Defense Authorization Act for Fiscal Year 2017 ( Public Law 114–328 ; 10 U.S.C. 2224 note); and the activities of the cyber protection teams of the Department of Defense. Not later than one year after the date on which the plan is submitted to the congressional defense committees under subsection (a), the Secretary of Defense shall submit to the congressional defense committees a report on any activities carried out pursuant to such plan. The report shall include the following: A description of any activities of the Program carried out pursuant to the plan during the time period covered by the report. A description of particular challenges encountered in the course of the activities of the Program, if any, and of actions taken to address such challenges. A description of any plans for additional activities under the Program.
Connectionstraces to 2
Traces to 2 documents
1 reference not yet in our index
- 129 Stat. 1118
Citation graph
cites case law
Cites 3Cited by 0 across 0 sources