Sec. 5. Duty of Secretary of Homeland Security to notify State and local officials of election cybersecurity incidents
757 words·~3 min read·
/bill/116/hr/3412/ih/section-5A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
If a Federal entity receives information about an election cybersecurity incident, the Federal entity shall promptly share that information with the Department of Homeland Security, unless the head of the entity (or a Senate-confirmed official designated by the head) makes a specific determination in writing that there is good cause to withhold the particular information. Upon receiving information about an election cybersecurity incident under subsection (a), the Secretary of Homeland Security, in consultation with the Attorney General, the Director of the Federal Bureau of Investigation, and the Director of National Intelligence, shall promptly (but in no case later than 96 hours after receiving the information) review the information and make a determination whether each of the following apply:
There is credible evidence that the incident occurred. There is a basis to believe that the incident resulted, could have resulted, or could result in voter information systems or voter tabulation systems being altered or otherwise affected. If the Secretary makes a determination under paragraph
(1)that subparagraphs
(A)and
(B)of such paragraph apply with respect to an election cybersecurity incident, not later than 96 hours after making the determination, the Secretary shall provide a notification of the incident to each of the following: The chief executive of the State involved. The State election official of the State involved. The local election official of the election agency involved. In preparing a notification provided under this paragraph to an individual described in clause (i), (ii), or
(iii)of subparagraph (A), the Secretary shall attempt to avoid the inclusion of classified information. To the extent that a notification provided under this paragraph to an individual described in clause (i), (ii), or
(iii)of subparagraph
(A)includes classified information, the Secretary (in consultation with the Attorney General and the Director of National Intelligence) shall indicate in the notification which information is classified. If the Secretary, in consultation with the Attorney General and the Director of National Intelligence, makes a determination that it is not possible to provide a notification under paragraph
(1)with respect to an election cybersecurity incident without compromising intelligence methods or sources or interfering with an ongoing investigation, the Secretary shall not provide the notification under such paragraph. Not later than 30 days after making a determination under subparagraph
(A)and every 30 days thereafter, the Secretary shall review the determination. If, after reviewing the determination, the Secretary makes a revised determination that it is possible to provide a notification under paragraph
(2)without compromising intelligence methods or sources or interfering with an ongoing investigation, the Secretary shall provide the notification under paragraph
(2)not later than 96 hours after making such revised determination. In this section, the following definitions apply: The term election agency means any component of a State, or any component of a unit of local government in a State, which is responsible for the administration of elections for Federal office in the State. The term election cybersecurity incident means an occurrence that actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system of election infrastructure, or actually or imminently jeopardizes, without lawful authority, an information system of election infrastructure. The term Federal election means any election (as defined in section 301(1) of the Federal Election Campaign Act of 1971 ( 52 U.S.C. 30101(1) )) for Federal office (as defined in section 301(3) of the Federal Election Campaign Act of 1971 ( 52 U.S.C. 30101(3) )). The term Federal entity means any agency (as defined in section 551 of title 5, United States Code). The term local election official means the chief election official of a component of a unit of local government of a State that is responsible for administering Federal elections. The term Secretary means the Secretary of Homeland Security. The term State means each of the several States, the District of Columbia, the Commonwealth of Puerto Rico, Guam, American Samoa, the Commonwealth of Northern Mariana Islands, and the United States Virgin Islands. The term State election official means— the chief State election official of a State designated under section 10 of the National Voter Registration Act of 1993 ( 52 U.S.C. 20509 ); or in the case of Puerto Rico, Guam, American Samoa, the Northern Mariana Islands, and the United States Virgin Islands, a chief State election official designated by the State for purposes of this Act. This section shall apply with respect to information about an election cybersecurity incident which is received on or after the date of the enactment of this Act.
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Sec. 5
Duty of Secretary of Homeland Security to notify State and local officials of election cybersecurity incidents
Cites 2Cited by 0 across 0 sources