Sec. 4. Duty of Secretary of Homeland Security to notify State and local officials and appropriate Members of Congress of unauthorized intrusions into election systems
498 words·~2 min read·
/bill/116/hr/3529/ih/section-4A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
If a Federal entity receives information about an election cybersecurity incident, the Federal entity shall promptly share that information with the Department, unless the head of the entity (or a Senate-confirmed official designated by the head) makes a specific determination in writing that there is good cause to withhold the particular information. Upon receiving information about an election cybersecurity incident under subsection (a), the Secretary, in consultation with the Attorney General and the Director of National Intelligence, shall promptly (but in no case later than 96 hours after receiving the information) review the information and make a determination whether each of the following apply:
There is credible evidence that an unauthorized intrusion into an election system occurred. There is a basis to believe that the unauthorized intrusion resulted, could have resulted, or could result in voter information systems or voter tabulation systems being altered or otherwise affected. If the Secretary makes a determination under paragraph
(1)that subparagraphs
(A)and
(B)of such paragraph apply with respect to an unauthorized intrusion into an election system, not later than 48 hours after making the determination, the Secretary shall provide a notification of the unauthorized intrusion to each of the following: The chief executive of the State involved. The State election official of the State involved. The local election official of the election agency involved. The appropriate Members of Congress. In preparing a notification provided under this paragraph to an individual described in clause (i), (ii), or
(iii)of subparagraph (A), the Secretary shall attempt to avoid the inclusion of classified information. To the extent that a notification provided under this paragraph to an individual described in clause (i), (ii), or
(iii)of subparagraph
(A)includes classified information, the Secretary (in consultation with the Attorney General and the Director of National Intelligence) shall indicate in the notification which information is classified. If the Secretary, in consultation with the Attorney General and the Director of National Intelligence, makes a determination that it is not possible to provide a notification under paragraph
(1)with respect to an unauthorized intrusion without compromising intelligence methods or sources or interfering with an ongoing investigation, the Secretary— shall not provide the notification under such paragraph; and shall, not later than 48 hours after making the determination under this subparagraph, provide a classified briefing on the unauthorized intrusion to the appropriate Members of Congress. Not later than 30 days after making a determination under subparagraph
(A)and every 30 days thereafter, the Secretary shall review the determination. If, after reviewing the determination, the Secretary makes a revised determination that it is possible to provide a notification under paragraph
(2)without compromising intelligence methods or sources or interfering with an ongoing investigation, the Secretary shall provide the notification under paragraph
(2)not later than 48 hours after making such revised determination. This section shall apply with respect to information about an election cybersecurity incident which is received on or after the date of the enactment of this Act.