Sec. 1631. Cyber threat information collaboration environment
1,574 words·~7 min read·
/bill/116/hr/6395/eh/section-1631A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In consultation with the Cyber Threat Data Standards and Interoperability Council established pursuant to subsection (d), the Secretary of Homeland Security, in coordination with the Secretary of Defense and the Director of National Intelligence (acting through the Director of the National Security Agency), shall develop an information collaboration environment and associated analytic tools that enable entities to identify, mitigate, and prevent malicious cyber activity to— provide limited access to appropriate operationally relevant data about cybersecurity risks and cybersecurity threats, including malware forensics and data from network sensor programs, on a platform that enables query and analysis; allow such tools to be used in classified and unclassified environments drawing on classified and unclassified data sets; enable cross-correlation of data on cybersecurity risks and cybersecurity threats at the speed and scale necessary for rapid detection and identification; facilitate a comprehensive understanding of cybersecurity risks and cybersecurity threats; and facilitate collaborative analysis between the Federal Government and private sector critical infrastructure entities and information and analysis organizations.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, in coordination with the Secretary of Defense and the Director of National Intelligence (acting through the Director of the National Security Agency), shall— identify, inventory, and evaluate existing Federal sources of classified and unclassified information on cybersecurity threats; evaluate current programs, applications, or platforms intended to detect, identify, analyze, and monitor cybersecurity risks and cybersecurity threats; and coordinate with private sector critical infrastructure entities and, as determined appropriate by the Secretary of Homeland Security, in consultation with the Secretary of Defense, other private sector entities, to identify private sector cyber threat capabilities, needs, and gaps.
Not later than 1 year after the evaluation required under paragraph (1), the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with the Secretary of Defense and the Director of National Intelligence (acting through the Director of the National Security Agency), shall begin implementation of the information collaboration environment developed pursuant to subsection
(a)to enable participants in such environment to develop and run analytic tools referred to in such subsection on specified data sets for the purpose of identifying, mitigating, and preventing malicious cyber activity that is a threat to government and critical infrastructure. Such environment and use of such tools shall— operate in a manner consistent with relevant privacy, civil rights, and civil liberties policies and protections, including such policies and protections established pursuant to section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 ( 6 U.S.C. 485 ); account for appropriate data standards and interoperability requirements, consistent with the standards set forth in subsection (d); enable integration of current applications, platforms, data, and information, including classified information, in a manner that supports integration of unclassified and classified information on cybersecurity risks and cybersecurity threats; incorporate tools to manage access to classified and unclassified data, as appropriate; ensure accessibility by entities the Secretary of Homeland Security, in consultation with the Secretary of Defense and the Director of National Intelligence (acting through the Director of the National Security Agency), determines appropriate; allow for access by critical infrastructure stakeholders and other private sector partners, at the discretion of the Secretary of Homeland Security, in consultation with the Secretary of Defense; deploy analytic tools across classification levels to leverage all relevant data sets, as appropriate; identify tools and analytical software that can be applied and shared to manipulate, transform, and display data and other identified needs; and anticipate the integration of new technologies and data streams, including data from government-sponsored network sensors or network-monitoring programs deployed in support of State, local, Tribal, and territorial governments or private sector entities. The Secretary of Homeland Security and the Director of National Intelligence (acting through the Director of the Cybersecurity and Infrastructure Security Agency and the Director of the National Security Agency, respectively) shall direct the Privacy, Civil Rights, and Civil Liberties Officers of their respective agencies, in consultation with Privacy, Civil Rights, and Civil Liberties Officers of other Federal agencies participating in the information collaboration environment, to conduct an annual review of the information collaboration environment for compliance with fair information practices and civil rights and civil liberties policies. Each such report shall be— unclassified, to the maximum extent possible, but may contain a non-public or classified annex to protect sources or methods and any other sensitive information restricted by Federal law; with respect to the unclassified portions of each such report, made available on the public internet websites of the Department of Homeland Security and the Office of the Director of National Intelligence— not later than 30 days after submission to the appropriate congressional committees; and in an electronic format that is fully indexed and searchable; and with respect to a classified annex, submitted to the appropriate congressional committees in an electronic format that is fully indexed and searchable. Not later than 2 years after the implementation of the information collaboration environment under subsection (b), the Secretary of Homeland Security, the Secretary of Defense, and the Director of National Intelligence (acting through the Director of the National Security Agency) shall jointly submit to te appropriate congressional committees an assessment of whether to include additional entities, including critical infrastructure information sharing and analysis organizations, in such environment. There is established an interagency council, to be known as the Cyber Threat Data Standards and Interoperability Council (in this subsection referred to as the council ), chaired by the Secretary of Homeland Security, to establish data standards and requirements for public and private sector entities to participate in the information collaboration environment developed pursuant to subsection (a). In addition to the Secretary of Homeland Security, the council shall be composed of the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, the Secretary of Defense, and the Director of National Intelligence (acting through the Director of the National Security Agency). The President shall identify and appoint council members from public and private sector entities who oversee programs that generate, collect, or disseminate data or information related to the detection, identification, analysis, and monitoring of cybersecurity risks and cybersecurity threats, based on recommendations submitted by the Secretary of Homeland Security, the Secretary of Defense, and the Director of National Intelligence (acting through the Director of the National Security Agency). The council shall identify, designate, and periodically update programs that shall participate in or be interoperable with the information collaboration environment developed pursuant to subsection (a), which may include the following: Network-monitoring and intrusion detection programs. Cyber threat indicator sharing programs. Certain government-sponsored network sensors or network-monitoring programs. Incident response and cybersecurity technical assistance programs. Malware forensics and reverse-engineering programs. The defense industrial base threat intelligence program of the Department of Defense. The council shall establish a committee comprised of the privacy officers of the Department of Homeland Security, the Department of Defense, and the National Security Agency. Such committee shall establish procedures and data governance structures, as necessary, to protect sensitive data, comply with Federal regulations and statutes, and respect existing consent agreements with private sector critical infrastructure entities that apply to critical infrastructure information. The council shall, as appropriate, submit recommendations to the President to support the operation, adaptation, and security of the information collaboration environment developed pursuant to subsection (a). Nothing in section may be construed to— alter the responsibility of entities to follow guidelines issued pursuant to section 105(b) of the Cybersecurity Act of 2015 ( 6 U.S.C. 1504(b) ; enacted as division N of the Consolidated Appropriations Act, 2016 ( Public Law 114–113 )) with respect to data obtained by an entity in connection with activities authorized under the Cybersecurity Act of 2015 and shared through the information collaboration environment developed pursuant to subsection (a); or authorize Federal or private entities to share information in a manner not already permitted by law. In this section: The term appropriate congressional committees means— in the House of Representatives— the Permanent Select Committee on Intelligence; the Committee on Homeland Security; the Committee on the Judiciary; and the Committee on Armed Services; and in the Senate— the Select Committee on Intelligence; the Committee on Homeland Security and Governmental Affairs; the Committee on the Judiciary; and the Committee on Armed Services. The term critical infrastructure has the meaning given such term in section 1016(e) of Public Law 107–56 ( 42 U.S.C. 5195c(e) ). The term critical infrastructure information has the meaning given such term in section 2222 of the Homeland Security Act of 2002 ( 6 U.S.C. 671 ). The term cyber threat indicator has the meaning given such term in section 102(6) of the Cybersecurity Act of 2015 (enacted as division N of the Consolidated Appropriations Act, 2016 ( Public Law 114–113 ; 6 U.S.C. 1501(6) )). The term cybersecurity risk has the meaning given such term in section 2209 of the Homeland Security Act of 2002 ( 6 U.S.C. 659 ). The term cybersecurity threat has the meaning given such term in section 102(5) of the Cybersecurity Act of 2015 (enacted as division N of the Consolidated Appropriations Act, 2016 ( Public Law 114–113 ; 6 U.S.C. 1501(5) )). The term information sharing and analysis organization has the meaning given such term in section 2222 of the Homeland Security Act of 2002 ( 6 U.S.C. 671 ).
Connectionstraces to 7
Traces to 7 documents
U.S. Code
public-private-law
1 reference not yet in our index
- Pub. L. 107-56
Citation graph
cites case law
Sec. 1631
Cyber threat information collaboration environment
Pub. L.Pub. L. 107-56
Cites 8Cited by 0 across 0 sources