Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · H.R. 6395 (Engrossed in House) — To authorize appropriations for fiscal year 2021 for military activities of the Department of Defense, for military c... · Sec. 1784

Sec. 1784. Sector Risk Management Agencies

1,185 words·~5 min read·/bill/116/hr/6395/eh/section-1784

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this Act: The term appropriate congressional committees means the Committee on Homeland Security and the Committee on Armed Services in the House of Representatives and the Committee on Homeland Security and Governmental Affairs and Committee on Armed Services in the Senate. The term critical infrastructure has the meaning given that term in section 2(4) of the Homeland Security Act of 2002. The term Department means the Department of Homeland Security. The term Director means the Director of the Cybersecurity and Infrastructure Security Agency of the Department.
The term information sharing and analysis organization has the meaning given that term in section 2222(5) of the Homeland Security Act of 2002. The term Secretary means the Secretary of Homeland Security. The term sector risk management agency has the meaning given that term in section 2201(5) of the Homeland Security Act of 2002. Not later than 180 days after the date of the enactment of this Act, the Secretary shall review the current framework for securing critical infrastructure, as described in section 2202(c)(4) of the Homeland Security Act and Presidential Policy Directive 21, and submit a report to the President containing recommendations for— any revisions to the current framework for securing critical infrastructure; any revisions to the list of critical infrastructure sectors set forth in Presidential Policy Directive 21 or previously designated subsectors; and any revisions to the list of designated Federal departments or agencies that serve as the Sector Risk Management Agency for a sector or subsector, necessary to comply with paragraph (3)(B).
At least once every 5 years, the Secretary, in consultation with the Director, shall— evaluate the current list of critical infrastructure sectors and subsectors and the appropriateness of Sector Risk Management Agency designations, as set forth in Presidential Policy Directive 21, or any successor document or policy; and recommend to the President— any revisions to the list of critical infrastructure sectors or subsectors; and any revisions to the designation of any Federal department or agency designated as the Sector Risk Management Agency for a sector or subsector.
Not later than 180 days after a recommendation by the Secretary pursuant to paragraph (2), the President shall— review the recommendation and revise, as appropriate, the designation of a critical infrastructure sector or subsector or the designation of a Sector Risk Management Agency; or submit a report to appropriate congressional committees, and the Majority and Minority Leaders of the Senate and the Speaker and Minority Leader of the House of Representatives, explaining the basis for rejecting the recommendations of the Secretary.
The President may only designate an agency under this subsection if the agency is referenced in section 205 of the Chief Financial Officers Act of 1990 ( 42 U.S.C. 901 ). Any designation of critical infrastructure sectors shall be published in the Federal Register. Any reference to a sector-specific agency in any law, regulation, map, document, record, or other paper of the United States shall be deemed to be a reference to the Sector Risk Management Agency of the relevant critical infrastructure sector.
Subtitle A of title XXII of the Homeland Security Act of 2002 is amended by adding at the end the following new section: Each Sector Risk Management Agency, as designated by law or presidential directive, shall— provide specialized sector-specific expertise to critical infrastructure owners and operators within the relevant sector; and support programs and associated activities of its designated critical infrastructure sector in coordination with the Director. In carrying out this section, Sector Risk Management Agencies shall— coordinate with the Department and other relevant Federal departments and agencies, as appropriate; collaborate with critical infrastructure owners and operators within the designated critical infrastructure sector or subsector; and coordinate with independent regulatory agencies, and State, local, Tribal, and territorial entities, as appropriate.
Each Sector Risk Management Agency shall utilize its specialized expertise about its designated critical infrastructure sector or subsector and authorities under applicable law to— support sector risk management, including— establishing and carrying out programs, in coordination with the Director, to assist critical infrastructure owners and operators within the designated sector in identifying, understanding, and mitigating threats, vulnerabilities, and risks to their systems or assets, or within a region or sector; and recommending security measures to mitigate the consequences of destruction, compromise, and disruption of systems and assets; assess sector risk, including— identifying, assessing, and prioritizing risks within the designated sector, considering physical and cyber threats, vulnerabilities, and consequences; and supporting national risk assessment efforts led by the Department, through the Director; sector coordination, including— serving as a day-to-day Federal interface for the prioritization and coordination of sector-specific activities and responsibilities under this section; serving as the government coordinating council chair for the designated sector or subsector; and participating in cross-sector coordinating councils, as appropriate; facilitating the sharing of information about cyber and physical threats within the sector to the Department, including— facilitating, in coordination with the Director, access to, and exchange of, information and intelligence necessary to strengthen the security of critical infrastructure, including through information sharing and analysis organizations and the national cybersecurity and communications integration center established in section 2209 of the Homeland Security Act of 2002; facilitating the identification of intelligence needs and priorities of critical infrastructure owners and operators in the sector, in coordination with the Director, the Office of Director of National Intelligence, and other Federal departments and agencies, as appropriate; providing the Director ongoing, and where possible, real-time awareness of identified threats, vulnerabilities, mitigations, and other actions related to the security of the sector; and supporting the reporting requirements of the Department of Homeland Security under applicable law by providing, on an annual basis, sector-specific critical infrastructure information; supporting incident management, including— supporting, in coordination with the Director, incident management and restoration efforts during or following a security incident; and supporting the Director, upon request, in conducting vulnerability assessments and asset response activities for critical infrastructure; and contributing to emergency preparedness efforts, including— coordinating with critical infrastructure owners and operators within the designated sector, as well as the Director, in the development of planning documents for coordinated action in the event of a natural disaster, act of terrorism, or other man-made disaster or emergency; conducting exercises and simulations of potential natural disasters, acts of terrorism, or other man-made disasters or emergencies within the sector; and supporting the Department and other Federal departments or agencies in developing planning documents or conducting exercises or simulations relevant to their assigned sector. .
The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 2214 the following new item: Sec. 2215. Sector risk management agencies. . Not later than 2 years after the date of the enactment of this Act and every 4 years thereafter, the Comptroller General of the United States shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the effectiveness of Sector Risk Management Agencies in carrying out their responsibilities under section 2215 of the Homeland Security Act of 2002, as added by this section.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1784
Sector Risk Management Agencies
U.S.C.§ 901
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.