Sec. 605. Process for identifying cyber threat intelligence needs and priorities
440 words·~2 min read·
/bill/116/hr/7856/ih/section-605A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of the enactment of this Act, the Director of National Intelligence, in coordination with the Secretary of Homeland Security and Sector-Specific Agencies the Director determines appropriate, shall establish a formal process to solicit and compile information needs of covered entities to improve the defenses of such entities against foreign cybersecurity threats. The Director shall ensure that the information compiled under paragraph
(1)is current by continuing to solicit and compile information under such paragraph as follows: By not later than 30 days after the date on which the Director first establishes the process under such paragraph. On a biennial basis thereafter. Using the information solicited and compiled under subsection (a), and using any other intelligence information and processes, the Director, in coordination with the Secretary, shall conduct an evaluation with respect to the intelligence needs relating to foreign cybersecurity threats. Such evaluation shall— identify common technologies or interdependencies that are likely to be targeted by nation-state adversaries; identify foreign intelligence gaps regarding foreign cybersecurity threats to covered entities; identify and execute methods of empowering Sector-Specific Agencies to— identify specific critical lines of businesses, technologies, and processes within their respective sectors; and coordinate directly with the intelligence community regarding sector-specific cybersecurity threat; and consider whether to enhance or adjust national intelligence collection and analysis priorities. Not later than 90 days after the date on which the Director conducts the evaluation under subsection (b), and annually thereafter, the Director and the Secretary shall jointly submit to the appropriate congressional committees a report that— assesses how the cybersecurity threat information obtained from covered entities is shaping intelligence collection and dissemination activities; evaluates the success of the intelligence community in sharing relevant, actionable cybersecurity threat intelligence with such entities; and addresses any legislative or policy changes necessary to enhance the cybersecurity of such entities. In this section: The term appropriate congressional committees means the following: The congressional intelligence committees. The Committee on Homeland Security and the Committee on Armed Services of the House of Representatives. The Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services of the Senate. The term covered entities means owners and operators of critical infrastructure. The term critical infrastructure has the meaning given that term in section 1016(e) of the USA PATRIOT Act ( 42 U.S.C. 5195c(e) ). The term cybersecurity threat has the meaning given that term in section 2201(3) of the Homeland Security Act of 2002 ( 6 U.S.C. 651(3) ). The term Sector-Specific Agency has the meaning given that term in section 2201(5) of the Homeland Security Act of 2002 ( 6 U.S.C. 651(5) ).
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Sec. 605
Process for identifying cyber threat intelligence needs and priorities
Cites 2Cited by 0 across 0 sources