Sec. 606. Reviews of intelligence community cyber threat sharing posture and National Security Directive 42
421 words·~2 min read·
/bill/116/hr/7856/ih/section-606A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Director of National Intelligence, after coordinating with the Secretary of Homeland Security, shall conduct a review of applicable laws, policies, procedures, and resources of the intelligence community that apply to the intelligence community’s understanding of cybersecurity threats to covered entities. Such review shall address the ability of the intelligence community to share cyber threat information with the Federal departments and agencies responsible for providing warning and indicators to covered entities to enable them to defend against such threats. The review required under subsection
(a)shall include a consideration of each of the following: The capabilities and limitations of the intelligence community in collection on foreign adversary malicious cyber activity targeting covered entities. The ability of the intelligence community to share cyber threat intelligence information with covered entities. Procedures for the sanitization and declassification of intelligence, including the efficiency of such procedures. Which criteria and procedures should be implemented to identify intelligence community products for expedited sharing. Current and projected national intelligence requirements that relate to cybersecurity threats to covered entities. Budgetary changes to ensure that the intelligence community is postured to provide adequate indicators and warning of cybersecurity threats to covered entities. Not later than December 31, 2021, the Director of National Intelligence shall submit to the appropriate congressional committees a report on the review required under this subsection. The report required under subparagraph
(A)may be submitted in classified or unclassified form. If such report is submitted in unclassified form, it may include a classified annex. Not later than December 31, 2021, the Secretary of Defense and the Director of National Intelligence shall submit to the appropriate congressional committees a report containing the results of a review of the implementation and effectiveness of National Security Directive 42, with a specific focus on the role of the National Manager for National Security Systems. Such review shall include— an appraisal of the National Manager’s authorities and resources; consideration of the definition of national security system ; and recommendations to improve the cybersecurity posture of national security assets, including such assets controlled or accessed by covered entities. In this section: The term appropriate congressional committees means— the Select Committee on Intelligence and the Committee on Homeland Security and Governmental Affairs of the Senate; and the Permanent Select Committee on Intelligence and the Committee on Homeland Security of the House of Representatives. The term covered entities means— owners and operators of critical infrastructure; and academic institutions in the United States, corporations incorporated in the United States, and corporations operating inside the United States.