Sec. 9. Cybersecurity protections in future rolling stock procurements
557 words·~3 min read·
/bill/116/s/1663/is/section-9A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Transit Authority may not use financial assistance made available under this Act or an amendment made by this Act in awarding a contract or subcontract to an entity on or after the date of enactment of this Act for the procurement of rail rolling stock for use in the public transportation system operated by the Transit Authority if the manufacturer of the rail rolling stock is owned or controlled by, is a subsidiary of, or is otherwise related legally or financially to a corporation based in a country that— is identified as a nonmarket economy country (as defined in section 771(18) of the Tariff Act of 1930 ( 19 U.S.C. 1677(18) )) as of the date of enactment of this Act; was identified by the United States Trade Representative in the most recent report required by section 182 of the Trade Act of 1974 ( 19 U.S.C. 2242 ) as a priority foreign country under subsection (a)(2) of that section; and is subject to monitoring by the Trade Representative under section 306 of the Trade Act of 1974 ( 19 U.S.C. 2416 ).
For purposes of paragraph (1), the term otherwise related legally or financially does not include a minority relationship or investment. This subsection shall be applied in a manner consistent with the obligations of the United States under international agreements. As a condition of financial assistance made available to the Transit Authority in a fiscal year under this Act or an amendment made by this Act, the Transit Authority shall certify in that fiscal year that the Transit Authority will not award any contract or subcontract for the procurement of rail rolling stock for use in the public transportation system operated by the Transit Authority to a rail rolling stock manufacturer described in paragraph (1).
The certification required under this paragraph shall be in addition to any certification the Secretary establishes to ensure compliance with the requirements of paragraph (1). As a condition of financial assistance made available to the Transit Authority under this Act or an amendment made by this Act, the Transit Authority shall certify that the Transit Authority has established a process to develop, maintain, and execute a written plan for identifying and reducing cybersecurity risks to the rail fixed guideway public transportation system operated by the Transit Authority.
For the process required under paragraph (1), the Transit Authority shall— utilize the approach described by the voluntary standards and best practices developed under section 2(c)(15) of the National Institute of Standards and Technology Act ( 15 U.S.C. 272(c)(15) ), as applicable; identify hardware and software that the Transit Authority determines should undergo third-party testing and analysis to mitigate cybersecurity risks, such as hardware or software for rail rolling stock under proposed procurements; and utilize the approach described in any voluntary standards and best practices for rail fixed guideway public transportation systems developed under the authority of the Secretary of Homeland Security, as applicable.
Nothing in this subsection shall be construed to interfere with the authority of— the Secretary of Homeland Security to publish or ensure compliance with requirements or standards concerning cybersecurity for rail fixed guideway public transportation systems; or the Secretary of Transportation under section 5329 of title 49, United States Code, to address cybersecurity issues as those issues relate to the safety of rail fixed guideway public transportation systems.
Connectionstraces to 4
Citation graph
cites case law
Sec. 9
Cybersecurity protections in future rolling stock procurements
Cites 4Cited by 0 across 0 sources