Sec. 1504. Cyber threat information collaboration environment program
1,650 words·~8 min read·
/bill/117/hr/7900/eh/section-1504A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 120 days after the date of the enactment of this Act, pursuant to the requirements established by the Cyber Threat Data Interoperability Council under subsection (c), the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director of the National Security Agency, shall develop an information collaboration environment consisting of a digital environment containing technical tools for information analytics and a portal through which relevant parties may submit and automate information inputs and access the environment to enable interoperable data flow that enables Federal and non-Federal entities to identify, mitigate, and prevent malicious cyber activity by— providing access to appropriate and operationally relevant data from unclassified and classified information about cybersecurity risks and cybersecurity threats, as well as malware forensics and data from network sensor programs or network-monitoring programs, on a platform that enables querying and analysis; enabling cross-correlation of data on cybersecurity risks and cybersecurity threats at the speed and scale necessary for rapid detection and identification; facilitating a comprehensive understanding of cybersecurity risks and cybersecurity threats; and facilitating collaborative analysis between the Federal Government and public and private sector critical infrastructure entities and information sharing and analysis organizations.
Not later than 180 days after the date of the enactment of this Act, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with other departments and agencies of the Federal Government, shall— identify existing Federal sources of classified and unclassified information on cybersecurity threats; evaluate current programs, applications, or platforms intended to detect, identify, analyze, and monitor cybersecurity risks and cybersecurity threats; consult with public and private sector critical infrastructure entities to identify public and private critical infrastructure cyber threat capabilities, needs, and gaps; and identify existing tools, capabilities, and systems that may be adapted to achieve the purposes of the information collaboration environment developed pursuant to subsection
(a)to maximize return on investment and minimize cost. Not later than one year after completing the evaluation required under paragraph (1), the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director of the National Security Agency, shall achieve initial operating capability of the information collaboration environment developed pursuant to subsection (a). The information collaboration environment and the technical tools for information analytics under subsection
(a)shall— operate in a manner consistent with relevant privacy, civil rights, and civil liberties policies and protections, including such policies and protections established pursuant to section 1016 of the Intelligence Reform and Terrorism Prevention Act of 2004 ( 6 U.S.C. 485 ); reflect the requirements set forth by the Cyber Threat Data Interoperability Council under subsection (c); enable integration of current applications, platforms, data, and information, including classified information, in a manner that supports the voluntary integration of unclassified and classified information on cybersecurity risks and cybersecurity threats; incorporate tools to manage access to classified and unclassified data, as appropriate, for appropriate individuals who have the security clearance necessary to access the highest level of classified data included in the environment; ensure accessibility by Federal entities that the Secretary of Homeland Security, in consultation with the Director of National Intelligence, the Attorney General, the Secretary of Defense, and the Director of the Office of Management and Budget, determines appropriate; allow for access by public and private sector critical infrastructure entities and other private sector partners, at the discretion of the Secretary of Homeland Security and after consulting the appropriate Sector Risk Management Agency; deploy analytic tools across classification levels to leverage all relevant data sets, as appropriate; identify tools and analytical software that can be applied and shared to manipulate, transform, and display data and other identified needs; and anticipate the integration of new technologies and data streams, including data from network sensor programs or network-monitoring programs deployed in support of non-Federal entities. The owner of any data shared in the information collaboration environment shall have the authority to set and maintain access controls for such data and may restrict access to any particular data asset for any purpose, including for the purpose of protecting intelligence sources and methods from unauthorized disclosure in accordance with section 102A(i) of the National Security Act ( 50 U.S.C. 3024(i) ). Not later than one year after the date of the enactment of this Act and annually thereafter, the Secretary of Homeland Security shall submit to the National Cyber Director and appropriate congressional committees a report that details— Federal Government participation in the information collaboration environment, including the Federal entities participating in the environment and the categories of information shared by Federal entities into the environment; non-Federal entities’ participation in the information collaboration environment, including the non-Federal entities participating in the environment and the categories of information shared by non-Federal entities into the environment; the impact of the information collaboration environment on positive security outcomes for the Federal Government and non-Federal entities; barriers identified to fully realizing the benefit of the information collaboration environment for both the Federal Government and non-Federal entities; additional authorities or resources necessary to successfully execute the information collaboration environment; and identified shortcomings or risks to data security and privacy, and the steps necessary to improve the mitigation of such shortcomings or risks. Each report under subparagraph
(A)shall be submitted in unclassified form, but may include a classified annex. Any actions taken by the Director of the National Security Agency to assist in building or maintaining the information collaboration environment developed pursuant to subsection (a)— shall be carried out using amounts authorized to be appropriated to the National Security Agency for the Information Systems Security program; and may not be carried out using amounts made available under the National Intelligence Program. There is established an interagency council, to be known as the Cyber Threat Data Interoperability Council (in this subsection referred to as the council ), chaired by the National Cyber Director, to establish data interoperability requirements for data streams to be accessed in the information collaboration environment. The council shall commence the activities under this subsection by not later than 120 days after the date of the enactment of this Act. In addition to the National Cyber Director, the council shall have as its principal members the Secretary of Homeland Security, the Director of National Intelligence, the Attorney General, the Secretary of Defense, and the Director of the Office of Management and Budget. Based on recommendations submitted by the principal members, the National Cyber Director shall identify and appoint council members from Federal entities that oversee programs that generate, collect, disseminate, or analyze data or information related to cybersecurity risks and cybersecurity threats. The National Cyber Director shall identify and appoint advisory members from non-Federal entities that shall advise the council based on recommendations submitted by the principal members. The council shall identify, designate, and periodically update programs that shall participate in or be interoperable with the information collaboration environment, which may include— network-monitoring and intrusion detection programs; cyber threat indicator sharing programs; certain network sensor programs or network-monitoring programs; incident response and cybersecurity technical assistance programs; or malware forensics and reverse-engineering programs. The council shall establish a committee to establish procedures and data governance structures, as necessary, to protect data shared in the information collaboration environment, comply with Federal regulations and statutes, and respect existing consent agreements with public and private sector critical infrastructure entities that apply to critical infrastructure information. The committee shall be comprised of— the senior official for privacy of the Office of Management and Budget, who shall serve as the chair of the committee; and privacy officers from the Department of Homeland Security, the Department of Defense, the Department of Justice, and the Office of the Director of National Intelligence. Nothing in this subsection may be construed as changing existing ownership or protection of, or policies and processes for access to, agency data. Nothing in this section shall apply to a national security system, or to cybersecurity threat intelligence related to such systems, without the consent of the owner and operator of the system. In this section: The term appropriate congressional committees means the following: The Committee on Homeland Security, the Committee on the Judiciary, the Committee on Armed Services, the Committee on Oversight and Reform, and the Permanent Select Committee on Intelligence of the House of Representatives. The Committee on Homeland Security and Governmental Affairs, the Committee on the Judiciary, the Committee on Armed Services, and the Select Committee on Intelligence of the Senate. The term critical infrastructure information has the meaning given such term in section 2222 of the Homeland Security Act of 2002 ( 6 U.S.C. 671 ). The term cyber threat indicator has the meaning given such term in section 102 of the Cybersecurity Act of 2015 ( 6 U.S.C. 1501 ). The term cybersecurity threat has the meaning given such term in section 102 of the Cybersecurity Act of 2015 ( 6 U.S.C. 1501 ). The term data asset has the meaning given such term in section 3502 of title 44, United States Code. The term environment means the information collaboration environment established under subsection (a). The term information sharing and analysis organization has the meaning given such term in section 2222 of the Homeland Security Act of 2002 ( 6 U.S.C. 671 ). The term intelligence community has the meaning given such term in section 3(4) of the National Security Act of 1947 ( 50 U.S.C. 3003(4) ). The term national security system has the meaning given such term in section 3552 of title 44, United States Code. The term non-Federal entity has the meaning given such term in section 102 of the Cybersecurity Act of 2015 ( 6 U.S.C. 1501 ). The term Sector Risk Management Agency has the meaning given such term in section 2201 of the Homeland Security Act of 2002 ( 6 U.S.C. 651 ).
Connectionstraces to 6
Citation graph
cites case law
Sec. 1504
Cyber threat information collaboration environment program
Cites 6Cited by 0 across 0 sources