Sec. 2. Building cyber resilience after SolarWinds
493 words·~2 min read·
/bill/117/hr/8279/ih/section-2A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section: The term critical infrastructure has the meaning given such term in section 1016(e) of Public Law 107–56 ( 42 U.S.C. 5195c(e) ). The term Director shall refer to the Director of the Cybersecurity and Infrastructure Security Agency. The term information system has the meaning given such term in section 2240 of the Homeland Security Act of 2002 ( 6 U.S.C. 681 ). The term significant cyber incident has the meaning given such term in section 2240 of the Homeland Security Act of 2002.
The term SolarWinds incident refers to the significant cyber incident that prompted the establishment of a Unified Cyber Coordination Group, as provided by section V(B)(2) of Presidential Policy Directive 41, in December 2020. The Director, in consultation with the National Cyber Director and the heads of other relevant Federal departments and agencies, shall carry out an investigation to evaluate the impact of the SolarWinds incident on information systems owned and operated by Federal departments and agencies, and, to the extent practicable, other critical infrastructure.
In carrying out subsection (b), the Director shall review the following: The extent to which Federal information systems were accessed, compromised, or otherwise impacted by the SolarWinds incident, and any potential ongoing security concerns or consequences arising from such incident. The extent to which information systems that support other critical infrastructure were accessed, compromised, or otherwise impacted by the SolarWinds incident, where such information is available to the Director.
Any ongoing security concerns or consequences arising from the SolarWinds incident, including any sensitive information that may have been accessed or exploited in a manner that poses a threat to national security. Implementation of Executive Order 14028 (Improving the Nation’s Cybersecurity (May 12, 2021)). Efforts taken by the Director, the heads of Federal departments and agencies, and critical infrastructure owners and operators to address cybersecurity vulnerabilities and mitigate risks associated with the SolarWinds incident.
Not later than 120 days after the date of the enactment of this Act, the Director shall submit to the Committee on Homeland Security in the House of Representatives and Committee on Homeland Security and Government Affairs in the Senate a report that includes the following: Findings for each of the elements specified in subsection (b). Recommendations to address security gaps, improve incident response efforts, and prevent similar cyber incidents. Any areas where the Director lacked the information necessary to fully review and assessment such elements, the reason the information necessary was unavailable, and recommendations to close such informational gaps.
Not later than one year after the date of the enactment of this Act, the Comptroller General of the United States shall evaluate the activities of the Cyber Safety Review Board established pursuant to Executive Order 14028 (Improving the Nation’s Cybersecurity (May 12, 2021)), with a focus on the Board’s inaugural review announced in February 2022, and assess whether the Board has the authorities, resources, and expertise necessary to carry out its mission of reviewing and assessing significant cyber incidents.
Connectionstraces to 3
Traces to 3 documents
1 reference not yet in our index
- Pub. L. 107-56
Citation graph
cites case law
Sec. 2
Building cyber resilience after SolarWinds
Pub. L.Pub. L. 107-56
Cites 4Cited by 0 across 0 sources