Sec. 403. Plan for enhancement of Systemically Important Critical Infrastructure methodology and capability
638 words·~3 min read·
/bill/117/s/2491/is/section-403A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 180 days after the date of enactment of this Act, and every 2 years thereafter for 10 years, the Secretary, in consultation with Sector Risk Management Agencies and appropriate stakeholders, shall develop and submit to the appropriate congressional committees a plan for enhancing the methodology of the Department for identifying Systemically Important Critical Infrastructure, including a discussion of the progress of the Department as of the date of submission of the plan in implementing the plan. The plan required under subsection
(a)shall include— the methodology and criteria used for identifying and determining entities that qualify as Systemically Important Critical Infrastructure as described in section 402(b) and the analysis used to establish such methodology and criteria; a proposed timeline for enhancing the capabilities of the Department to expand the list beyond the designated entities to also include facilities, systems, assets, or other relevant units of critical infrastructure that may further enhance the ability to manage risk of Systemically Important Critical Infrastructure; information regarding the outreach by the Department to stakeholders and other Sector Risk Management Agencies on such efforts, including mechanisms for incorporation of industry feedback; information regarding the efforts of the Department, and the associated challenges with such efforts, to access information from stakeholders and other Sector Risk Management Agencies to identify Systemically Important Critical Infrastructure; information regarding other critical infrastructure entity identification programs within the Department and how they are being incorporated into the overarching process to identify Systemically Important Critical Infrastructure, which shall include the efforts of the Department under section 9 of Executive Order 13636 (78 Fed. Reg. 11739), the National Infrastructure Prioritization Program, and section 4 of Executive Order 14028 (86 Fed. Reg. 26633); any identified gaps in authorities or resources required to successfully carry out the process of identifying Systemically Important Critical Infrastructure, including facilities, systems, assets, or other relevant units of critical infrastructure, as well as legislative proposals to address such gaps; an assessment of potential benefits for entities designated as Systemically Important Critical Infrastructure, which shall include an assessment of— enhanced intelligence support and information sharing; prioritized Federal technical assistance; liability protection for entities designated as Systemically Important Critical Infrastructure that conform to identified security standards for damages or harm directly or indirectly caused by a cyber incident; prioritized emergency planning; benefits described in the final report of the U.S. Cyberspace Solarium Commission, dated March 2020; and additional authorizations or resources necessary to implement the benefits assessed under this subparagraph; and an assessment of potential mechanisms to improve the security of entities designated as Systemically Important Critical Infrastructure, which shall include an assessment of— risk-based cybersecurity performance standards for all Systemically Important Critical Infrastructure entities, incorporating, to the greatest extent possible, existing industry best practices, standards, and guidelines; sector-specific performance standards; additional regulations to enhance the security of Systemically Important Critical Infrastructure against cyber risks, including how to prevent duplicative requirements for already regulated sectors; cyber incident reporting requirements for entities designated as Systemically Important Critical Infrastructure; and additional authorizations or resources necessary to implement the mechanisms to improve the security of Systemically Important Critical Infrastructure assessed under this subparagraph. The initial plan submitted under this section shall include a detailed description of the capabilities of the Department with respect to identifying Systemically Important Critical Infrastructure as they were on the date of enactment of this Act. The plan shall be in unclassified form, but may include a classified annex, as the Secretary determines necessary. Not later than 30 days after the date on which the Secretary submits a plan to Congress, the Secretary shall make the plan available to relevant stakeholders. Subchapter I of chapter 35 of title 44, United States Code, shall not apply to any action to implement this section or to any exercise of the authority of the Secretary pursuant to this section.
Connectionstraces to 2
Traces to 2 documents
2 references not yet in our index
- 78 FR 11739
- 86 FR 26633
Citation graph
cites case law
Sec. 403
Plan for enhancement of Systemically Important Critical Infrastructure methodology and capability
Fed. Reg.78 FR 11739
Fed. Reg.86 FR 26633
Cites 4Cited by 0 across 0 sources