Sec. 202. Create a joint collaborative environment
1,695 words·~8 min read·
/bill/117/s/2491/rs/section-202A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
The Director of the Cybersecurity and Infrastructure Security Agency shall establish a joint, cloud-based, information sharing environment to— integrate the Federal Government’s unclassified and classified cyber threat information, malware forensics, and data related to cybersecurity risks (as defined in section 2209 of the Homeland Security Act of 2002 ( 6 U.S.C. 659 )) that is derived from network sensor programs; enable cross-correlation of threat data at the speed and scale necessary for rapid detection and identification; enable query and analysis by appropriate operators across the Federal Government; facilitate a whole-of-Government, comprehensive understanding of the cyber threats to the resilience of the Federal Government and national critical infrastructure networks; enable and support the private-public cybersecurity collaboration efforts of the Federal Government, whose successes will be directly dependent on the accuracy, comprehensiveness, and timeliness of threat information collected and held by the Federal Government; and enable data curation for artificial intelligence models and provide an environment to enable the Federal Government to curate data and build applications.
Not later than 180 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with the Director shall— identify all Federal sources of classified and unclassified cyber threat information; evaluate all programs, applications, or platforms of the Federal Government that are intended to detect, identify, analyze, or monitor cyber threats against the resiliency of the Federal Government or critical infrastructure; and submit a recommendation to the President identifying Federal programs to be designated and required to participate in the Information Sharing Environment, including— Government network-monitoring and intrusion detection programs; cyber threat indicator-sharing programs and Government-sponsored network sensors or network-monitoring programs for the private sector or for State, local, tribal, and territorial governments; incident response and cybersecurity technical assistance programs; and malware forensics and reverse-engineering programs.
Not later than 60 days after completion of the evaluation required under paragraph (1), the President shall issue a determination designating the departments, agencies, Federal programs, and corresponding systems and assets that are required to be a part of the Information Sharing Environment. Not later than 1 year after completion of the evaluation required under paragraph (1), the Director of the Cybersecurity and Infrastructure Security Agency, in consultation with the Director, shall design the structure of a common platform for sharing and fusing existing Government information, insights, and data related to cyber threats and threat actors, which, at a minimum, shall— account for appropriate data standards and interoperability requirements; enable integration of existing applications, platforms, data, and information, to include classified information; ensure access by such Federal departments and agencies as the Director of the Cybersecurity and Infrastructure Security Agency determines necessary; account for potential private sector participation and partnerships; enable unclassified data to be integrated with classified data; anticipate the deployment of analytic tools across classification levels to leverage all relevant data sets, as appropriate; identify tools and analytical software that can be applied and shared to manipulate, transform, and display data and other identified needs; anticipate the integration of new technologies and data streams, including data related to cybersecurity risks derived from Government-sponsored voluntary network sensors or network-monitoring programs for the private sector or for State, local, Tribal, and territorial governments; and appropriately account for departments, agencies, programs, and systems and assets determined to be required to participate by the President under paragraph
(2)in the Information Sharing Environment. The Information Sharing Environment shall be managed by the Director of the Cybersecurity and Infrastructure Security Agency. Not later than 1 year after the date on which the Information Sharing Environment is established, the Director of the Cybersecurity and Infrastructure Security Agency and the Director shall assess the means by which the Information Sharing Environment may be expanded to include the private sector and critical infrastructure information sharing organizations and, to the maximum extent practicable, begin the process of such expansion. To the extent any private entity shares cyber threat indicators and defensive measures through or with the Information Sharing Environment and in a manner that is consistent with all requirements under section 1752 of the William M.
(Mac)Thornberry National Defense Authorization Act for Fiscal Year 2021 ( 6 U.S.C. 1500 ), the Cybersecurity Information Sharing Act of 2015 ( 6 U.S.C. 1501 et seq. ), and any applicable guidelines promulgated under subsection (f), such activities shall be considered to be authorized by and in accordance with section 1752 of the William M.
(Mac)Thornberry National Defense Authorization Act for Fiscal Year 2021 and the Cybersecurity Information Sharing Act of 2015. Not later than 60 days after the date of enactment of this Act, the Secretary of Homeland Security (acting through the Director of the Cybersecurity and Infrastructure Security Agency) and the Attorney General, shall jointly, and in coordination with heads of the appropriate Federal entities and in consultation with officers designated under section 1062 of the National Security Intelligence Reform Act of 2004 ( 42 U.S.C. 2000ee–1 ), develop, submit to Congress, and make available to the public interim guidelines relating to privacy and civil liberties which shall govern the receipt, retention, use, and dissemination of cyber threat indicators by a Federal entity obtained in connection with activities authorized in this section. Not later than 180 days after the date of enactment of this Act, the Secretary of Homeland Security (acting through the Director of the Cybersecurity and Infrastructure Security Agency) and the Attorney General, shall jointly, in coordination with heads of the appropriate Federal entities and in consultation with officers designated under section 1062 of the National Security Intelligence Reform Act of 2004 ( 42 U.S.C. 2000ee–1 ) and such private entities with industry expertise as the Secretary and the Attorney General consider relevant, promulgate final guidelines relating to privacy and civil liberties which shall govern the receipt, retention, use, and dissemination of cyber threat indicators by a Federal entity obtained in connection with activities authorized in this section. The Secretary of Homeland Security (acting through the Director of the Cybersecurity and Infrastructure Security Agency) and the Attorney General, shall jointly, in coordination with heads of the appropriate Federal entities and in consultation with officers and private entities described in subparagraph (A), periodically, but not less frequently than once every 2 years, review the guidelines promulgated under subparagraph (A). The guidelines required by paragraphs
(1)and
(2)shall, consistent with the need to bolster the resilience of information systems and mitigate cybersecurity threats— limit the effect on privacy and civil liberties of activities by the Federal Government under this section; limit the receipt, retention, use, and dissemination of cyber threat indicators containing personal information or information that identifies specific persons, including by establishing— a process for the timely destruction of such information that is known not to be directly related to uses authorized under this section; and specific limitations on the length of any period in which a cyber threat indicator may be retained; include requirements to safeguard cyber threat indicators containing personal information or information that identifies specific persons from unauthorized access or acquisition, including appropriate sanctions for activities by officers, employees, or agents of the Federal Government in contravention of such guidelines; include procedures for notifying entities and Federal entities if information received pursuant to this subsection is known or determined by a Federal entity receiving such information not to constitute a cyber threat indicator; protect the confidentiality of cyber threat indicators containing personal information or information that identifies specific persons to the greatest extent practicable and require recipients to be informed that such indicators may only be used for purposes authorized under this section; and include steps that may be needed so that dissemination of cyber threat indicators is consistent with the protection of classified and other sensitive national security information. Not later than 2 years after the date of enactment of this Act, and not less frequently than once every year thereafter, the Privacy and Civil Liberties Oversight Board shall submit to Congress and the President a report providing— an assessment of the effect on privacy and civil liberties by the type of activities carried out under this section; and an assessment of the sufficiency of the guidelines established pursuant to subsection
(f)in addressing concerns relating to privacy and civil liberties. Not later than 2 years after the date of enactment of this Act, and not less frequently than once every 2 years thereafter, the Inspector General of the Department of Homeland Security, the Inspector General of the Intelligence Community, the Inspector General of the Department of Justice, the Inspector General of the Department of Defense, and the Inspector General of the Department of Energy shall, in consultation with the Council of Inspectors General on Integrity and Efficiency, jointly submit to Congress a report on the receipt, use, and dissemination of cyber threat indicators and defensive measures that have been shared with Federal entities under this section. Each report submitted under subparagraph
(A)shall include the following: A review of the types of cyber threat indicators shared with Federal entities. A review of the actions taken by Federal entities as a result of the receipt of such cyber threat indicators. A list of Federal entities receiving such cyber threat indicators. A review of the sharing of such cyber threat indicators among Federal entities to identify inappropriate barriers to sharing information. Each report submitted under this subsection may include such recommendations as the Privacy and Civil Liberties Oversight Board, with respect to a report submitted under paragraph (1), or the Inspectors General referred to in paragraph (2)(A), with respect to a report submitted under paragraph (2), may have for improvements or modifications to the authorities under this section. Each report required under this subsection shall be submitted in unclassified form, but may include a classified annex. There are authorized to be appropriated to carry out this section $100,000,000 for each of fiscal years 2022 through 2026. In this section: The term critical infrastructure has the meaning given that term in section 1016(e) of the Critical Infrastructure Protection Act of 2001 ( 42 U.S.C. 5195c(e) ). The term Director means the National Cyber Director. The term Information Sharing Environment means the information sharing environment established under subsection (a).
Connectionstraces to 4
1 reference not yet in our index
- 42 USC 2000ee–1
Citation graph
cites case law
Sec. 202
Create a joint collaborative environment
Cite42 USC 2000ee–1
Cites 5Cited by 0 across 0 sources