Sec. 7. Duties of the Cybersecurity and Infrastructure Security Agency

895 words·~4 min read·/bill/117/s/2666/is/section-7

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Subtitle A of title XXII of the Homeland Security Act of 2002 ( 6 U.S.C. 651 et seq. ) is amended— by redesignating section 2217 ( 6 U.S.C. 665f ) as section 2220; by redesignating section 2216 ( 6 U.S.C. 665e ) as section 2219; by redesignating the fourth section 2215 (relating to Sector Risk Management Agencies) ( 6 U.S.C. 665d ) as section 2218; by redesignating the third section 2215 (relating to the Cybersecurity State Coordinator) ( 6 U.S.C. 665c ) as section 2217; by redesignating the second section 2215 (relating to the Joint Cyber Planning Office) ( 6 U.S.C. 665b ) as section 2216; and by adding after section 2220, as so redesignated, the following:

In this section: The term covered entity has the meaning given the term in section 2241. The term eligible entity — means a covered entity; and does not include an owner or operator of critical infrastructure that is not in compliance with the cybersecurity standards developed under section 2232(a). The term Fund means the Information System and Network Security Fund established under subsection (b)(1). There is established in the Treasury of the United States a trust fund to be known as the Information System and Network Security Fund .

The Fund shall consist of such amounts as may be appropriated for deposit in the Fund. Amounts deposited in the Fund shall remain available through the end of the tenth fiscal year beginning after the date on which funds are first appropriated to the Fund. Any unobligated balances in the Fund after the date described in clause

(i)are rescinded and shall be transferred to the general fund of the Treasury. Amounts deposited in the Fund shall be available to the Director to distribute to eligible entities pursuant to this subsection, in such amounts as the Director determines appropriate, subject to subparagraph (B). The amounts distributed to eligible entities under this paragraph shall be made for a specific network security purpose, including to enable network recovery from an event affecting the network cybersecurity of the eligible entity. The Director, in consultation with the Secretary and in coordination with the head of each Sector Risk Management Agency, shall— establish criteria for distribution of amounts under paragraph (3); and administer the Fund to support network security for eligible entities. For each fiscal year for which amounts in the Fund are available under this subsection, the Director shall submit to Congress a report that— describes how, and to which eligible entities, amounts from the Fund have been distributed; details the criteria established under paragraph (4)(A); and includes any additional information that the Director determines appropriate, including projected requested appropriations for the next fiscal year. There are authorized to be appropriated for deposit in the Fund $1,500,000,000, which shall remain available until the last day of the tenth fiscal year beginning after the fiscal year during which funds are first appropriated for deposit in the Fund. Not later than 180 days after the date of enactment of the Sanction and Stop Ransomware Act of 2021 , the Director shall establish a public awareness campaign relating to the cybersecurity services of the Federal Government. There are authorized to be appropriated to the Director $10,000,000 for each of fiscal years 2022 through 2031 to carry out subsection (a). In this section, the term dark web means a part of the internet that— cannot be accessed through standard web browsers; and requires specific software, configurations, or authorizations for access. The Director may monitor the internet, including the dark web, for evidence of a compromise to critical infrastructure. The Director shall develop, institute, and oversee capabilities to carry out the authority of the Director under subsection (b). If the Director finds credible evidence of a compromise to critical infrastructure under subsection (c), as soon as is practicable after the finding, the Director shall notify the owner or operator of the compromised critical infrastructure in a manner that protects the sources and methods that led to the finding of the compromise. . Section 2202(c) of the Homeland Security Act of 2002 ( 6 U.S.C. 652(c) ) is amended— in the first paragraph (12), by striking section 2215 and inserting section 2217 ; and by redesignating the second and third paragraphs

(12)as paragraphs

(13)and (14), respectively. The table of contents in section 1(b) of the Homeland Security Act of 2002 ( Public Law 107–296 ; 116 Stat. 2135) is amended by striking the item relating to section 2214 and all that follows through the item relating to section 2217 and inserting the following: Sec. 2214. National Asset Database. Sec. 2215. Duties and authorities relating to .gov internet domain. Sec. 2216. Joint Cyber Planning Office. Sec. 2217. Cybersecurity State Coordinator. Sec. 2218. Sector Risk Management Agencies. Sec. 2219. Cybersecurity Advisory Committee. Sec. 2220. Cybersecurity education and training programs. Sec. 2220A. Information System and Network Security Fund. Sec. 2220B. Public awareness of cybersecurity offerings. Sec. 2220C. Dark web analysis. . Section 904(b)(1) of the DOTGOV Act of 2020 (title IX of division U of Public Law 116–260 ) is amended, in the matter preceding subparagraph (A), by striking Homeland Security Act and inserting Homeland Security Act of 2002 . The amendment made by paragraph

(1)shall take effect as if enacted as part of the DOTGOV Act of 2020 (title IX of division U of Public Law 116–260 ).

Connectionstraces to 8

Traces to 8 documents

U.S. Code