Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 2875 (Introduced in Senate) — To amend the Homeland Security Act of 2002 to establish the Cyber Incident Review Office in the Cybersecurity and Inf... · Sec. 5

Sec. 5. Ransomware vulnerability warning pilot program

309 words·~1 min read·/bill/117/s/2875/is/section-5·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not less than 90 days after the date of enactment of this Act, the Director shall establish a ransomware vulnerability warning program to leverage existing authorities and technology to specifically develop processes and procedures, and to dedicate resources, to identifying information systems that contain security vulnerabilities associated with common ransomware attacks, and to notify the owners of those vulnerable systems of their security vulnerability. The pilot program established under subsection
(a)shall— identify the most common security vul­ner­a­bil­i­ties utilized in ransomware attacks and mitigation techniques; and utilize existing authorities to identify Federal and other relevant information systems that contain the security vulnerabilities identified in paragraph (1). If the Director is able to identify the entity at risk that owns or operates a vulnerable information system identified in subsection (b), the Director may notify the owner of the information system. If the Director is not able to identify the entity at risk that owns or operates a vulnerable information system identified in subsection (b), the Director may utilize the subpoena authority pursuant to section 2209 of the Homeland Security Act of 2002 ( 6 U.S.C. 659 ) to identify and notify the entity at risk pursuant to the procedures within that section. A notification made under paragraph
(1)shall include information on the identified security vulnerability and mitigation techniques. To the extent practical, the Director shall prioritize covered entities for identification and notification activities under the pilot program established under this section. No procedure, notification, or other authorities utilized in the execution of the pilot program established under subsection
(a)shall require an owner or operator of a vulnerable information system to take any action as a result of a notice of a security vulnerability made pursuant to subsection (c). Nothing in this section shall be construed to provide additional authorities to the Director to identify vulnerabilities or vulnerable systems.
Connectionstraces to 1
Citation graph
cites case law
Sec. 5
Ransomware vulnerability warning pilot program
U.S.C.§ 659
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.