Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 2902 (Introduced in Senate) — To modernize Federal information security management, and for other purposes. · Sec. 302

Sec. 302. Active cyber defensive pilot

493 words·~2 min read·/bill/117/s/2902/is/section-302·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

In this section, the term active defense technique — means an action taken on the systems of an entity to increase the security of information on the network of an agency by misleading an adversary; and includes a honeypot, deception, or purposefully feeding false or misleading data to an adversary when the adversary is on the systems of the entity. Not later than 180 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall perform a study on the use of active defense techniques to enhance the security of agencies, which shall include— a review of legal restrictions on the use of different active cyber defense techniques on Federal networks; an evaluation of— the efficacy of a selection of active defense techniques determined by the Director of the Cybersecurity and Infrastructure Security Agency; and factors that impact the efficacy of the active defense techniques evaluated under subparagraph (A); and the development of a framework for the use of different active defense techniques by agencies.
Not later than 180 days after the date of enactment of this Act, the Director, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency, shall establish a pilot program at not less than 2 agencies to implement, and assess the effectiveness of, not less than 1 active cyber defense technique. The purpose of the pilot program established under subsection
(c)shall be to— identify any statutory or policy limitations on using active defense techniques; understand the efficacy of using active defense techniques; and implement the use of effective techniques to improve agency systems. Not later than 360 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with the Director, shall develop a plan to offer any active defense technique determined to be successful during the pilot program established under subsection
(c)as a shared service to other agencies. Not later than 1 year after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency shall— provide to the appropriate congressional committees a briefing on— the results of the study performed under subsection (b); and the agencies selected to participate in the pilot program established under subsection (c); submit to the appropriate congressional committees a report on the results of the pilot program established under subsection (c), including any recommendations developed from the results of the pilot program; and submit to the appropriate congressional committees a copy of the plan developed under subsection (e). The requirements of this section shall terminate on the date that is 3 years after the date of enactment of this Act. Notwithstanding paragraph (1), after the date described in paragraph (1), the Director of the Cybersecurity and Infrastructure Security Agency may continue to offer any active defense technique determined to be successful during the pilot program established under subsection
(c)as a shared service to agencies.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.