Sec. 120. Active cyber defensive study
234 words·~1 min read·
/bill/117/s/3600/es/section-120A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
In this section, the term active defense technique — means an action taken on the systems of an entity to increase the security of information on the network of an agency by misleading an adversary; and includes a honeypot, deception, or purposefully feeding false or misleading data to an adversary when the adversary is on the systems of the entity. Not later than 180 days after the date of enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency, in coordination with the Director and the National Cyber Director, shall perform a study on the use of active defense techniques to enhance the security of agencies, which shall include— a review of legal restrictions on the use of different active cyber defense techniques in Federal environments, in consultation with the Department of Justice; an evaluation of— the efficacy of a selection of active defense techniques determined by the Director of the Cybersecurity and Infrastructure Security Agency; and factors that impact the efficacy of the active defense techniques evaluated under subparagraph (A); recommendations on safeguards and procedures that shall be established to require that active defense techniques are adequately coordinated to ensure that active defense techniques do not impede agency operations and mission delivery, threat response efforts, criminal investigations, and national security activities, including intelligence collection; and the development of a framework for the use of different active defense techniques by agencies.