Sec. 2. National risk management process
720 words·~3 min read·
/bill/118/hr/5439/ih/section-2A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Subtitle A of title XXII of the Homeland Security Act of 2002 ( 6 U.S.C. 651 et seq. ) is amended by adding at the end the following new section: In this section, the term national critical functions means the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof. The Secretary, acting through the Director, shall establish a recurring process to identify and assess risks to critical infrastructure, considering both cybersecurity threats and physical threats, the associated likelihoods of such threats, vulnerabilities within systems rendering such systems susceptible to such threats, and consequences of such threats to critical functions.
In establishing the process required under subparagraph (A), the Secretary shall consult the following: Sector Risk Management Agencies. Critical infrastructure owners and operators. The Assistant to the President for National Security Affairs. The Assistant to the President for Homeland Security. The National Cyber Director. The process established under subparagraph
(A)shall include elements to— collect relevant information, collected pursuant to section 2218, from Sector Risk Management Agencies relating to the threats, vulnerabilities, and consequences related to the particular sectors of those Sector Risk Management Agencies; allow critical infrastructure owners and operators to submit relevant information to the Secretary for consideration; and outline how the Secretary will solicit input from other Federal departments and agencies. Not later than 180 days after the date of the enactment of this section, the Secretary shall publish in the Federal Register procedures for the process established under subparagraph (A). The Secretary shall submit to the President, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives a report on the risks from cybersecurity threats and physical threats identified by the process established under subparagraph (A)— not later than one year after the date of the enactment of this section; and not later than one year after the date on which the Secretary submits a periodic evaluation described in section 9002(b)(2) of title XC of division H of the William M.
(Mac)Thornberry National Defense Authorization Act for Fiscal Year 2021 ( 6 U.S.C. 652a(b)(2) ). Not later than one year after the date on which the Secretary submits each report required under paragraph (1), the President shall transmit to the majority and minority leaders of the Senate, the Speaker and minority leader of the House of Representatives, the Committee on Homeland Security and Governmental Affairs of the Senate, and the Committee on Homeland Security of the House of Representatives a national critical infrastructure resilience strategy to address the risks identified by the Secretary. Each strategy under subparagraph
(A)shall— prioritize areas of risk to critical infrastructure that would compromise or disrupt national critical functions impacting national security, economic security, or public health and safety; assess the implementation of the previous national critical infrastructure resilience strategy, as applicable; identify and outline current and proposed national-level actions, programs, and efforts, including resource requirements, to be taken to address the risks identified; identify the Federal departments or agencies responsible for leading each national-level action, program, or effort, and the relevant critical infrastructure sectors for each; and request any additional authorities necessary to successfully execute the strategy. Each strategy under subparagraph
(A)shall be unclassified but may contain a classified annex. Not later than one year after the date on which the President transmits the first strategy required under paragraph (2)(A) and each year thereafter, the Secretary, in coordination with Sector Risk Management Agencies, shall brief the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives on— the national risk management process activities undertaken pursuant to the strategy transmitted in accordance with paragraph (2)(A); and the amounts and timeline for funding that the Secretary has determined would be necessary to address risks of cybersecurity threats and physical threats and successfully execute the full range of activities proposed by such strategy. . The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 2220E the following new item: Sec. 2220F. National risk management process. .
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources