Sec. 1650. EVALUATION OF CYBER VULNERABILITIES OF DEPARTMENT OF DEFENSE CRITICAL INFRASTRUCTURE
817 words·~4 min read·
/statute-compilations/comps-13740/sec-1650A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1650 EVALUATION OF CYBER VULNERABILITIES OF DEPARTMENT OF DEFENSE CRITICAL INFRASTRUCTURE **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Plan for Evaluation ####
(1)In general Not later than 180 days after the date of the enactment of this Act, the Secretary shall submit to the congressional defense committees a plan for the evaluation of the cyber vulnerabilities of the critical infrastructure of the Department of Defense. ####
(2)Elements The plan under paragraph
(1)shall include— #####
(A)an identification of each of the military installations to be evaluated; and #####
(B)an estimate of the cost of the evaluation. ####
(3)Priority in evaluation The plan under paragraph
(1)shall prioritize the evaluation of military installations based on the criticality of the infrastructure supporting such installations, as determined by the Chairman of the Joint Chiefs of Staff based on an assessment of— #####
(A)the Armed Forces stationed at such military installations; and #####
(B)threats to such military installations. ####
(4)Integration with other efforts The plan under paragraph
(1)shall build upon other efforts of Department of Defense relating to the identification and mitigation of cyber vulnerabilities of major weapon systems and critical infrastructure of the Department and shall not duplicate such efforts. ###
(b)Pilot Program ####
(1)In general Not later than 30 days after the date on which the Secretary submits the plan under subsection (a), the Secretary, acting through a covered research laboratory and the Defense Digital Service, shall initiate a pilot program under which the Secretary shall assess the feasibility and advisability of applying new, innovative methodologies or engineering approaches— #####
(A)to improve the defense of control systems against cyber attacks; #####
(B)to increase the resilience of military installations against cybersecurity threats; #####
(C)to prevent or mitigate the potential for high-consequence cyber attacks; #####
(D)to inform future requirements for the development of such control systems; and #####
(E)to assess the strategic benefits derived from, and the challenges associated with, isolating military infrastructure from the national electric grid and the use of microgrids. ####
(2)Locations The Secretary shall carry out the pilot program under paragraph
(1)at not fewer than two military installations selected by the Secretary from among military installations that support the most critical mission-essential functions of the Department of Defense as identified in the plan under subsection (a). ####
(3)Tools In carrying out the pilot program under paragraph (1), the Secretary may use tools and solutions developed under subsection (e). ####
(4)Report Not later than December 31, 2020, the Secretary shall submit to the congressional defense committees a final report on the pilot program that includes— #####
(A)a description of the activities carried out under the pilot program at each military installation concerned; #####
(B)an assessment of the value of the methodologies or tools applied during the pilot program in increasing the resilience of military installations against cybersecurity threats; #####
(C)recommendations for administrative or legislative actions to improve the ability of the Department to employ methodologies and tools for reducing cyber vulnerabilities in other activities of the Department of Defense; and #####
(D)recommendations for including such methodologies or tools as requirements for relevant activities, including technical requirements for systems or military construction projects. ####
(5)Termination The authority of the Secretary to carry out the pilot program under this subsection shall terminate on September 30, 2020. ###
(c)Evaluation ####
(1)In general Not later than December 31, 2020, the Secretary shall complete an evaluation of the cyber vulnerabilities of the critical infrastructure of the Department of Defense in accordance with the plan under subsection (a). ####
(2)Risk mitigation strategies The Secretary shall develop strategies for mitigating the risks of cyber vulnerabilities identified in the course of the evaluation under paragraph (1). ###
(d)Tools and Solutions The Secretary may— ####
(1)develop tools that improve assessments of cyber vulnerabilities of Department of Defense critical infrastructure; ####
(2)conduct non-recurring engineering for the design of mitigation solutions for such vulnerabilities; and ####
(3)establish Department-wide information repositories to share findings relating to such assessments and to share such mitigation solutions. ###
(e)Definitions In this section: ####
(1)Critical infrastructure of the department of defense The term “critical infrastructure of the Department of Defense” means any asset of the Department of Defense of such extraordinary importance to the functioning of the Department and the operation of the Armed Forces that the incapacitation or destruction of such asset by a cyber attack would have a debilitating effect on the ability of the Department to fulfill its missions. ####
(2)Covered research laboratory The term “covered research laboratory” means— #####
(A)a research laboratory of the Department of Defense; or #####
(B)a research laboratory of the Department of Energy approved by the Secretary of Energy to carry out the pilot program under subsection (b).
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1650
EVALUATION OF CYBER VULNERABILITIES OF DEPARTMENT OF DEFENSE CRITICAL INFRASTRUCTURE
Cites 1Cited by 0 across 0 sources