Sec. 1989. INFORMATION SHARING AND CYBERSECURITY
756 words·~3 min read·
/statute-compilations/comps-15561/sec-1989A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1989 INFORMATION SHARING AND CYBERSECURITY **[**[49 U.S.C. 114 note](/us/usc/t49/s114)**]** ###
(a)Federal Security Directors Section 44933 is amended by adding at the end the following: > > ### “(c) Information Sharing > > Not later than 1 year after the date of the enactment of the TSA Modernization Act, the Administrator shall— > > > #### “(1) > > require each Federal Security Director of an airport to meet at least quarterly with the airport director, airport security coordinator, and law enforcement agencies serving each such airport to discuss incident management protocols, including the resolution of screening anomalies at passenger screening checkpoints; and > > > #### “(2) > > require each Federal Security Director at an airport to inform, consult, and coordinate, as appropriate, with the respective airport security coordinator in a timely manner on security matters impacting airport operations and to establish and maintain operational protocols with such airport operators to ensure coordinated responses to security matters.” > . ###
(b)Plan to Improve Information Sharing ####
(1)In general Not later than 180 days after the date of enactment of this Act, the Administrator shall develop a plan to improve intelligence information sharing with State and local transportation entities that includes best practices to ensure that the information shared is actionable, useful, and not redundant. ####
(2)Contents The plan required under paragraph
(1)shall include the following: #####
(A)The incorporation of best practices for information sharing. #####
(B)The identification of areas of overlap and redundancy. #####
(C)An evaluation and incorporation of stakeholder input in the development of such plan. #####
(D)The integration of any recommendations of the Comptroller General of the United States on information sharing. ####
(3)Solicitation The Administrator shall solicit on an annual basis input from appropriate stakeholders, including State and local transportation entities, on the quality and quantity of intelligence received by such stakeholders relating to information sharing. ###
(c)Best Practices Sharing ####
(1)In general Not later than 180 days after the date of enactment of this Act, the Administrator shall establish a mechanism to share with State and local transportation entities best practices from across the law enforcement spectrum, including Federal, State, local, and tribal entities, that relate to employee training, employee professional development, technology development and deployment, hardening tactics, and passenger and employee awareness programs. ####
(2)Consultation The Administrator shall solicit and incorporate stakeholder input— #####
(A)in developing the mechanism for sharing best practices as required under paragraph (1); and #####
(B)not less frequently than annually on the quality and quantity of information such stakeholders receive through the mechanism established under such paragraph. ###
(d)Cybersecurity ####
(1)In general The Administrator, in consultation with the Secretary, shall— #####
(A)not later than 120 days after the date of enactment of this Act, implement the Framework for Improving Critical Infrastructure Cybersecurity (referred to in this section as the “Framework” developed by the National Institute of Standards and Technology, and any update to such Framework under section 2 of the National Institute of Standards and Technology Act (15 U.S.C. 272), to manage the agency’s cybersecurity risks; and #####
(B)evaluate, on a periodic basis, but not less often than biennially, the use of the Framework under subparagraph (A). ####
(2)Cybersecurity enhancements to aviation security activities The Secretary, in consultation with the Secretary of Transportation, shall, upon request, conduct cybersecurity vulnerability assessments for airports and air carriers. ####
(3)TSA trusted traveler and credentialing program cyber evaluation #####
(A)Evaluation required Not later than 120 days after the date of enactment of this Act, the Secretary shall— ######
(i)evaluate the cybersecurity of TSA trusted traveler and credentialing programs that contain personal information of specific individuals or information that identifies specific individuals, including the Transportation Worker Identification Credential and PreCheck programs; ######
(ii)identify any cybersecurity risks under the programs described in clause (i); and ######
(iii)develop remediation plans to address the cybersecurity risks identified under clause (ii). #####
(B)Submission to congress Not later than 30 days after the date the evaluation under subparagraph
(A)is complete, the Secretary shall submit to the appropriate committees of Congress information relating to such evaluation, including any cybersecurity vulnerabilities identified and remediation plans to address such vulnerabilities. Such submission shall be provided in a classified form. ####
(4)Definitions In this subsection, the terms “cybersecurity risk” and “incident” have the meanings given the terms in section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148).
Connectionstraces to 2
Traces to 2 documents
1 reference not yet in our index
- 6 USC 148
Citation graph
cites case law
Cites 3Cited by 0 across 0 sources