Sec. 1717. CYBERSECURITY STATE COORDINATOR
1,380 words·~6 min read·
/statute-compilations/comps-16736/sec-1717A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1717 CYBERSECURITY STATE COORDINATOR ###
(a)Cybersecurity State Coordinator ####
(1)In general Subtitle A of title XXII of the Homeland Security Act of 2002 (6 U.S.C. 651 et seq.) is amended— #####
(A)in section 2202(c) (6 U.S.C. 652(c))— ######
(i)in paragraph (10), by striking “and” at the end; ######
(ii)by redesignating paragraph
(11)as paragraph (12); and ######
(iii)by inserting after paragraph
(10)the following: > > #### “(11) > > appoint a Cybersecurity State Coordinator in each State, as described in section 2215; and” > ; and #####
(B)by adding at the end the following new section: > > ## “SEC. 2215 CYBERSECURITY STATE COORDINATOR > > **[**[6 U.S.C. 665c](/us/usc/t6/s665c)**]** > > > ### “(a) Appointment > > The Director shall appoint an employee of the Agency in each State, with the appropriate cybersecurity qualifications and expertise, who shall serve as the Cybersecurity State Coordinator. > > > ### “(b) Duties > > The duties of a Cybersecurity State Coordinator appointed under subsection
(a)shall include— > > > #### “(1) > > building strategic public and, on a voluntary basis, private sector relationships, including by advising on establishing governance structures to facilitate the development and maintenance of secure and resilient infrastructure; > > > #### “(2) > > serving as the Federal cybersecurity risk advisor and supporting preparation, response, and remediation efforts relating to cybersecurity risks and incidents; > > > #### “(3) > > facilitating the sharing of cyber threat information to improve understanding of cybersecurity risks and situational awareness of cybersecurity incidents; > > > #### “(4) > > raising awareness of the financial, technical, and operational resources available from the Federal Government to non-Federal entities to increase resilience against cyber threats; > > > #### “(5) > > supporting training, exercises, and planning for continuity of operations to expedite recovery from cybersecurity incidents, including ransomware; > > > #### “(6) > > serving as a principal point of contact for non-Federal entities to engage, on a voluntary basis, with the Federal Government on preparing, managing, and responding to cybersecurity incidents; > > > #### “(7) > > assisting non-Federal entities in developing and coordinating vulnerability disclosure programs consistent with Federal and information security industry standards; > > > #### “(8) > > assisting State, local, Tribal, and territorial governments, on a voluntary basis, in the development of State cybersecurity plans; > > > #### “(9) > > coordinating with appropriate officials within the Agency; and > > > #### “(10) > > performing such other duties as determined necessary by the Director to achieve the goal of managing cybersecurity risks in the United States and reducing the impact of cyber threats to non-Federal entities. > > > ### “(c) Feedback > > The Director shall consult with relevant State, local, Tribal, and territorial officials regarding the appointment, and State, local, Tribal, and territorial officials and other non-Federal entities regarding the performance, of the Cybersecurity State Coordinator of a State.” > . ####
(2)Coordination plan **[**[6 U.S.C. 665c note](/us/usc/t6/s665c)**]** Not later than 60 days after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall establish and submit to the Committee on Homeland Security and Governmental Affairs in the Senate and the Committee on Homeland Security in the House of Representatives a plan describing the reporting structure and coordination processes and procedures of Cybersecurity State Coordinators within the Cybersecurity and Infrastructure Security Agency under section 2215 of the Homeland Security Act of 2002, as added by paragraph (1)(B). ####
(3)Oversight The Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall provide to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a briefing on the placement and efficacy of the Cybersecurity State Coordinators appointed under section 2215 of the Homeland Security Act of 2002, as added by paragraph (1)(B), and the coordination plan required under paragraph (2)— #####
(A)not later than one year after the date of enactment of this Act; and #####
(B)not later than two years after providing the first briefing under this paragraph. ####
(4)Rule of construction **[**[6 U.S.C. 665c note](/us/usc/t6/s665c)**]** Nothing in this subsection or the amendments made by this subsection may be construed to affect or otherwise modify the authority of Federal law enforcement agencies with respect to investigations relating to cybersecurity incidents. ####
(5)Clerical amendment The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 2214 the following new item:" “Sec. 2215. Cybersecurity State Coordinator.” ". ###
(b)Stakeholder Outreach and Operational Engagement Strategy and Implementation Plan ####
(1)Strategy Not later than one year after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall issue a strategy and subsequent implementation plan to improve stakeholder outreach and operational engagement, including the Agency’s strategic and operational goals and priorities for carrying out stakeholder engagement activities. ####
(2)Contents The stakeholder outreach and operational engagement strategy and implementation plan issued pursuant to paragraph
(1)shall include the following: #####
(A)A catalogue of the stakeholder engagement services delivered by the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, including the regions of the stakeholder services delivered and the critical infrastructure sectors (as such term is defined in section 2001(3) of the Homeland Security Act of 2002 (6 U.S.C. 601(3)) involved. #####
(B)An assessment of the capacity of programs of the Agency to deploy personnel, including the adequacy of such personnel to meet service requests and the ability of such personnel to engage with and deliver services to stakeholders in urban, suburban, and rural areas. #####
(C)Long-term objectives of such personnel, including training of the workforce to optimize the capabilities of such programs and capacity goals. #####
(D)A description of programs, policies, and activities used to carry out such stakeholder engagement services under subparagraph (A). #####
(E)Resources and personnel necessary to effectively support critical infrastructure owners and operators and, as appropriate, other entities, including non-profit organizations, based on current and projected demand for Agency services. #####
(F)Guidance on how outreach to critical infrastructure owners and operators in a region should be prioritized. #####
(G)Plans to ensure that stakeholder engagement personnel of the Agency have a clear understanding of expectations for engagement within each critical infrastructure sector and subsector, whether during steady state or surge capacity. #####
(H)Metrics for measuring how effective stakeholder engagement services under subparagraph
(A)are at furthering the Agency’s strategic and operational goals and priorities. #####
(I)Mechanisms to track regional engagement by personnel of the Agency with critical infrastructure owners and operators, and how frequently such engagement takes place. #####
(J)Plans for awareness campaigns to familiarize critical infrastructure owners and operators with security resources and support offered by the Cybersecurity and Infrastructure Security Agency. #####
(K)A description of how to prioritize engagement with critical infrastructure sectors based on threat information and the capacity of such sectors to mitigate such threats #####
(L)Projected timelines, benchmarks, and resource requirements to implement the Agency’s strategic goals and priorities. ####
(3)Stakeholder input In issuing the stakeholder outreach and operational engagement strategy required under paragraph (1), the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall, to the extent practicable, solicit input from stakeholders representing the following: #####
(A)Each of the critical infrastructure sectors. #####
(B)Critical infrastructure owners and operators located in each region in which the Agency maintains a field office. ####
(4)Oversight Upon issuance of the stakeholder outreach and operational engagement strategy and implementation plan required under paragraph (1), the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate such strategy and plan, together with any associated legislative or budgetary proposals relating thereto.
Connectionstraces to 4
Citation graph
cites case law
Cites 4Cited by 0 across 0 sources