Sec. 1724. RESPONSIBILITY FOR CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION OF THE DEFENSE INDUSTRIAL BASE
692 words·~3 min read·
/statute-compilations/comps-16736/sec-1724A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1724 RESPONSIBILITY FOR CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION OF THE DEFENSE INDUSTRIAL BASE **[**[10 U.S.C. 2224 note](/us/usc/t10/s2224)**]** ###
(a)Critical Infrastructure Defined In this section, the term “critical infrastructure” has the meaning given such term in section 1016(e) of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001 (42 U.S.C. 5195c(e)). ###
(b)Designation Not later than 30 days after the date of the enactment of the National Defense Authorization Act for Fiscal Year 2024, the Secretary of Defense shall designate a principal staff assistant from within the Office of the Secretary of Defense who shall serve as the coordinating authority for cybersecurity issues relating to the defense industrial base. ###
(c)Responsibilities As the coordinating authority for cybersecurity issues relating to the defense industrial base, the principal staff assistant designated under subsection
(b)shall synchronize, harmonize, de-conflict, and coordinate all policies and programs germane to defense industrial base cybersecurity, including the following: ####
(1)The Sector Risk Management Agency functions under Presidential Policy Directive-21 the Department of Defense has assigned to the Under Secretary of Defense for Policy for implementation. ####
(2)The Under Secretary of Defense for Acquisition and Sustainment’s policies and programs germane to contracting and contractual enforcement as such relate to cybersecurity assessment and assistance, and industrial base health and security. ####
(3)The Under Secretary of Defense for Intelligence and Security’s policies and programs germane to physical security, information security, industrial security, acquisition security and cybersecurity, all source intelligence, classified threat intelligence sharing related to defense industrial base cybersecurity activities, counterintelligence, and foreign ownership control or influence, including the Defense Intelligence Agency and National Security Agency support provided to the Department of Defense - Defense Industrial Base Collaborative Information Sharing Environment and cyber intrusion damage assessment analysis as part of defense industrial base cybersecurity activities. ####
(4)The Department of Defense Chief Information Officer’s policies and programs for cybersecurity standards and integrating cybersecurity threat intelligence-sharing activities and enhancing Department of Defense and defense industrial base cyber situational awareness. ####
(5)The Under Secretary of Defense for Research and Engineering’s policies and programs germane to protection planning requirements of emerging technologies as such relate to cybersecurity assessment and assistance, and industrial base health and security. ####
(6)Other Department of Defense components’ policies and programs germane to the cybersecurity of the defense industrial base, including the policies and programs of the military services and the combatant commands. ###
(d)Additional Functions In carrying out this section, the principal staff assistant designated under subsection
(b)shall— ####
(1)coordinate or facilitate coordination with relevant Federal departments and agencies, defense industrial base entities, independent regulatory agencies, and with State, local, territorial, and Tribal entities, as appropriate; ####
(2)facilitate or coordinate the provision of incident management support to defense industrial base entities, as appropriate; ####
(3)facilitate or coordinate the provision of technical assistance to and consultations with defense industrial base entities to identify cyber or cyber-physical vulnerabilities and minimize the damage of potential incidents, as appropriate; and ####
(4)support or facilitate the supporting of the statutorily required reporting requirements of such relevant Federal departments and agencies by providing or facilitating the provision to such departments and agencies on an annual basis relevant critical infrastructure information, as appropriate. ###
(e)Department of Defense Roles and Responsibilities No later than 180 days after the date of the enactment of the National Defense Authorization Act for Fiscal Year 2024, the Secretary of Defense shall brief the Committees on Armed Services of the Senate and the House of Representatives on the following issues: ####
(1)A plan for implementation of this section, including an assessment of the roles and responsibilities of entities across the Department of Defense and mechanisms and processes for coordination of policy and programs germane to defense industrial base cybersecurity. ####
(2)An analysis of the feasibility and advisability of separating cybersecurity functions of a Sector Risk Management Agency pursuant to section 9002 of the National Defense Authorization Act for Fiscal Year 2021 (6 U.S.C. 652a) from non-cybersecurity functions of a Sector Risk Management Agency.
Connectionstraces to 3
Citation graph
cites case law
Sec. 1724
RESPONSIBILITY FOR CYBERSECURITY AND CRITICAL INFRASTRUCTURE PROTECTION OF THE DEFENSE INDUSTRIAL BASE
Cites 3Cited by 0 across 0 sources