Sec. 9002. SECTOR RISK MANAGEMENT AGENCIES
2,155 words·~10 min read·
/statute-compilations/comps-16736/sec-9002A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 9002 SECTOR RISK MANAGEMENT AGENCIES **[**[6 U.S.C. 652a](/us/usc/t6/s652a)**]** ###
(a)Definitions In this section: ####
(1)Appropriate congressional committees The term “appropriate congressional committees” means— #####
(A)the Committee on Homeland Security and the Committee on Armed Services in the House of Representatives; and #####
(B)the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services in the Senate. ####
(2)Critical infrastructure The term “critical infrastructure” has the meaning given that term in section 1016(e) of Public Law 107-56 (42 U.S.C. 5195c(e)). ####
(3)Department The term “Department” means the Department of Homeland Security. ####
(4)Director The term “Director” means the Director of the Cybersecurity and Infrastructure Security Agency of the Department. ####
(5)Secretary The term “Secretary” means the Secretary of Homeland Security. #### (7)14 Sector risk management agency The term “**Sector Risk Management Agency**” has the meaning given the term in section 2200 of the Homeland Security Act of 2002. 14Section 7143(d)(5)(A) of division G of Public Law 117–263 provides for amendments to section 9002(a) of this Act. Paragraph (5)(A)(ii) of such section 7143(d) redesignates paragraphs
(6)and
(7)as paragraphs
(5)and (6), respectively. Paragraph (5)(A)(iii) of such section 7143(d) amends paragraph
(7)to read in its entirety. After the redesignation of paragraph
(7)as paragraph
(6)this latter amendment technically doesn’t execute. The above represents the revision of the entire paragraph (7), which results in no paragraph
(6)in law. ###
(b)Critical Infrastructure Sector Designation ####
(1)Initial review Not later than 180 days after the date of the enactment of this section, the Secretary, in consultation with the heads of Sector Risk Management Agencies, shall— #####
(A)review the current framework for securing critical infrastructure, as described in section 2202(c)(4) of the Homeland Security Act (6 U.S.C. 652(c)(4)) and Presidential Policy Directive 21; and #####
(B)submit to the President and appropriate congressional committees a report that includes— ######
(i)information relating to— ######
(I)the analysis framework or methodology used to— ######
(aa)evaluate the current framework for securing critical infrastructure referred to in subparagraph (A); and ######
(bb)develop recommendations to— ######
(AA)revise the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or ######
(BB)identify and designate any subsectors of such sectors; ######
(II)the data, metrics, and other information used to develop the recommendations required under clause (ii); and ######
(ii)recommendations relating to— ######
(I)revising— ######
(aa)the current framework for securing critical infrastructure referred to in subparagraph (A); ######
(bb)the current list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or ######
(cc)the identification and designation of any subsectors of such sectors; and ######
(II)any revisions to the list of designated Federal departments or agencies that serve as the Sector Risk Management Agency for a sector or subsector of such section, necessary to comply with paragraph (3)(B). ####
(2)Periodic evaluation by the secretary At least once every five years, the Secretary, in consultation with the Director and the heads of Sector Risk Management Agencies, shall— #####
(A)evaluate the current list of designated critical infrastructure sectors and subsectors of such sectors and the appropriateness of Sector Risk Management Agency designations, as set forth in Presidential Policy Directive 21, any successor or related document, or policy; and #####
(B)recommend, as appropriate, to the President— ######
(i)revisions to the current list of designated critical infrastructure sectors or subsectors of such sectors; and ######
(ii)revisions to the designation of any Federal department or agency designated as the Sector Risk Management Agency for a sector or subsector of such sector. ####
(3)Review and revision by the president Not later than 180 days after the Secretary submits a recommendation pursuant to paragraph
(1)or (2), the President shall— #####
(A)review the recommendation and revise, as appropriate, the designation of a critical infrastructure sector or subsector or the designation of a Sector Risk Management Agency; and #####
(B)submit to the appropriate congressional committees, the Majority and Minority Leaders of the Senate, and the Speaker and Minority Leader of the House of Representatives, a report that includes— ######
(i)an explanation with respect to the basis for accepting or rejecting the recommendations of the Secretary; and ######
(ii)information relating to the analysis framework, methodology, metrics, and data used to— ######
(I)evaluate the current framework for securing critical infrastructure referred to in paragraph (1)(A); and ######
(II)develop— ######
(aa)recommendations to revise— ######
(AA)the list of critical infrastructure sectors designated pursuant to Presidential Policy Directive 21, any successor or related document, or policy; or ######
(BB)the designation of any subsectors of such sectors; and ######
(bb)the recommendations of the Secretary. ####
(4)Publication Any designation of critical infrastructure sectors shall be published in the Federal Register. ###
(c)Sector Risk Management Agencies ####
(1)In general Subtitle A of title XXII of the Homeland Security Act of 2002 is amended by adding at the end the following new section: > > ## “SEC. 2215 SECTOR RISK MANAGEMENT AGENCIES > > **[**[6 U.S.C. 665d](/us/usc/t6/s665d)**]** > > > ### “(a) In General > > Consistent with applicable law, Presidential directives, Federal regulations, and strategic guidance from the Secretary, each Sector Risk Management Agency, in coordination with the Director, shall— > > > #### “(1) > > provide specialized sector-specific expertise to critical infrastructure owners and operators within its designated critical infrastructure sector or subsector of such sector; and > > > #### “(2) > > support programs and associated activities of such sector or subsector of such sector. > > > ### “(b) Implementation > > In carrying out this section, Sector Risk Management Agencies shall— > > > #### “(1) > > coordinate with the Department and, as appropriate, other relevant Federal departments and agencies; > > > #### “(2) > > collaborate with critical infrastructure owners and operators within the designated critical infrastructure sector or subsector of such sector; and > > > #### “(3) > > coordinate with independent regulatory agencies, and State, local, Tribal, and territorial entities, as appropriate. > > > ### “(c) Responsibilities > > Consistent with applicable law, Presidential directives, Federal regulations, and strategic guidance from the Secretary, each Sector Risk Management Agency shall utilize its specialized expertise regarding its designated critical infrastructure sector or subsector of such sector and authorities under applicable law to— > > > #### “(1) > > support sector risk management, in coordination with the Director, including— > > > ##### “(A) > > establishing and carrying out programs to assist critical infrastructure owners and operators within the designated sector or subsector of such sector in identifying, understanding, and mitigating threats, vulnerabilities, and risks to their systems or assets, or within a region, sector, or subsector of such sector; and > > > ##### “(B) > > recommending security measures to mitigate the consequences of destruction, compromise, and disruption of systems and assets; > > > #### “(2) > > assess sector risk, in coordination with the Director, including— > > > ##### “(A) > > identifying, assessing, and prioritizing risks within the designated sector or subsector of such sector, considering physical security and cybersecurity threats, vulnerabilities, and consequences; and > > > ##### “(B) > > supporting national risk assessment efforts led by the Department; > > > #### “(3) > > sector coordination, including— > > > ##### “(A) > > serving as a day-to-day Federal interface for the prioritization and coordination of sector-specific activities and responsibilities under this title; > > > ##### “(B) > > serving as the Federal Government coordinating council chair for the designated sector or subsector of such sector; and > > > ##### “(C) > > participating in cross-sector coordinating councils, as appropriate; > > > #### “(4) > > facilitating, in coordination with the Director, the sharing with the Department and other appropriate Federal department of information regarding physical security and cybersecurity threats within the designated sector or subsector of such sector, including— > > > ##### “(A) > > facilitating, in coordination with the Director, access to, and exchange of, information and intelligence necessary to strengthen the security of critical infrastructure, including through information sharing and analysis organizations and the national cybersecurity and communications integration center established pursuant to section 2209; > > > ##### “(B) > > facilitating the identification of intelligence needs and priorities of critical infrastructure owners and operators in the designated sector or subsector of such sector, in coordination with the Director of National Intelligence and the heads of other Federal departments and agencies, as appropriate; > > > ##### “(C) > > providing the Director, and facilitating awareness within the designated sector or subsector of such sector, of ongoing, and where possible, real-time awareness of identified threats, vulnerabilities, mitigations, and other actions related to the security of such sector or subsector of such sector; and > > > ##### “(D) > > supporting the reporting requirements of the Department under applicable law by providing, on an annual basis, sector-specific critical infrastructure information; > > > #### “(5) > > supporting incident management, including— > > > ##### “(A) > > supporting, in coordination with the Director, incident management and restoration efforts during or following a security incident; and > > > ##### “(B) > > supporting the Director, upon request, in national cybersecurity asset response activities for critical infrastructure; and > > > #### “(6) > > contributing to emergency preparedness efforts, including— > > > ##### “(A) > > coordinating with critical infrastructure owners and operators within the designated sector or subsector of such sector and the Director in the development of planning documents for coordinated action in the event of a natural disaster, act of terrorism, or other man-made disaster or emergency; > > > ##### “(B) > > participating in and, in coordination with the Director, conducting or facilitating, exercises and simulations of potential natural disasters, acts of terrorism, or other man-made disasters or emergencies within the designated sector or subsector of such sector; and > > > ##### “(C) > > supporting the Department and other Federal departments or agencies in developing planning documents or conducting exercises or simulations when relevant to the designated sector or subsector or such sector.” > . ####
(2)Technical and conforming amendments The Homeland Security Act of 2002 is amended— #####
(A)**[**[6 U.S.C. 195f](/us/usc/t6/s195f)**]** in section 320— ######
(i)in subsection (d)(3)(C), by striking “Sector-Specific Agency” and inserting “Sector Risk Management Agency”; and ######
(ii)in subsection (e)(1), by striking “Sector-Specific Agency” and inserting “Sector Risk Management Agency”; #####
(B)**[**[6 U.S.C. 321m](/us/usc/t6/s321m)**]** in section 524— ######
(i)in subsection (b)(2)(E)(i)(II), by striking “sector-specific agency” and inserting “Sector Risk Management Agency”; and ######
(ii)in subsection (c)(1)(B), by striking “sector-specific agency” and inserting “Sector Risk Management Agency”; #####
(C)**[**[6 U.S.C. 651](/us/usc/t6/s651)**]** in section 2201(5)— ######
(i)in the paragraph heading, by striking “Sector-specific agency” and inserting “Sector risk management agency”; and ######
(ii)by striking “Sector-Specific Agency” and inserting “Sector Risk Management Agency”; #####
(D)**[**[6 U.S.C. 652](/us/usc/t6/s652)**]** in section 2202(i), by striking “Sector-Specific Agency” and inserting “Sector Risk Management Agency”; and #####
(E)**[**[6 U.S.C. 664](/us/usc/t6/s664)**]** in section 2214(c)(4), by striking “sector-specific agency” and inserting “Sector Risk Management Agency”. ####
(3)References Any reference to a Sector Specific Agency (including any permutations or conjugations thereof) in any law, regulation, map, document, record, or other paper of the United States shall be deemed to— #####
(A)be a reference to the Sector Risk Management Agency of the relevant critical infrastructure sector; and #####
(B)have the meaning give such term in section 2201(5) of the Homeland Security Act of 200215. 15Section 7143(d)(5)(B) of division G of Public Law 117–263 attempts to amend paragraph (3)(B) by striking “given such term in section 2201(5) (6 U.S.C. 651(5))” and inserting “given such term in section 2200”. The amendment could not be carried out because the stricken matter does not appear in law. ####
(4)Clerical amendment The table of contents in section 1(b) of the Homeland Security Act of 2002 is amended by inserting after the item relating to section 2214 the following new item:" “Sec. 2215. Sector Risk Management Agencies.” ". ###
(d)Report and Auditing Not later than two years after the date of the enactment of this Act and every four years thereafter for 12 years, the Comptroller General of the United States shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the effectiveness of Sector Risk Management Agencies in carrying out their responsibilities under section 2218 of the Homeland Security Act of 2002 (6 U.S.C. 665d).
Connectionstraces to 9
Traces to 9 documents
U.S. Code
- Sector Risk Management Agencies§ 652a
- Critical infrastructures protection§ 5195c
- Cybersecurity and Infrastructure Security Agency§ 652
- Sector Risk Management Agencies§ 665d
- EMP and GMD mitigation research and development and threat assessment, response, and recovery§ 195f
- Voluntary private sector preparedness accreditation and certification program§ 321m
- Definition§ 651
- National asset database§ 664
1 reference not yet in our index
- Pub. L. 107-56
Citation graph
cites case law
Sec. 9002
SECTOR RISK MANAGEMENT AGENCIES
Pub. L.Pub. L. 107-56
Cites 10Cited by 0 across 0 sources