Sec. 1550. PILOT PROGRAM ON PUBLIC-PRIVATE PARTNERSHIPS WITH INTERNET ECOSYSTEM COMPANIES TO DETECT AND DISRUPT ADVERSARY CYBER OPERATIONS
1,575 words·~7 min read·
/statute-compilations/comps-16861/sec-1550A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 1550 PILOT PROGRAM ON PUBLIC-PRIVATE PARTNERSHIPS WITH INTERNET ECOSYSTEM COMPANIES TO DETECT AND DISRUPT ADVERSARY CYBER OPERATIONS **[**[6 U.S.C. 652 note](/us/usc/t6/s652)**]** ###
(a)Pilot Required Not later than one year after the date of the enactment of this Act, the Secretary, acting through the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security and in coordination with the Secretary of Defense and the National Cyber Director, shall commence a pilot program to assess the feasibility and advisability of entering into public-private partnerships with internet ecosystem companies to facilitate, within the bounds of applicable provisions of law and such companies’ terms of service, policies, procedures, contracts, and other agreements, actions by such companies to discover and disrupt use by malicious cyber actors of the platforms, systems, services, and infrastructure of such companies. ###
(b)Public-private Partnerships ####
(1)In general In carrying out the pilot program under subsection (a), the Secretary shall seek to enter into one or more public-private partnerships with internet ecosystem companies. ####
(2)Voluntary participation #####
(A)In general Participation by an internet ecosystem company in a public-private partnership under the pilot program, including in any activity described in subsection (c), shall be voluntary. #####
(B)Prohibition No funds appropriated by any Act may be used to direct, pressure, coerce, or otherwise require that any internet ecosystem company take any action on their platforms, systems, services, or infrastructure as part of the pilot program. ###
(c)Authorized Activities In carrying out the pilot program under subsection (a), the Secretary may— ####
(1)provide assistance to a participating internet ecosystem company to develop effective know-your-customer processes and requirements; ####
(2)provide information, analytics, and technical assistance to improve the ability of participating companies to detect and prevent illicit or suspicious procurement, payment, and account creation on their own platforms, systems, services, or infrastructure; ####
(3)develop and socialize best practices for the collection, retention, and sharing of data by participating internet ecosystem companies to support discovery of malicious cyber activity, investigations, and attribution on the platforms, systems, services, or infrastructure of such companies; ####
(4)provide to participating internet ecosystem companies actionable, timely, and relevant information, such as information about ongoing operations and infrastructure, threats, tactics, and procedures, and indicators of compromise, to enable such companies to detect and disrupt the use by malicious cyber actors of the platforms, systems, services, or infrastructure of such companies; ####
(5)provide recommendations for (but not design, develop, install, operate, or maintain) operational workflows, assessment and compliance practices, and training that participating internet ecosystem companies can implement to reliably detect and disrupt the use by malicious cyber actors of the platforms, systems, services, or infrastructure of such companies; ####
(6)provide recommendations for accelerating, to the greatest extent practicable, the automation of existing or implemented operational workflows to operate at line-rate in order to enable real-time mitigation without the need for manual review or action; ####
(7)provide recommendations for (but not design, develop, install, operate, or maintain) technical capabilities to enable participating internet ecosystem companies to collect and analyze data on malicious activities occurring on the platforms, systems, services, or infrastructure of such companies to detect and disrupt operations of malicious cyber actors; and ####
(8)provide recommendations regarding relevant mitigations for suspected or discovered malicious cyber activity and thresholds for action. ###
(d)Competition Concerns Consistent with section 1905 of title 18, United States Code, the Secretary shall ensure that any trade secret or proprietary information of a participating internet ecosystem company made known to the Federal Government pursuant to a public-private partnership under the pilot program remains private and protected unless explicitly authorized by such company. ###
(e)Impartiality In carrying out the pilot program under subsection (a), the Secretary may not take any action that is intended primarily to advance the particular business interests of an internet ecosystem company but is authorized to take actions that advance the interests of the United States, notwithstanding differential impact or benefit to a given company’s or given companies’ business interests. ###
(f)Responsibilities ####
(1)Secretary of homeland security The Secretary shall exercise primary responsibility for the pilot program under subsection (a), including organizing and directing authorized activities with participating Federal Government organizations and internet ecosystem companies to achieve the objectives of the pilot program. ####
(2)National cyber director The National Cyber Director shall support prioritization and cross-agency coordination for the pilot program, including ensuring appropriate participation by participating agencies and the identification and prioritization of key private sector entities and initiatives for the pilot program. ####
(3)Secretary of defense The Secretary of Defense shall provide support and resources to the pilot program, including the provision of technical and operational expertise drawn from appropriate and relevant officials and components of the Department of Defense, including the National Security Agency, United States Cyber Command, the Chief Information Officer, the Office of the Secretary of Defense, military department Principal Cyber Advisors, and the Defense Advanced Research Projects Agency. ###
(g)Participation of Other Federal Government Components The Secretary may invite to participate in the pilot program required under subsection
(a)the heads of such departments or agencies as the Secretary considers appropriate. ###
(h)Integration With Other Efforts The Secretary shall ensure that the pilot program required under subsection
(a)makes use of, builds upon, and, as appropriate, integrates with and does not duplicate other efforts of the Department of Homeland Security and the Department of Defense relating to cybersecurity, including the following: ####
(1)The Joint Cyber Defense Collaborative of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security. ####
(2)The Cybersecurity Collaboration Center and Enduring Security Framework of the National Security Agency. ###
(i)Rules of Construction ####
(1)Limitation on government access to data Nothing in this section authorizes sharing of information, including information relating to customers of internet ecosystem companies or private individuals, from an internet ecosystem company to an agency, officer, or employee of the Federal Government unless otherwise authorized by another provision of law. ####
(2)Stored communications act Nothing in this section may be construed to permit or require disclosure by a provider of a remote computing service or a provider of an electronic communication service to the public of information not otherwise permitted or required to be disclosed under chapter 121 of title 18, United States Code (commonly known as the “Stored Communications Act”). ####
(3)Third party customers Nothing in this section may be construed to require a third party, such as a customer or managed service provider of an internet ecosystem company, to participate in the pilot program under subsection (a). ###
(j)Briefings ####
(1)Initial #####
(A)In general Not later than one year after the date of the enactment of this Act, the Secretary, in coordination with the Secretary of Defense and the National Cyber Director, shall brief the appropriate committees of Congress on the pilot program required under subsection (a). #####
(B)Elements The briefing required under subparagraph
(A)shall include the following: ######
(i)The plans of the Secretary for the implementation of the pilot program. ######
(ii)Identification of key priorities for the pilot program. ######
(iii)Identification of any potential challenges in standing up the pilot program or impediments, such as a lack of liability protection, to private sector participation in the pilot program. ######
(iv)A description of the roles and responsibilities in the pilot program of each participating Federal entity. ####
(2)Annual #####
(A)In general Not later than two years after the date of the enactment of this Act and annually thereafter for three years, the Secretary, in coordination with the Secretary of Defense and the National Cyber Director, shall brief the appropriate committees of Congress on the progress of the pilot program required under subsection (a). #####
(B)Elements Each briefing required under subparagraph
(A)shall include the following: ######
(i)Recommendations for addressing relevant policy, budgetary, and legislative gaps to increase the effectiveness of the pilot program. ######
(ii)Recommendations, such as providing liability protection, for increasing private sector participation in the pilot program. ######
(iii)A description of the challenges encountered in carrying out the pilot program, including any concerns expressed by internet ecosystem companies regarding participation in the pilot program. ######
(iv)The findings of the Secretary with respect to the feasibility and advisability of extending or expanding the pilot program. ######
(v)Such other matters as the Secretary considers appropriate. ###
(k)Termination The pilot program required under subsection
(a)shall terminate on the date that is five years after the date of the enactment of this Act. ###
(l)Definitions In this section: ####
(1)Appropriate committees of congress The term “appropriate committees of Congress” means— #####
(A)the Committee on Homeland Security and Governmental Affairs and the Committee on Armed Services of the Senate; and #####
(B)the Committee on Homeland Security and the Committee on Armed Services of the House of Representatives. ####
(2)Internet ecosystem company The term “internet ecosystem company” means a business incorporated in the United States that provides cybersecurity services, internet service, content delivery services, Domain Name Service, cloud services, mobile telecommunications services, email and messaging services, internet browser services, or such other services as the Secretary determines appropriate for the purposes of the pilot program under subsection (a). ####
(3)Secretary The term “Secretary” means the Secretary of Homeland Security.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1550
PILOT PROGRAM ON PUBLIC-PRIVATE PARTNERSHIPS WITH INTERNET ECOSYSTEM COMPANIES TO DETECT AND DISRUPT ADVERSARY CYBER OPERATIONS
Cites 1Cited by 0 across 0 sources