Sec. 6320. PROACTIVE CYBERSECURITY
854 words·~4 min read·
/statute-compilations/comps-17475/sec-6320A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 6320 PROACTIVE CYBERSECURITY ###
(a)Survey of Elements Pursuant to section 103G(b)(1) of the National Security Act (50 U.S.C. 3032(b)(1)), not later than 1 year after the date of the enactment of this Act, the Chief Information Officer of the Intelligence Community shall conduct a survey of each element of the intelligence community on the use by that element of proactive cybersecurity initiatives, continuous activity security testing, and active defense techniques. ###
(b)Report by Chief Information Officer ####
(1)Report Not later than 1 year after the date of the completion of the survey under subsection (a), the Chief Information Officer of the Intelligence Community shall submit to the congressional intelligence committees, the Subcommittee on Defense of the Committee on Appropriations of the Senate, and the Subcommittee on Defense of the Committee on Appropriations of the House of Representatives a report on proactive cybersecurity initiatives, continuous activity security testing, and active defense techniques. Such report shall include the following: #####
(A)The results of the survey of each element of the intelligence community conducted under subsection (a), including— ######
(i)examples of any successes against attackers who breached an information system of an element of the intelligence community; and ######
(ii)concerns, limitations, and associated recommendations relating to innovative uses of proactive cybersecurity initiatives. #####
(B)An analysis of the feasibility, costs, and benefits of consolidating oversight and implementation of such methods within the intelligence community, including whether such consolidation would significantly enhance defense. #####
(C)An analysis of any statutory or policy limitations on the ability of the Director of National Intelligence, or the head of any element of the intelligence community, to carry out such methods on behalf of an element of the intelligence community or multiple such elements. #####
(D)An analysis of the relationships between and among the intelligence community, the Department of Defense, the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, national laboratories, and the private sector, and whether such relationships should be enhanced to protect national security systems of the intelligence community through proactive cybersecurity measures. #####
(E)With respect to active defense techniques, a discussion of the effectiveness of such techniques to protect the information systems of the elements of the intelligence community, any constraints that hinder such techniques, and associated recommendations. #####
(F)With respect to continuous activity security testing, a discussion of— ######
(i)how an information system operates under normal and intended use, compared to how such system operates under a variety of adverse conditions and scenarios; and ######
(ii)the feasibility of the adoption of continuous activity security testing among the intelligence community. #####
(G)Recommendations for legislative action and further resources relating to the successful use of proactive cybersecurity initiatives, deception environments, and continuous activity security testing. ####
(2)Form The report under paragraph
(1)may be submitted in classified form. ###
(c)Definitions In this section: ####
(1)Active defense technique The term “active defense technique” means an action taken on an information system of an element of the intelligence community to increase the security of such system against an attacker, including— #####
(A)the use of a deception technology or other purposeful feeding of false or misleading information to an attacker accessing such system; or #####
(B)proportional action taken in response to an unlawful breach. ####
(2)Continuous activity security testing The term “continuous activity security testing” means continuous experimentation conducted by an element of the intelligence community on an information system of such element to evaluate the resilience of such system against a malicious attack or condition that could compromise such system for the purpose of improving design, resilience, and incident response with respect to such system. ####
(3)Deception technology The term “deception technology” means an isolated digital environment, system, or platform containing a replication of an active information system with realistic data flows to attract, mislead, and observe an attacker. ####
(4)Intelligence community information environment The term “intelligence community information environment” has the meaning given the term in Intelligence Community Directive 121, or any successor document. ####
(5)National laboratory The term “national laboratory” has the meaning given that term in section 2 of the Energy Policy Act of 2005 (42 U.S.C. 15801). ####
(6)National manager for national security systems The term “National Manager for National Security Systems” means the Director of National Security, or successor official, serving as the National Manager for National Security Systems pursuant to National Security Directive 42, or any successor document. ####
(7)National security system The term “national security system” has the meaning given that term in section 3552 of title 44, United States Code. ####
(8)Proactive cybersecurity initiatives The term “proactive cybersecurity initiatives” means actions performed periodically and continuously within an organization, focused on identifying and eliminating vulnerabilities within the network infrastructure, preventing security breaches, and evaluating the effectiveness of the business security posture in real-time, including threat hunting, endpoint and network monitoring, and cybersecurity awareness and training. # TITLE LXIV MATTERS RELATING TO ELEMENTS OF THE INTELLIGENCE COMMUNITY ## Subtitle A Office of the Director of National Intelligence
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources