Union Calendar No. 260
115th CONGRESS 1st Session |
[Report No. 115–356, Part I]
To enhance cybersecurity information sharing and coordination at ports in the United States, and for other purposes.
June 28, 2017
Mrs. Torres introduced the following bill; which was referred to the Committee on Homeland Security, and in addition to the Committee on Transportation and Infrastructure, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned
October 19, 2017
Additional sponsors: Mr. Correa, Ms. Wilson of Florida, Mr. Evans, Mr. Kilmer, Ms. Barragán, and Mr. Poe of Texas
October 19, 2017
Reported from the Committee on Homeland Security
October 19, 2017
The Committee on Transportation and Infrastructure discharged; committed to the Committee of the Whole House on the State of the Union and ordered to be printed
To enhance cybersecurity information sharing and coordination at ports in the United States, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “Strengthening Cybersecurity Information Sharing and Coordination in Our Ports Act of 2017”.
SEC. 2. Improving cybersecurity risk assessments, information sharing, and coordination.
The Secretary of Homeland Security shall—
(1) develop and implement a maritime cybersecurity risk assessment model within 120 days after the date of the enactment of this Act, consistent with the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity and any update to that document pursuant to Public Law 113–274, to evaluate current and future cybersecurity risks (as that term is defined in section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148));
(2) evaluate, on a periodic basis but not less than once every two years, the effectiveness of the cybersecurity risk assessment model established under paragraph (1);
(3) seek to ensure participation of at least one information sharing and analysis organization (as that term is defined in section 212 of the Homeland Security Act of 2002 (6 U.S.C. 131)) representing the maritime community in the National Cybersecurity and Communications Integration Center, pursuant to subsection (d)(1)(B) of section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148);
(4) establish guidelines for voluntary reporting of maritime-related cybersecurity risks and incidents (as such terms are defined in section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148)) to the Center (as that term is defined subsection (b) of section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148)), and other appropriate Federal agencies; and
(5) request the National Maritime Security Advisory Committee established under section 70112 of title 46, United States Code, to report and make recommendations to the Secretary on enhancing the sharing of information related to cybersecurity risks and incidents between relevant Federal agencies and State, local, and tribal governments and consistent with the responsibilities of the Center (as that term is defined subsection (b) of section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148)); relevant public safety and emergency response agencies; relevant law enforcement and security organizations; maritime industry; port owners and operators; and terminal owners and operators.
SEC. 3. Cybersecurity enhancements to maritime security activities.
The Secretary of Homeland Security, acting through the Commandant of the Coast Guard, shall direct—
(1) each Area Maritime Security Advisory Committee established under section 70112 of title 46, United States Code, to facilitate the sharing of cybersecurity risks and incidents to address port-specific cybersecurity risks, which may include the establishment of a working group of members of Area Maritime Security Advisory Committees to address port-specific cybersecurity vulnerabilities; and
(2) that any area maritime security plan and facility security plan required under section 70103 of title 46, United States Code, approved after the development of the cybersecurity risk assessment model required by paragraph (1) of section 2 include a mitigation plan to prevent, manage, and respond to cybersecurity risks.
SEC. 4. vulnerability assessments and security plans.
Title 46, United States Code, is amended—
(1) in section 70102(b)(1)(C), by inserting “cybersecurity,” after “physical security,”; and
(2) in section 70103(c)(3)(C), by striking “and” after the semicolon at the end of clause (iv), by redesignating clause (v) as clause (vi), and by inserting after clause (iv) the following:
Union Calendar No. 260 | |||||
| |||||
[Report No. 115–356, Part I] | |||||
A BILL | |||||
To enhance cybersecurity information sharing and coordination at ports in the United States, and for other purposes. | |||||
October 19, 2017 | |||||
Reported from the Committee on Homeland Security | |||||
October 19, 2017 | |||||
The Committee on Transportation and Infrastructure discharged; committed to the Committee of the Whole House on the State of the Union and ordered to be printed |