Dhs Roles and Responsibilities in Cyber Space Act
Floor Speech
BREAK IN TRANSCRIPT
Mr. MALINOWSKI. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 5658) to require the Secretary of Homeland Security to submit a report on the cybersecurity roles and responsibilities of the Federal Government, and for other purposes, as amended.
The Clerk read the title of the bill.
The text of the bill is as follows: H.R. 5658
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE.
This Act may be cited as the ``DHS Roles and Responsibilities in Cyber Space Act''. SEC. 2. FINDINGS.
Congress finds the following:
(1) The Department of Homeland Security, through the Cybersecurity and Infrastructure Security Agency, is the lead Federal coordinator for securing critical infrastructure across all 16 sectors, in coordination with designated Sector Risk Management Agencies.
(2) Cyber incidents require technical resources and are only sometimes sector specific.
(3) The Cybersecurity and Infrastructure Security Agency is the central agency that can quickly analyze and coordinate mitigations when a malicious cyber campaign spans multiple sectors.
(4) Section 2209 of the Homeland Security Act of 2002 authorizes the Cybersecurity and Infrastructure Security Agency as the Federal civilian interface for multi- directional and cross-sector sharing of information related to cyber threat indicators with and between the government and the private sector.
(5) Section 2209 of the Homeland Security Act of 2002 authorizes the Cybersecurity and Infrastructure Security Agency to facilitate cross-sector coordination to address cybersecurity risks and incidents, including cybersecurity risks and incidents that may be related or could have consequential impacts across multiple sectors.
(6) Presidential Policy Directive-41 directs the Department of Homeland Security, via the national cybersecurity and communications integration center, to be the lead Federal agency for asset response during a significant cyber incident.
(7) The functions of the national cybersecurity and communications integration center are carried about by the Cybersecurity and Infrastructure Security Agency's Cybersecurity Division.
(8) Presidential Policy Directive-21 directs the Department of Homeland Security to lead the coordination of critical infrastructure protection among the Sector Risk Management Agencies.
(9) Section 9002 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 codified the duties of Sector Risk Management Agencies for critical infrastructure sectors, laying out the roles and responsibilities they have in coordinating with the Cybersecurity and Infrastructure Security Agency to secure the nation's critical infrastructure.
(10) Enhancing the security and resilience of our critical infrastructure is a priority for Congress and for the Nation.
(11) The Department of Homeland Security maintains and continues to build partnerships across all infrastructure sectors to enhance control systems cybersecurity.
(12) Section 1731 of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 directed the Secretary of Homeland Security to submit a report on the potential for better coordination of Federal cybersecurity efforts at an integrated cybersecurity center within the Cybersecurity and Infrastructure Security Agency. SEC. 3. REPORT ON CYBERSECURITY ROLES AND RESPONSIBILITIES OF THE DEPARTMENT OF HOMELAND SECURITY.
(a) In General.--Not later than one year after the date of the enactment of this Act, the Secretary of Homeland Security, in coordination with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on the roles and responsibilities of the Department and its components relating to cyber incident response.
(b) Contents.--The report required under subsection (a) shall include the following:
(1) A review of how the cyber incident response plans under section 2210(c) of the Homeland Security Act of 2002 (6 U.S.C. 660(c)) are utilized in the Federal Government's response to a cyber incident.
(2) An explanation of the roles and responsibilities of the Department of Homeland Security and its components with responsibility for, or in support of, the Federal Government's response to a cyber incident, including primary responsibility for working with impacted private sector entities.
(3) An explanation of which and how authorities of the Department and its components are utilized in the Federal Government's response to a cyber incident.
(4) Recommendations to provide further clarity for roles and responsibilities of the Department and its components relating to cyber incident response.
Mr. Speaker, given the magnitude and complexity of the current cybersecurity threat landscape, coordination among DHS components to address growing and evolving risks in cybersecurity is critical. It is important that DHS components coordinate in a manner that reflects how their respective expertise can fit into the broader DHS cybersecurity strategy.
While the Cybersecurity and Infrastructure Security Agency has the most notable role in cybersecurity at DHS, other components also have considerable cyber expertise.
For example, the Secret Service has a critical role in investigating cybercrimes, and the Transportation Security Administration and the Coast Guard provide cybersecurity support for the transportation sector.
As DHS develops its cybersecurity strategy and incident response planning, it must consider how best to use each of these components and must carefully define roles and responsibilities so that components understand their duties during a cyber incident.
To that end, H.R. 5658 directs DHS to provide a report to Congress that explains the roles and responsibilities of its components in cyber incident response. The report is to include information on how DHS' authorities and CISA's incident response plans are utilized in the Federal Government's overall cyber incident response efforts.
This report will help ensure that DHS is developing a coordinated effort to provide Congress critical information regarding the authorities needed to facilitate effective cyber incident response.
I thank Representative Bacon for collaborating with the Homeland Security Committee on this legislation.
Mr. Speaker, I urge my colleagues to support this bill, and I reserve the balance of my time.
Mr. Speaker, in recent years, we have seen several cyber incidents that have demonstrated the importance of effective incident response planning.
With cyber incidents occurring across many sectors, DHS plays a unique role as the lead Federal coordinator for securing critical infrastructure. Passing this bill will help ensure that DHS and its components have the properly defined roles and responsibilities necessary to carry out this mission effectively.
I urge my colleagues to support H.R. 5658. I am sure we all look forward to spending quality time together as we do roll call votes on all of these noncontroversial, bipartisan bills this week, and I yield back the balance of my time.
BREAK IN TRANSCRIPT
Source