Cybersecurity Act of 2013

8/13/2019 Cybersecurity Act of 2013

1/25

II113 TH CONGRESS1 ST S ESSIONS. 1353To provide for an ongoing, voluntary puli!"private partner#$ip to i%prove!yer#e!urity, and to #trengt$en !yer#e!urity re#ear!$ and develop%ent,

&or'for!e develop%ent and edu!ation, and puli! a&arene## and pre"paredne##, and for ot$er purpo#e#.IN THE SEN(TE O) THE *NITE+ ST(TES *- /0, /132r. R OCE)E--ER 4for $i%#elf and 2r. T H*NE introdu!ed t$e follo&ing ill6&$i!$ &a# read t&i!e and referred to t$e Co%%ittee on Co%%er!e,S!ien!e, and Tran#portation( 7I--To provide for an ongoing, voluntary puli!"private partner"#$ip to i%prove !yer#e!urity, and to #trengt$en !yer#e"!urity re#ear!$ and develop%ent, &or'for!e develop%entand edu!ation, and puli! a&arene## and preparedne##,and for ot$er purpo#e#.17e it ena!ted y t$e Senate and Hou#e of Repre#enta"/ tive# of t$e *nited State# of (%eri!a in Congre## a##e%led,30SECTION 1. SHORT TIT-E6 T(7-E O) CONTENTS.4a S HORT T IT-E .8T$i# (!t %ay e !ited a# t$e5 99Cyer#e!urity (!t of /13::.;4 T (7-EO)C ONTENTS .8T$e tale of !ontent# of< t$i# (!t i# a# follo=>er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 1)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353/Se!. 1. S$ort title6 tale of !ontent#.Se!. /. +efinition#.Se!. 3. No regulatory aut$ority.TIT-E I8A*7-IC"ARI>(TE CO--(7OR(TION ON C7ERSEC*RITSe!. 11. Auli!"private !ollaoration on !yer#e!urity.TIT-E II8C7ERSEC*RIT RESE(RCH (N+ +E>E-OA2ENTSe!. /1. )ederal !yer#e!urity re#ear!$ and develop%ent.Se!. //. Co%puter and net&or' #e!urity re#ear!$ !enter#.


2/25

TIT-E III8E+*C(TION (N+ OR)ORCE +E>E-OA2ENTSe!. 31. Cyer#e!urity !o%petition# and !$allenge#.Se!. 3/. )ederal !yer #!$olar#$ip"for"#ervi!e progra%.Se!. 33. Study and analy#i# of edu!ation, a!!reditation, training, and !ertifi"!ation of infor%ation infra#tru!ture and !yer#e!urity profe#"#ional#.

TIT-E I>8C7ERSEC*RIT ((RENESS (N+ AREA(RE+NESSSe!. 01. National !yer#e!urity a&arene## and preparedne## !a%paign.1 SEC. /. +E)INITIONS./ In t$i# (!t=341 C 7ERSEC*RITer#e!urity %i##ion:: %ean# a!tivitie# t$at en!o%"5 pa## t$e full range of t$reat redu!tion, vulneraility; redu!tion, deterren!e, international engage%ent, in"< !ident re#pon#e, re#ilien!y, and re!overy poli!ie# and? a!tivitie#, in!luding !o%puter net&or' operation#, in"@ for%ation a##uran!e, la& enfor!e%ent, diplo%a!y,1 %ilitary, and intelligen!e %i##ion# a# #u!$ a!tivitie#11 relate to t$e #e!urity and #taility of !yer#pa!e.4/I N)OR2(TIONIN)R(STR*CT*RE .8T$e13 ter% 99infor%ation infra#tru!ture:: %ean# t$e under"10 lying fra%e&or' t$at infor%ation #y#te%# and a##et#15 rely on to pro!e##, tran#%it, re!eive, or #tore infor"DS 1353 IS>er+ate 2ar 15 /1ter% 99!y"01/2ISSION .8T$e/1=? ul /;, /13't /@/AO )r% /)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS135331 %ation ele!troni!ally, in!luding progra%%ale ele!"/ troni! devi!e#, !o%%uni!ation# net&or'#, and indu#"3 trial or #upervi#ory !ontrol #y#te%# and any a##o!i"0 ated $ard&are, #oft&are, or data.543 I N)OR2(TIONSSTE2 .8T$eter% 99infor"; %ation #y#te%:: $a# t$e %eaning given t$at ter% in


3/25


4/25

994e C 7ER R ISS .81/139941 I N!arrying out t$e a!tivi"tie# under #u#e!tion 4!415, t$e +ire!tor8

10GENER(- .8In994( #$all815 994i !oordinate !lo#ely and !ontinu"1; ou#ly &it$ relevant private #e!tor per#onnel1< and entitie#, !riti!al infra#tru!ture o&ner#1? and operator#, #e!tor !oordinating !oun!il#,1@ Infor%ation S$aring and (naly#i# Center#,/ and ot$er relevant indu#try organiation#,/1 and in!orporate indu#try eFperti#e6// 994ii !on#ult &it$ t$e $ead# of agen"/3 !ie# &it$ national #e!urity re#pon#iilitie#,/0 #e!tor"#pe!ifi! agen!ie#, State and lo!alDS 1353 IS>er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 0)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS135351 govern%ent#, t$e govern%ent# of ot$er na"/ tion#, and international organiation#63 994iii identify a prioritied, fleFile, re"0 peatale, perfor%an!e"a#ed, and !o#t"ef"5 fe!tive approa!$, in!luding infor%ation #e"; !urity %ea#ure# and !ontrol#, t$at %ay e< voluntarily adopted y o&ner# and opera"? tor# of !riti!al infra#tru!ture to $elp t$e%@ identify, a##e##, and %anage !yer ri#'#61 994iv in!lude %et$odologie#811 994I to identify and %itigate i%"1/ pa!t# of t$e !yer#e!urity %ea#ure# or13 !ontrol# on u#ine## !onfidentiality610 and15994II to prote!t individual priva!y1; and !ivil liertie#61< 994v in!orporate voluntary !on#en#u#1?#tandard# and indu#try e#t pra!ti!e#6


5/25

1@994vialign&it$voluntary/ national #tandard# to t$e fulle#t eFtent

/1 po##ile6// 994vii prevent dupli!ation of regu"/3 latory pro!e##e# and prevent !onfli!t &it$/0 or #uper#eding of regulatory reuire%ent#,DS 1353 IS>er+ate 2ar 15 /1inter"/1=? ul /;, /13't /@/AO )r% 5)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353;1 %andatory #tandard#, and related pro!"/ e##e#6 and3 994viii in!lude #u!$ ot$er #i%ilar and0 !on#i#tent ele%ent# a# t$e +ire!tor !on"5 #ider# ne!e##ary6 and; 9947 #$all not pre#!rie or ot$er&i#e re"er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO

)r% ;)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353E-OA2ENT.4a ) *N+(2ENT(- C 7ERSEC*RIT R ESE(RCH .81er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% ?)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353@1 4I $o& i%proved !on#u%er edu!ation and/ digital litera!y initiative# !an addre## $u%an3 fa!tor# t$at !ontriute to !yer#e!urity60 4 $o& to prote!t infor%ation pro!e##ed,


8/25

5 tran#%itted, or #tored u#ing !loud !o%puting or; tran#%itted t$roug$ &irele## #ervi!e#6 and< 4 any additional oe!tive# t$e +ire!tor? of t$e Offi!e of S!ien!e and Te!$nology Aoli!y,@ in !oordination &it$ t$e $ead of any relevant1 )ederal agen!y and &it$ input fro% #ta'e"

11 $older#, in!luding indu#try and a!ade%ia, deter"1/ %ine# appropriate.13 4/ R E*IRE2ENTS .8104( I N)ederal !yer#e!u"15 rity re#ear!$ and develop%ent plan #$all iden"1; tify and prioritie near"ter%, %id"ter%, and1< long"ter% re#ear!$ in !o%puter and infor%ation1? #!ien!e and engineering to %eet t$e oe!tive#1@ under paragrap$ 41, in!luding re#ear!$ in t$e/ area# de#!ried in #e!tion 04a41 of t$e Cyer/1 Se!urity Re#ear!$ and +evelop%ent (!t 415// *.S.C. (TESECTOR E))ORTS .8In/0 oping, i%ple%enting, and updating t$e )ederal/5 !yer#e!urity re#ear!$ and develop%ent plan,DS 1353 IS>er+ate 2ar 15 /1devel"/1=? ul /;, /13't /@/AO )r% @)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS135311 t$e +ire!tor of t$e Offi!e of S!ien!e and Te!$"/ nology Aoli!y #$all &or' in !lo#e !ooperation3 &it$ indu#try, a!ade%ia, and ot$er intere#ted0 #ta'e$older# to en#ure, to t$e eFtent po##ile,5 t$at )ederal !yer#e!urity re#ear!$ and devel"; op%ent i# not dupli!ative of private #e!tor ef"< fort#.? 43 T RIENNI(-@ 4( I N*A+(TES .8GENER(- .8T$e)ederal !yer#e!u"


9/25

1 rity re#ear!$ and develop%ent plan #$all e up"11 dated triennially.1/ 47 R EAORTTO CONGRESS .8T$e+ire!tor13 of t$e Offi!e of S!ien!e and Te!$nology Aoli!y

10 #$all #u%it t$e plan, not later t$an 1 year15 after t$e date of ena!t%ent of t$i# (!t, and1; ea!$ updated plan under t$i# #e!tion to t$e1< Co%%ittee on Co%%er!e, S!ien!e, and Tran#"1? portation of t$e Senate and t$e Co%%ittee on1@ S!ien!e, Spa!e, and Te!$nology of t$e Hou#e of/ Repre#entative#./14 C 7ERSEC*RIT A R(CTICES R ESE(RCH .8T$e// +ire!tor of t$e National S!ien!e )oundation #$all #upport/3 re#ear!$ t$at8/0 41 develop#, evaluate#, di##e%inate#, and inte"/5 grate# ne& !yer#e!urity pra!ti!e# and !on!ept# intoDS 1353 IS>er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 1)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353111 t$e !ore !urri!ulu% of !o%puter #!ien!e progra%#/ and of ot$er progra%# &$ere graduate# of #u!$ pro"3 gra%# $ave a #u#tantial proaility of developing0 #oft&are after graduation, in!luding ne& pra!ti!e#5 and !on!ept# relating to #e!ure !oding edu!ation and; i%prove%ent progra%#6 and< 4/ develop# ne& %odel# for profe##ional devel"? op%ent of fa!ulty in !yer#e!urity edu!ation, in!lud"@ ing #e!ure !oding develop%ent.1 4! C 7ERSEC*RIT 2 O+E-INGT EST 7 E+S .811 41 R E>IE .8Not later t$an 1 year after t$e1/ date of ena!t%ent of t$i# (!t, t$e +ire!tor t$e Na"13 tional S!ien!e )oundation, in !oordination &it$ t$e10 +ire!tor of t$e Offi!e of S!ien!e and Te!$nology15 Aoli!y, #$all !ondu!t a revie& of !yer#e!urity te#t1; ed# in eFi#ten!e on t$e date of ena!t%ent of t$i#1< (!t to infor% t$e grant# under paragrap$ 4/. T$e1? revie& #$all in!lude an a##e##%ent of &$et$er a #uf"1@ fi!ient nu%er of !yer#e!urity te#t ed# are avail"


10/25

/ ale to %eet t$e re#ear!$ need# under t$e )ederal/1 !yer#e!urity re#ear!$ and develop%ent plan.///3(N+4/ ( ++ITION(-

C7ERSEC*RIT(N+ TEST 7E+S .8/04( I N/5GENER(- .8Ift$e +ire!tor of t$eNational S!ien!e )oundation, after t$e revie&DS 1353 IS>er+ate 2ar 15 /1/1=? ul /;, /132O+E-ING't /@/AO )r% 11)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS13531/1 under paragrap$ 41, deter%ine# t$at t$e re"/ #ear!$ need# under t$e )ederal !yer#e!urity3 re#ear!$ and develop%ent plan reuire t$e e#"0 tali#$%ent of additional !yer#e!urity te#t5 ed#, t$e +ire!tor of t$e National S!ien!e; )oundation, in !oordination &it$ t$e Se!retary< of Co%%er!e and t$e Se!retary of Ho%eland? Se!urity, %ay a&ard grant# to in#titution# of@ $ig$er edu!ation or re#ear!$ and develop%ent1 non"profit in#titution# to e#tali#$ !yer#e!urity11 te#t ed#.1/47!yer#e!urity13 te#t ed# under #uparagrap$ 4( #$all e #uffi"10 !iently large in order to %odel t$e #!ale and15 !o%pleFity of real"ti%e !yer atta!'# and de"1; fen#e# on real &orld net&or'# and environ"1< %ent#.1?R E*IRE2ENT .8T$e4C ( SSESS2ENTRE*IRE+ .8T$e1@ tor of t$e National S!ien!e )oundation, in !o"


11/25

/ ordination &it$ t$e Se!retary of Co%%er!e and/1 t$e Se!retary of Ho%eland Se!urity, #$all// evaluate t$e effe!tivene## of any grant# a&ard"/3 ed under t$i# #u#e!tion in %eeting t$e oe!"/0 tive# of t$e )ederal !yer#e!urity re#ear!$ and/5 develop%ent plan under #u#e!tion 4a no later

DS 1353 IS>er+ate 2ar 15 /1+ire!"/1=? ul /;, /13't /@/AO )r% 1/)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353131 t$an / year# after t$e revie& under paragrap$/ 41 of t$i# #u#e!tion, and periodi!ally t$ere"3 after.054d C OOR+IN(TION ITH O THER R ESE(RCH I NITI( "TI>ES .8Ina!!ordan!e &it$ t$e re#pon#iilitie# under #e!"; tion 11 of t$e Hig$"Aerfor%an!e Co%puting (!t of 1@@1< 415 *.S.C. 5511, t$e +ire!tor t$e Offi!e of S!ien!e and? Te!$nology Aoli!y #$all !oordinate, to t$e eFtent pra!"@ ti!ale, )ederal re#ear!$ and develop%ent a!tivitie# under1 t$i# #e!tion &it$ ot$er ongoing re#ear!$ and develop%ent11 #e!urity"related initiative#, in!luding re#ear!$ eing !on"1/ du!ted y813 41 t$e National S!ien!e )oundation610 4/ t$e National In#titute of Standard# and15Te!$nology61; 43 t$e +epart%ent of Ho%eland Se!urity61< 40 ot$er )ederal agen!ie#61? 45 ot$er )ederal and private re#ear!$ laora"1@ torie#, re#ear!$ entitie#, and univer#itie#6/ 4; in#titution# of $ig$er edu!ation6/1 4er+ate 2ar 15 /1


12/25

/1=? ul /;, /13't /@/AO )r% 13)%t ;;5/Sf%t ;/1

E=B7I--SBS1353.ISS1353101 Se!tion 04a41 of t$e Cyer Se!urity Re#ear!$ and +evel"/ op%ent (!t 415 *.S.C. er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 10)%t ;;5/Sf%t ;/1


13/25

E=B7I--SBS1353.ISS1353151 994i addre##e# t$e uilding of #e!ure/ #y#te%# fro% tru#ted and untru#ted !o%"3 ponent#60 994ii

5 vulnerailitie#6proa!tivelyredu!e#; 994iii addre##e# in#ider t$reat#6 and< 994iv #upport# priva!y in !onun!tion? &it$ i%proved #e!urity6@ 9942 %onitoring and dete!tion61994N %itigation and rapid re!overy %et$"11od#61/994O #e!urity of &irele## net&or'# and %o"13ile devi!e#6 and10994A #e!urity of !loud infra#tru!ture and15 #ervi!e#.::.1; 4f R ESE(RCH1er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 1?)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS13531@1 S!ien!e )oundation, and Se!retary of Ho%eland Se"/ !urity deter%ine appropriate.3 4!0( ))I-I(TION2ENTS .8Co%petition#(N+C OOAER(TI>E( GREE "and !$allenge# under t$i# #e!tion5 %ay e !arried out t$roug$ affiliation and !ooperative; agree%ent# &it$8< 41 )ederal agen!ie#6? 4/ regional, State, or #!$ool progra%# #up"@porting t$e develop%ent of !yer profe##ional#61 43 State, lo!al, and trial govern%ent#6 or11 40 ot$er private #e!tor organiation#.1/4d ( RE(SO)S I-- .8Co%petition# and !$allenge#13 under #u#e!tion 4a414( #$all e de#igned to identify,10 develop, and re!ruit eF!eptional talent relating to815 41 et$i!al $a!'ing61; 4/ penetration te#ting61< 43 vulneraility a##e##%ent61? 40 !ontinuity of #y#te% operation#6


17/25

1@ 45 #e!urity in de#ign6/ 4; !yer foren#i!#6/1 4er+ate 2ar 15 /1/1=? ul /;, /13't /@/AO )r% 1@)%t ;;5/Sf%t ;/1E=B7I--SBS1353.ISS1353/1 retary of Ho%eland Se!urity !on#ider ne!e##ary to/ fulfill t$e !yer#e!urity %i##ion.3 4e T OAICS .8In #ele!ting topi!# for !o%petition# and0 !$allenge# under #u#e!tion 4a41, t$e Se!retary of Co%"5 %er!e, +ire!tor of t$e National S!ien!e )oundation, and; Se!retary of Ho%eland Se!urity8

Cybersecurity Act of 2013

Documents