Download:
pdf |
pdf6 U.S.C. § 659
Section 659 - National cybersecurity and communications integration center
(a) Definitions
In this section(1) the term "cybersecurity risk"(A) means threats to and vulnerabilities of information or information systems and any
related consequences caused by or resulting from unauthorized access, use, disclosure,
degradation, disruption, modification, or destruction of such information or information
systems, including such related consequences caused by an act of terrorism; and
(B) does not include any action that solely involves a violation of a consumer term of
service or a consumer licensing agreement;
(2) the terms "cyber threat indicator" and "defensive measure" have the meanings given
those terms in section 102 of the Cybersecurity Act of 2015 [ 6 U.S.C. 1501 ];
(3) the term "incident" means an occurrence that actually or imminently jeopardizes,
without lawful authority, the integrity, confidentiality, or availability of information on an
information system, or actually or imminently jeopardizes, without lawful authority, an
information system;
(4) the term "information sharing and analysis organization" has the meaning given that
term in section 671(5) of this title;
(5) the term "information system" has the meaning given that term in section 3502(8) of
title 44; and
(6) the term "sharing" (including all conjugations thereof) means providing, receiving, and
disseminating (including all conjugations of each of such terms).
(b) Center
There is in the Department a national cybersecurity and communications integration center
(referred to in this section as the "Center") to carry out certain responsibilities of the
Director. The Center shall be located in the Cybersecurity and Infrastructure Security
Agency. The head of the Center shall report to the Assistant Director for Cybersecurity.
(c) Functions
The cybersecurity functions of the Center shall include(1) being a Federal civilian interface for the multi-directional and cross-sector sharing of
information related to cyber threat indicators, defensive measures, cybersecurity risks,
incidents, analysis, and warnings for Federal and non-Federal entities, including the
implementation of title I of the Cybersecurity Act of 2015 [ 6 U.S.C. 1501 et seq.];
1
�Section 659 ...
6 U.S.C. § 659
(2) providing shared situational awareness to enable real-time, integrated, and operational
actions across the Federal Government and non-Federal entities to address cybersecurity
risks and incidents to Federal and non-Federal entities;
(3) coordinating the sharing of information related to cyber threat indicators, defensive
measures, cybersecurity risks, and incidents across the Federal Government;
(4) facilitating cross-sector coordination to address cybersecurity risks and incidents,
including cybersecurity risks and incidents that may be related or could have
consequential impacts across multiple sectors;
(5)
(A) conducting integration and analysis, including cross-sector integration and analysis,
of cyber threat indicators, defensive measures, cybersecurity risks, and incidents; and
(B) sharing the analysis conducted under subparagraph (A) with Federal and nonFederal entities;
(6) upon request, providing timely technical assistance, risk management support, and
incident response capabilities to Federal and non-Federal entities with respect to cyber
threat indicators, defensive measures, cybersecurity risks, and incidents, which may
include attribution, mitigation, and remediation;
(7) providing information and recommendations on security and resilience measures to
Federal and non-Federal entities, including information and recommendations to(A) facilitate information security;
(B) strengthen information systems against cybersecurity risks and incidents; and
(C) sharing 1 cyber threat indicators and defensive measures;
(8) engaging with international partners, in consultation with other appropriate agencies,
to(A) collaborate on cyber threat indicators, defensive measures, and information related
to cybersecurity risks and incidents; and
(B) enhance the security and resilience of global cybersecurity;
(9) sharing cyber threat indicators, defensive measures, and other information related to
cybersecurity risks and incidents with Federal and non-Federal entities, including across
sectors of critical infrastructure and with State and major urban area fusion centers, as
appropriate;
(10) participating, as appropriate, in national exercises run by the Department; and
(11) in coordination with the Emergency Communications Division of the Department,
assessing and evaluating consequence, vulnerability, and threat information regarding
cyber incidents to public safety communications to help facilitate continuous
improvements to the security and resiliency of such communications.
2
�Section 659 ...
6 U.S.C. § 659
(d) Composition
(1) In general
The Center shall be composed of(A) appropriate representatives of Federal entities, such as(i) sector-specific agencies;
(ii) civilian and law enforcement agencies; and
(iii) elements of the intelligence community, as that term is defined under section
3003(4) of title 50;
(B) appropriate representatives of non-Federal entities, such as(i) State, local, and tribal governments;
(ii) information sharing and analysis organizations, including information sharing and
analysis centers;
(iii) owners and operators of critical information systems; and
(iv) private entities, including cybersecurity specialists;
(C) components within the Center that carry out cybersecurity and communications
activities;
(D) a designated Federal official for operational coordination with and across each
sector;
(E) an entity that collaborates with State and local governments on cybersecurity risks
and incidents, and has entered into a voluntary information sharing relationship with the
Center; and
(F) other appropriate representatives or entities, as determined by the Secretary.
(2) Incidents
In the event of an incident, during exigent circumstances the Secretary may grant a
Federal or non-Federal entity immediate temporary access to the Center.
(e) Principles
In carrying out the functions under subsection (c), the Center shall ensure(1) to the extent practicable, that(A) timely, actionable, and relevant cyber threat indicators, defensive measures, and
information related to cybersecurity risks, incidents, and analysis is shared;
(B) when appropriate, cyber threat indicators, defensive measures, and information
related to cybersecurity risks, incidents, and analysis is integrated with other relevant
information and tailored to the specific characteristics of a sector;
(C) activities are prioritized and conducted based on the level of risk;
3
�Section 659 ...
6 U.S.C. § 659
(D) industry sector-specific, academic, and national laboratory expertise is sought and
receives appropriate consideration;
(E) continuous, collaborative, and inclusive coordination occurs(i) across sectors; and
(ii) with(I) sector coordinating councils;
(II) information sharing and analysis organizations; and
(III) other appropriate non-Federal partners;
(F) as appropriate, the Center works to develop and use mechanisms for sharing
information related to cyber threat indicators, defensive measures, cybersecurity risks,
and incidents that are technology-neutral, interoperable, real-time, cost-effective, and
resilient;
(G) the Center works with other agencies to reduce unnecessarily duplicative sharing of
information related to cyber threat indicators, defensive measures, cybersecurity risks,
and incidents; and; 2
(H) the Center designates an agency contact for non-Federal entities;
(2) that information related to cyber threat indicators, defensive measures, cybersecurity
risks, and incidents is appropriately safeguarded against unauthorized access or
disclosure; and
(3) that activities conducted by the Center comply with all policies, regulations, and laws
that protect the privacy and civil liberties of United States persons, including by working
with the Privacy Officer appointed under section 142 of this title to ensure that the Center
follows the policies and procedures specified in subsections (b) and (d)(5)(C) of section
105 of the Cybersecurity Act of 2015 [ 6 U.S.C. 1504 ].
(f) Cyber hunt and incident response teams
(1) In general
The Center shall maintain cyber hunt and incident response teams for the purpose of
leading Federal asset response activities and providing timely technical assistance to
Federal and non-Federal entities, including across all critical infrastructure sectors,
regarding actual or potential security incidents, as appropriate and upon request,
including(A) assistance to asset owners and operators in restoring services following a cyber
incident;
(B) identification and analysis of cybersecurity risk and unauthorized cyber activity;
(C) mitigation strategies to prevent, deter, and protect against cybersecurity risks;
4
�Section 659 ...
6 U.S.C. § 659
(D) recommendations to asset owners and operators for improving overall network and
control systems security to lower cybersecurity risks, and other recommendations, as
appropriate; and
(E) such other capabilities as the Secretary determines appropriate.
(2) Associated metrics
The Center shall(A) define the goals and desired outcomes for each cyber hunt and incident response
team; and
(B) develop metrics(i) to measure the effectiveness and efficiency of each cyber hunt and incident
response team in achieving the goals and desired outcomes defined under
subparagraph (A); and
(ii) that(I) are quantifiable and actionable; and
(II) the Center shall use to improve the effectiveness and accountability of, and
service delivery by, cyber hunt and incident response teams.
(3) Cybersecurity specialists
After notice to, and with the approval of, the entity requesting action by or technical
assistance from the Center, the Secretary may include cybersecurity specialists from the
private sector on a cyber hunt and incident response team.
(g) No right or benefit
(1) In general
The provision of assistance or information to, and inclusion in the Center, or any team or
activity of the Center, of, governmental or private entities under this section shall be at the
sole and unreviewable discretion of the Director.
(2) Certain assistance or information
The provision of certain assistance or information to, or inclusion in the Center, or any
team or activity of the Center, of, one governmental or private entity pursuant to this
section shall not create a right or benefit, substantive or procedural, to similar assistance
or information for any other governmental or private entity.
(h) Automated information sharing
(1) In general
The Director, in coordination with industry and other stakeholders, shall develop
capabilities making use of existing information technology industry standards and best
practices, as appropriate, that support and rapidly advance the development, adoption, and
implementation of automated mechanisms for the sharing of cyber threat indicators and
defensive measures in accordance with title I of the Cybersecurity Act of 2015 [ 6 U.S.C.
1501 et seq.].
5
�Section 659 ...
6 U.S.C. § 659
(2) Annual report
The Director shall submit to the Committee on Homeland Security and Governmental
Affairs of the Senate and the Committee on Homeland Security of the House of
Representatives an annual report on the status and progress of the development of the
capabilities described in paragraph (1). Such reports shall be required until such
capabilities are fully implemented.
(i) Voluntary information sharing procedures
(1) Procedures
(A) In general
The Center may enter into a voluntary information sharing relationship with any
consenting non-Federal entity for the sharing of cyber threat indicators and defensive
measures for cybersecurity purposes in accordance with this section. Nothing in this
subsection may be construed to require any non-Federal entity to enter into any such
information sharing relationship with the Center or any other entity. The Center may
terminate a voluntary information sharing relationship under this subsection, at the sole
and unreviewable discretion of the Secretary, acting through the Director, for any
reason, including if the Center determines that the non-Federal entity with which the
Center has entered into such a relationship has violated the terms of this subsection.
(B) National security
The Secretary may decline to enter into a voluntary information sharing relationship
under this subsection, at the sole and unreviewable discretion of the Secretary, acting
through the Director, for any reason, including if the Secretary determines that such is
appropriate for national security.
(2) Voluntary information sharing relationships
A voluntary information sharing relationship under this subsection may be characterized
as an agreement described in this paragraph.
(A) Standard agreement
For the use of a non-Federal entity, the Center shall make available a standard
agreement, consistent with this section, on the Department's website.
(B) Negotiated agreement
At the request of a non-Federal entity, and if determined appropriate by the Center, at
the sole and unreviewable discretion of the Secretary, acting through the Director, the
Department shall negotiate a non-standard agreement, consistent with this section.
(C) Existing agreements
An agreement between the Center and a non-Federal entity that is entered into before
December 18, 2015, or such an agreement that is in effect before such date, shall be
deemed in compliance with the requirements of this subsection, notwithstanding any
other provision or requirement of this subsection. An agreement under this subsection
shall include the relevant privacy protections as in effect under the Cooperative
Research and Development Agreement for Cybersecurity Information Sharing and
6
�Section 659 ...
6 U.S.C. § 659
Collaboration, as of December 31, 2014. Nothing in this subsection may be construed to
require a non-Federal entity to enter into either a standard or negotiated agreement to be
in compliance with this subsection.
(j) Direct reporting
The Secretary shall develop policies and procedures for direct reporting to the Secretary by
the Director of the Center regarding significant cybersecurity risks and incidents.
(k) Reports on international cooperation
Not later than 180 days after December 18, 2015, and periodically thereafter, the Secretary
of Homeland Security shall submit to the Committee on Homeland Security and
Governmental Affairs of the Senate and the Committee on Homeland Security of the House
of Representatives a report on the range of efforts underway to bolster cybersecurity
collaboration with relevant international partners in accordance with subsection (c)(8).
(l) Outreach
Not later than 60 days after December 18, 2015, the Secretary, acting through the Director,
shall(1) disseminate to the public information about how to voluntarily share cyber threat
indicators and defensive measures with the Center; and
(2) enhance outreach to critical infrastructure owners and operators for purposes of such
sharing.
(m) Cybersecurity outreach
(1) In general
The Secretary may leverage small business development centers to provide assistance to
small business concerns by disseminating information on cyber threat indicators, defense
measures, cybersecurity risks, incidents, analyses, and warnings to help small business
concerns in developing or enhancing cybersecurity infrastructure, awareness of cyber
threat indicators, and cyber training programs for employees.
(2) Definitions
For purposes of this subsection, the terms "small business concern" and "small business
development center" have the meaning given such terms, respectively, under section 632
of title 15.
(n) Coordinated vulnerability disclosure
The Secretary, in coordination with industry and other stakeholders, may develop and
adhere to Department policies and procedures for coordinating vulnerability disclosures.
1
So in original. Probably should be "share".
2
So in original. The semicolon probably should not appear.
6 U.S.C. § 659
Pub. L. 107-296, title XXII, §2209, formerly title II, §227, formerly §226, as added Pub. L.
113-282, §3(a), Dec. 18, 2014, 128 Stat. 3066; renumbered §227 and amended Pub. L. 1147
�Section 659 ...
6 U.S.C. § 659
113, div. N, title II, §§203, Dec. 18, 2015, 223, Dec. 18, 2015, 129 Stat. 2957, 2963; Pub. L.
114-328, div. A, title XVIII, §1841(b), Dec. 23, 2016, 130 Stat. 2663; renumbered title
XXII, §2209, and amended Pub. L. 115-278, §2(g)(2)(I), (9) (A)(iii), Nov. 16, 2018, 132
Stat. 4178, 4180; Pub. L. 116-94, div. L, §102(a), Dec. 20, 2019, 133 Stat. 3089.
REFERENCES IN TEXTTitle I of the Cybersecurity Act of 2015, referred to in subsecs. (c)(1) and (h)(1), is title
I of Pub. L. 114-113, 129 Stat. 2936, also known as the Cybersecurity Information Sharing Act of 2015, which is
classified generally to subchapter I of chapter 6 of this title. For complete classification of title I to the Code, see
Short Title note set out under section 1501 of this title and Tables.
CODIFICATIONSection was formerly classified to section 148 of this title prior to renumbering by Pub. L. 115278.
AMENDMENTS2019-Subsec. (d)(1)(B)(iv). Pub. L. 116-94, §102(a)(1), inserted ", including cybersecurity
specialists" after "entities".Subsec. (f). Pub. L. 116-94, §102(a)(3), added subsec. (f). Former subsec. (f)
redesignated (g).Subsec. (g). Pub. L. 116-94, §102(a)(2), redesignated subsec. (f) as (g). Former subsec. (g)
redesignated (h).Subsec. (g)(1), (2). Pub. L. 116-94, §102(a)(4), inserted ", or any team or activity of the Center,"
after "Center".Subsecs. (h) to (n). Pub. L. 116-94, §102(a)(2), redesignated subsecs. (g) to (m) as (h) to (n),
respectively.2018- Pub. L. 115-278, §2(g)(9)(A)(iii)(I), substituted "Director" for "Under Secretary appointed
under section 113(a)(1)(H) of this title" wherever appearing.Subsec. (a)(4). Pub. L. 115-278, §2(g)(9)(A)(iii)(II),
substituted "section 671(5) of this title" for "section 131(5) of this title".Subsec. (b). Pub. L. 115-278, §2(g)(9)(A)
(iii)(III), inserted at end "The Center shall be located in the Cybersecurity and Infrastructure Security Agency.
The head of the Center shall report to the Assistant Director for Cybersecurity."Subsec. (c)(11). Pub. L. 115-278,
§2(g)(9)(A)(iii)(IV), substituted "Emergency Communications Division" for "Office of Emergency
Communications".2016-Subsecs. (l), (m). Pub. L. 114-328 added subsec. (l) and redesignated former subsec. (l)
as (m).2015-Subsec. (a)(1) to (5). Pub. L. 114-113, §203(1)(A), (B), added pars. (1) to (3), redesignated former
pars. (3) and (4) as (4) and (5), respectively, and struck out former pars. (1) and (2), which defined "cybersecurity
risk" and "incident", respectively.Subsec. (a)(6). Pub. L. 114-113, §203(1)(C)-(E), added par. (6).Subsec. (c)(1).
Pub. L. 114-113, §203(2)(A), inserted "cyber threat indicators, defensive measures," before "cybersecurity risks"
and ", including the implementation of title I of the Cybersecurity Act of 2015" before semicolon at end.Subsec.
(c)(3). Pub. L. 114-113, §203(2)(B), substituted "cyber threat indicators, defensive measures, cybersecurity risks,"
for "cybersecurity risks".Subsec. (c)(5)(A). Pub. L. 114-113, §203(2)(C), substituted "cyber threat indicators,
defensive measures, cybersecurity risks," for "cybersecurity risks".Subsec. (c)(6). Pub. L. 114-113, §203(2)(D),
substituted "cyber threat indicators, defensive measures, cybersecurity risks," for "cybersecurity risks" and struck
out "and" at end.Subsec. (c)(7)(C). Pub. L. 114-113, §203(2)(E), added subpar. (C).Subsec. (c)(8) to (11). Pub. L.
114-113, §203(2)(F), added pars. (8) to (11).Subsec. (d)(1)(B)(i). Pub. L. 114-113, §203(3)(A)(i), substituted ",
local, and tribal" for "and local".Subsec. (d)(1)(B)(ii). Pub. L. 114-113, §203(3)(A)(ii), substituted ", including
information sharing and analysis centers;" for "; and".Subsec. (d)(1)(B)(iv). Pub. L. 114-113, §203(3)(A)(iii), (iv),
added cl. (iv).Subsec. (d)(1)(E), (F). Pub. L. 114-113, §203(3)(B)-(D), added subpar. (E) and redesignated former
subpar. (E) as (F).Subsec. (e)(1)(A). Pub. L. 114-113, §203(4)(A)(i), inserted "cyber threat indicators, defensive
measures, and" before "information".Subsec. (e)(1)(B). Pub. L. 114-113, §203(4)(A)(ii), inserted "cyber threat
indicators, defensive measures, and" before "information related".Subsec. (e)(1)(F). Pub. L. 114-113, §203(4)(A)
(iii), substituted "cyber threat indicators, defensive measures, cybersecurity risks," for "cybersecurity risks" and
struck out "and" at end.Subsec. (e)(1)(G). Pub. L. 114-113, §203(4)(A)(iv), substituted "cyber threat indicators,
defensive measures, cybersecurity risks, and incidents; and" for "cybersecurity risks and incidents".Subsec. (e)(1)
(H). Pub. L. 114-113, §203(4)(A)(v), added subpar. (H).Subsec. (e)(2). Pub. L. 114-113, §203(4)(B), substituted
"cyber threat indicators, defensive measures, cybersecurity risks," for "cybersecurity risks" and inserted "or
8
�Section 659 ...
6 U.S.C. § 659
disclosure" after "access".Subsec. (e)(3). Pub. L. 114-113, §203(4)(C), inserted ", including by working with the
Privacy Officer appointed under section 142 of this title to ensure that the Center follows the policies and
procedures specified in subsections (b) and (d)(5)(C) of section 105 of the Cybersecurity Act of 2015" before
period at end.Subsecs. (g) to (l). Pub. L. 114-113, §203(5), added subsecs. (g) to (l).
RULES OF CONSTRUCTION Pub. L. 113-282, §8, Dec. 18, 2014, 128 Stat. 3072, provided that:"(a)
PROHIBITION ON NEW REGULATORY AUTHORITY.-Nothing in this Act [see section 1 of Pub. L. 113-282 set
out as a Short Title of 2014 Amendment note under section 101 of this title] or the amendments made by this Act
shall be construed to grant the Secretary [of Homeland Security] any authority to promulgate regulations or set
standards relating to the cybersecurity of private sector critical infrastructure that was not in effect on the day
before the date of enactment of this Act [Dec. 18, 2014]."(b) PRIVATE ENTITIES.-Nothing in this Act or the
amendments made by this Act shall be construed to require any private entity-"(1) to request assistance from the
Secretary; or"(2) that requested such assistance from the Secretary to implement any measure or recommendation
suggested by the Secretary."
DEFINITIONS Pub. L. 113-282, §2, Dec. 18, 2014, 128 Stat. 3066, provided that: "In this Act [see section 1 of
Pub. L. 113-282 set out as a Short Title of 2014 Amendment note under section 101 of this title]-"(1) the term
'Center' means the national cybersecurity and communications integration center under section 226 [renumbered
227 by section 223(a)(3) of Pub. L. 114-113 and renumbered 2209 by section 2(g)(2)(I) of Pub. L. 115-278] of the
Homeland Security Act of 2002 [ 6 U.S.C. 659 ], as added by section 3;"(2) the term 'critical infrastructure' has
the meaning given that term in section 2 of the Homeland Security Act of 2002 ( 6 U.S.C. 101 );"(3) the term
'cybersecurity risk' has the meaning given that term in section 226 [2209] of the Homeland Security Act of 2002,
as added by section 3;"(4) the term 'information sharing and analysis organization' has the meaning given that
term in section 212(5) [renumbered 2222(5) by section 2(g)(2)(H) of Pub. L. 115-278] of the Homeland Security
Act of 2002 ([former] 6 U.S.C. 131(5) ) [now 6 U.S.C. 671(5) ];"(5) the term 'information system' has the
meaning given that term in section 3502(8) of title 44, United States Code; and"(6) the term 'Secretary' means the
Secretary of Homeland Security."
9
�
| File Type | application/pdf |
| File Modified | 2020-10-29 |
| File Created | 2020-10-29 |