[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[S. 315 Reported in Senate (RS)]
<DOC>
Calendar No. 62
116th CONGRESS
1st Session
S. 315
[Report No. 116-27]
To authorize cyber hunt and incident response teams at the Department
of Homeland Security, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
January 31, 2019
Ms. Hassan (for herself, Mr. Portman, and Mr. Peters) introduced the
following bill; which was read twice and referred to the Committee on
Homeland Security and Governmental Affairs
April 8, 2019
Reported by Mr. Johnson, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To authorize cyber hunt and incident response teams at the Department
of Homeland Security, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``DHS Cyber Hunt and Incident
Response Teams Act of 2019''.</DELETED>
<DELETED>SEC. 2. DEPARTMENT OF HOMELAND SECURITY CYBER HUNT AND
INCIDENT RESPONSE TEAMS.</DELETED>
<DELETED> (a) In General.--Section 2209 of the Homeland Security Act
of 2002 (6 U.S.C. 659) is amended--</DELETED>
<DELETED> (1) in subsection (d)(1)(B)(iv), by inserting ``,
including cybersecurity specialists'' after
``entities'';</DELETED>
<DELETED> (2) by redesignating subsections (f) through (m)
as subsections (g) through (n), respectively;</DELETED>
<DELETED> (3) by inserting after subsection (e) the
following:</DELETED>
<DELETED> ``(f) Cyber Hunt and Incident Response Teams.--</DELETED>
<DELETED> ``(1) In general.--The Center shall maintain cyber
hunt and incident response teams for the purpose of leading
Federal asset response activities and providing timely
technical assistance to Federal and non-Federal entities,
including across all critical infrastructure sectors, regarding
actual or potential security incidents, as appropriate and upon
request, including--</DELETED>
<DELETED> ``(A) assistance to asset owners and
operators in restoring services following a cyber
incident;</DELETED>
<DELETED> ``(B) identification and analysis of
cybersecurity risk and unauthorized cyber
activity;</DELETED>
<DELETED> ``(C) mitigation strategies to prevent,
deter, and protect against cybersecurity
risks;</DELETED>
<DELETED> ``(D) recommendations to asset owners and
operators for improving overall network and control
systems security to lower cybersecurity risks, and
other recommendations, as appropriate; and</DELETED>
<DELETED> ``(E) such other capabilities as the
Secretary determines appropriate.</DELETED>
<DELETED> ``(2) Associated metrics.--The Center shall
continually assess and evaluate the cyber hunt and incident
response teams and the operations of those cyber hunt and
incident response teams using robust metrics.</DELETED>
<DELETED> ``(3) Report.--At the conclusion of each of the
first 4 fiscal years after the date of enactment of the DHS
Cyber Hunt and Incident Response Teams Act of 2019, the Center
shall submit to the Committee on Homeland Security and
Governmental Affairs of the Senate and the Committee on
Homeland Security of the House of Representatives a report that
includes--</DELETED>
<DELETED> ``(A) information relating to the metrics
used for evaluation and assessment of the cyber hunt
and incident response teams and operations under
paragraph (2), including the resources and staffing of
those cyber hunt and incident response teams;
and</DELETED>
<DELETED> ``(B) for the period covered by the
report--</DELETED>
<DELETED> ``(i) the total number of incident
response requests received;</DELETED>
<DELETED> ``(ii) the number of incident
response tickets opened; and</DELETED>
<DELETED> ``(iii) a statement of--</DELETED>
<DELETED> ``(I) all interagency
staffing of cyber hunt and incident
response teams; and</DELETED>
<DELETED> ``(II) the interagency
collaborations established to support
cyber hunt and incident response
teams.</DELETED>
<DELETED> ``(4) Cybersecurity specialists.--After notice to,
and with the approval of, the entity requesting action by or
technical assistance from the Center, the Secretary may include
cybersecurity specialists from the private sector on a cyber
hunt and incident response team.''; and</DELETED>
<DELETED> (4) in subsection (g), as so redesignated--
</DELETED>
<DELETED> (A) in paragraph (1), by inserting ``, or
any team or activity of the Center,'' after ``Center'';
and</DELETED>
<DELETED> (B) in paragraph (2), by inserting ``, or
any team or activity of the Center,'' after
``Center''.</DELETED>
<DELETED> (b) No Additional Funds Authorized.--No additional funds
are authorized to be appropriated to carry out the requirements of this
Act and the amendments made by this Act. Such requirements shall be
carried out using amounts otherwise authorized to be
appropriated.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``DHS Cyber Hunt and Incident Response
Teams Act of 2019''.
SEC. 2. DEPARTMENT OF HOMELAND SECURITY CYBER HUNT AND INCIDENT
RESPONSE TEAMS.
(a) In General.--Section 2209 of the Homeland Security Act of 2002
(6 U.S.C. 659) is amended--
(1) in subsection (d)(1)(B)(iv), by inserting ``, including
cybersecurity specialists'' after ``entities'';
(2) by redesignating subsections (f) through (m) as
subsections (g) through (n), respectively;
(3) by inserting after subsection (e) the following:
``(f) Cyber Hunt and Incident Response Teams.--
``(1) In general.--The Center shall maintain cyber hunt and
incident response teams for the purpose of leading Federal
asset response activities and providing timely technical
assistance to Federal and non-Federal entities, including
across all critical infrastructure sectors, regarding actual or
potential security incidents, as appropriate and upon request,
including--
``(A) assistance to asset owners and operators in
restoring services following a cyber incident;
``(B) identification and analysis of cybersecurity
risk and unauthorized cyber activity;
``(C) mitigation strategies to prevent, deter, and
protect against cybersecurity risks;
``(D) recommendations to asset owners and operators
for improving overall network and control systems
security to lower cybersecurity risks, and other
recommendations, as appropriate; and
``(E) such other capabilities as the Secretary
determines appropriate.
``(2) Associated metrics.--The Center shall--
``(A) define the goals and desired outcomes for
each cyber hunt and incident response team; and
``(B) develop metrics--
``(i) to measure the effectiveness and
efficiency of each cyber hunt and incident
response team in achieving the goals and
desired outcomes defined under subparagraph
(A); and
``(ii) that--
``(I) are quantifiable and
actionable; and
``(II) the Center shall use to
improve the effectiveness and
accountability of, and service delivery
by, cyber hunt and incident response
teams.
``(3) Cybersecurity specialists.--After notice to, and with
the approval of, the entity requesting action by or technical
assistance from the Center, the Secretary may include
cybersecurity specialists from the private sector on a cyber
hunt and incident response team.''; and
(4) in subsection (g), as so redesignated--
(A) in paragraph (1), by inserting ``, or any team
or activity of the Center,'' after ``Center''; and
(B) in paragraph (2), by inserting ``, or any team
or activity of the Center,'' after ``Center''.
(b) Report.--
(1) Definitions.--In this subsection--
(A) the term ``Center'' means the national
cybersecurity and communications integration center
established under section 2209(b) of the Homeland
Security Act of 2002 (6 U.S.C. 659(b));
(B) the term ``cyber hunt and incident response
team'' means a cyber hunt and incident response team
maintained under section 2209(f) of the Homeland
Security Act of 2002 (6 U.S.C. 659(f)), as added by
this Act; and
(C) the term ``incident'' has the meaning given the
term in section 2209(a) of the Homeland Security Act of
2002 (6 U.S.C. 659(a)).
(2) Report.--At the conclusion of each of the first 4
fiscal years after the date of enactment of the DHS Cyber Hunt
and Incident Response Teams Act of 2019, the Center shall
submit to the Committee on Homeland Security and Governmental
Affairs of the Senate and the Committee on Homeland Security of
the House of Representatives a report that includes--
(A) information relating to the metrics used for
evaluation and assessment of the cyber hunt and
incident response teams and operations under section
2209(f)(2) of the Homeland Security Act of 2002 (6
U.S.C. 659(f)(2)), as added by this Act, including the
resources and staffing of those cyber hunt and incident
response teams; and
(B) for the period covered by the report--
(i) the total number of incident response
requests received;
(ii) the number of incident response
tickets opened; and
(iii) a statement of--
(I) all interagency staffing of
cyber hunt and incident response teams;
and
(II) the interagency collaborations
established to support cyber hunt and
incident response teams.
(c) No Additional Funds Authorized.--No additional funds are
authorized to be appropriated to carry out the requirements of this Act
and the amendments made by this Act. Such requirements shall be carried
out using amounts otherwise authorized to be appropriated.
Calendar No. 62
116th CONGRESS
1st Session
S. 315
[Report No. 116-27]
_______________________________________________________________________
A BILL
To authorize cyber hunt and incident response teams at the Department
of Homeland Security, and for other purposes.
_______________________________________________________________________
April 8, 2019
Reported with an amendment
DHS Cyber Hunt and Incident Response Teams Act of 2019
#315 | S Congress #116
Policy Area: Science, Technology, Communications
Last Action: Placed on Senate Legislative Calendar under General Orders. Calendar No. 62. (4/8/2019)
Bill Text Source: Congress.gov
Summary and Impacts
Original Text