US Congress House Bill 3313 (Prior Session Legislation)

---

Sponsorship: Partisan Bill (Republican 2)
Status: Introduced on July 29 2015 - 25% progression, died in committee
Action: 2015-08-11 - Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
Pending: House Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies Committee
Text: Latest bill text (Introduced) [PDF]

Cyber Defense of Federal Networks Act of 2015 Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (OMB), to implement plans to: (1) detect, identify, and remove intruders in federal agencies' information systems; and (2) make advanced network security tools available for agencies to improve visibility of network activity to detect and mitigate intrusions and anomalous activity. Directs DHS to coordinate with the OMB to: (1) update government information security metrics to include measures of intrusion and incident detection and response times, and (2) display additional metrics about agency cybersecurity postures on federal government performance websites. Authorizes DHS, upon an agency's request, to operate and maintain technology that is deployed to agencies to diagnose and mitigate cyber threats and vulnerabilities. Requires DHS to regularly assess and require implementation of best practices for securing agency information systems and preventing data exfiltration. Redefines for purposes of DHS's national cybersecurity and communications integration center: (1) "cybersecurity risk" to exclude actions that solely involve a violation of a consumer term of service or a consumer licensing agreement; and (2) "incident" to include occurrences that actually or imminently jeopardize, without lawful authority, an information system, thereby replacing a standard that currently includes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies. Requires DHS to assist agencies in implementing information security practices by: (1) providing incident detection, analysis, mitigation, and response information, disseminating related homeland security information, and providing remote or onsite technical assistance; (2) developing and conducting impact assessments in consultation with other governmental and private entities; (3) assessing and fostering technologies for use across multiple agencies; and (4) ensuring that policies are coordinated with standards for national security systems and policies of the Department of Defense (DOD) and the Director of National Intelligence. Authorizes the DHS Secretary to: (1) issue a directive to an agency to take any lawful action with respect to the operation of an agency's information system in response to a known or reasonably suspected information security threat, vulnerability, risk, or incident, including an act of terrorism, that represents a substantial threat to information security; or (2) authorize, without prior consultation with the affected agency, the use of protective capabilities under the Secretary's control for communications or system traffic transiting to or from or stored on an agency information system if there is an imminent threat and a directive is unlikely to be timely. Exempts DOD and the intelligence community from such procedures.

Cyber Defense of Federal Networks Act of 2015

Rep. Michael McCaul [R-TX]

Rep. John Ratcliffe [R-TX]

Date	Chamber	Action
2015-08-11	House	Referred to the Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies.
2015-07-29	House	Referred to House Homeland Security
2015-07-29	House	Referred to House Oversight and Government Reform
2015-07-29	House	Referred to the Committee on Oversight and Government Reform, and in addition to the Committee on Homeland Security, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
2015-07-29	House	Introduced in House

SB1828 (Related) 2015-07-22 - Read twice and referred to the Committee on Homeland Security and Governmental Affairs. (Sponsor introductory remarks on measure: CR S5456-5458)
HB3402 (Related) 2015-07-29 - Referred to the House Committee on Oversight and Government Reform.

Type	Source
Summary	https://www.congress.gov/bill/114th-congress/house-bill/3313/all-info
Text	https://www.congress.gov/114/bills/hr3313/BILLS-114hr3313ih.pdf