Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
BAG15121
114TH CONGRESS
1ST SESSION
S.L.C.
S. ll
Mr. BURR
A BILL
To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity
threats, and for other purposes.
1
(b) TABLE
OF
1.
2.
3.
4.
Discussion Draft
BAG15121
S.L.C.
2
Sec. 5. Sharing of cyber threat indicators and countermeasures with the Federal Government.
Sec. 6. Protection from liability.
Sec. 7. Oversight of Government activities.
Sec. 8. Construction and preemption.
Sec. 9. Report on cybersecurity threats.
Sec. 10. Conforming amendments.
SEC. 2. DEFINITIONS.
In this Act:
6
7
(2) ANTITRUST
term antitrust
laws
8
9
LAWS.The
(A) has the meaning given the term in section 1 of the Clayton Act (15 U.S.C. 12);
10
11
12
13
14
15
16
17
(3) APPROPRIATE
FEDERAL
ENTITIES.The
18
19
lowing:
20
21
22
Discussion Draft
BAG15121
S.L.C.
3
1
2
Intelligence.
10
11
12
13
14
(5) CYBERSECURITY
PURPOSE.The
term cy-
15
16
17
18
19
nerability.
20
21
(6) CYBERSECURITY
(A) IN
THREAT.
GENERAL.Except
as provided in
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
4
1
tem.
7
8
10
11
12
13
14
THREAT
INDICATOR.The
term
15
16
17
18
19
20
21
22
23
BAG15121
Discussion Draft
S.L.C.
5
1
10
11
12
13
14
bersecurity threat;
15
16
17
18
19
20
GENERAL.Except
as otherwise
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
6
1
States.
10
11
12
(9) FEDERAL
ENTITY.The
13
14
15
agency.
16
17
(10) INFORMATION
SYSTEM.The
term infor-
mation system
18
19
20
21
22
23
24
(11) LOCAL
25
GOVERNMENT.The
term local
Discussion Draft
BAG15121
S.L.C.
7
1
division of a State.
(12) MALICIOUS
TROL.The
(13) MALICIOUS
RECONNAISSANCE.The
term
10
11
12
13
14
15
bersecurity threat.
16
17
18
19
formation system.
20
21
(15) PRIVATE
(A) IN
ENTITY.
GENERAL.Except
as otherwise
22
23
24
25
BAG15121
Discussion Draft
S.L.C.
8
1
or agent thereof.
10
(16) SECURITY
CONTROL.The
term security
11
12
13
14
or its information.
15
(17) SECURITY
VULNERABILITY.The
term
16
17
18
19
20
21
22
Discussion Draft
BAG15121
S.L.C.
9
1
2
3
ERNMENT.
4 intelligence sources and methods and the protection of pri5 vacy and civil liberties, the Director of National Intel6 ligence, the Secretary of Homeland Security, the Secretary
7 of Defense, and the Attorney General, in consultation with
8 the heads of the appropriate Federal entities, shall develop
9 and promulgate procedures to facilitate and promote
10
11
12
13
ties;
14
15
16
17
18
19
20
21
22
23
24
(1) IN
GENERAL.The
procedures developed
25
26
BAG15121
Discussion Draft
S.L.C.
10
1
10
11
12
13
14
15
travention.
16
17
18
19
20
21
22
23
24
Discussion Draft
BAG15121
S.L.C.
11
1
(c) SUBMITTAL
TO
4 days after the date of the enactment of this Act, the Direc5 tor of National Intelligence, in consultation with the heads
6 of the appropriate Federal entities, shall submit to Con7 gress the procedures required by subsection (a).
8
10
11
12
RITY THREATS.
GENERAL.Notwithstanding
any other
13
14
15
16
17
18
19
20
21
22
23
24
25
graph.
Discussion Draft
BAG15121
S.L.C.
12
1
2
7
8
9
10
FOR
OPERATION
OF
COUNTER-
MEASURES.
(1) IN
GENERAL.Except
as provided in para-
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
13
1
longing to
7
8
10
11
12
13
14
15
16
17
section; or
18
19
FOR
(1) IN
SHARING
OR
OR
RECEIVING
COUNTERMEASURES.
GENERAL.Except
as provided in para-
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
14
1
(2) LAWFUL
RESTRICTION.An
entity receiving
9
10
11
12
13
14
15
16
(1) SECURITY
OF INFORMATION.An
entity
17
18
19
20
21
22
23
(2) REMOVAL
24
TION.An
25
Discussion Draft
BAG15121
S.L.C.
15
1
such information; or
10
11
12
13
14
(3) USE
15
16
COUNTERMEASURES BY ENTITIES.
(A) IN
GENERAL.Consistent
with this
17
18
19
cybersecurity purposes
20
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
16
1
cator or countermeasure; or
10
11
vision of law.
(B)
CONSTRUCTION.Nothing
in
this
12
13
14
15
(4) USE
16
17
18
(A) LAW
ENFORCEMENT USE.
(i) PRIOR
WRITTEN CONSENT.Ex-
19
20
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
17
1
in section 5(d)(5)(A)(vi).
(ii) ORAL
CONSENT.If
exigent cir-
(B) EXEMPTION
FROM DISCLOSURE.A
10
11
be
12
13
14
15
16
17
(C) STATE,
18
LATORY AUTHORITY.
19
20
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
18
1
8
9
GENERAL.Except
as provided in sec-
10
11
12
13
14
15
16
17
18
19
20
21
22
23
mation system; or
24
25
Discussion Draft
BAG15121
S.L.C.
19
1
mation system.
(f) NO RIGHT
OR
10
COUNTERMEASURES
11
GOVERNMENT.
12
13
14
(a) REQUIREMENT
FOR
WITH
POLICIES
THE
AND
FEDERAL
PROCE-
DURES.
(1) INTERIM
15
16
17
18
19
20
21
eral Government.
22
(2) FINAL
23
24
25
Discussion Draft
BAG15121
S.L.C.
20
1
(3) REQUIREMENTS
PROCEDURES.Consistent
section shall
10
11
12
13
(c)
14
15
16
entities;
17
18
19
20
21
22
entities;
23
24
BAG15121
Discussion Draft
S.L.C.
21
1
10
entities;
11
12
13
14
15
16
17
18
19
20
21
22
23
24
BAG15121
Discussion Draft
S.L.C.
22
1
ized manner.
6
7
OF ATTORNEY GENERAL.The
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
BAG15121
Discussion Draft
S.L.C.
23
1
Act; and
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
cator; and
Discussion Draft
BAG15121
S.L.C.
24
1
Act.
8
9
10
HOMELAND SECURITY.
(1) IN
GENERAL.Not
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Discussion Draft
BAG15121
S.L.C.
25
1
10
11
12
13
and
14
15
16
17
ment;
18
19
20
21
22
Security;
23
24
25
and
Discussion Draft
BAG15121
S.L.C.
26
1
10
11
12
13
14
15
16
Act; and
17
18
19
tion.
20
(3) PUBLIC
Sec-
21
22
23
24
(1) so that
BAG15121
Discussion Draft
S.L.C.
27
1
land Security.
(4) OTHER
FEDERAL ENTITIES.The
process
10
11
12
13
14
15
(5) REPORT
16
17
MENTATION.
(A) IN
GENERAL.Not
18
19
20
21
22
23
24
Discussion Draft
BAG15121
S.L.C.
28
1
(B) CLASSIFIED
ANNEX.The
report re-
fied annex.
5
6
7
OR
PROVIDED
TO
FEDERAL GOVERNMENT.
(1) NO
TION.The
10
11
12
13
(2)
PROPRIETARY
INFORMATION.A
cyber
14
15
16
17
18
19
(3) EXEMPTION
FROM
DISCLOSURE.Cyber
20
21
22
23
24
Discussion Draft
BAG15121
S.L.C.
29
1
formation or records.
(4) EX
PARTE COMMUNICATIONS.The
provi-
10
11
12
13
14
15
(5) DISCLOSURE,
(A)
AUTHORIZED
ACTIVITIES.Cyber
16
17
18
19
20
21
22
23
24
25
BAG15121
Discussion Draft
S.L.C.
30
1
vulnerability;
harm;
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Discussion Draft
BAG15121
S.L.C.
31
1
identity theft);
and
(B)
PROHIBITED
ACTIVITIES.Cyber
10
11
12
13
14
15
(C) PRIVACY
AND
CIVIL
LIBERTIES.
16
17
18
19
20
21
22
23
24
25
BAG15121
Discussion Draft
S.L.C.
32
1
sons; and
(D) FEDERAL
(i) IN
REGULATORY AUTHORITY.
GENERAL.Except
as provided
10
11
12
13
14
15
16
17
18
19
(ii) EXCEPTIONS.
(I)
REGULATORY
AUTHORITY
20
21
22
RITY THREATS.Cyber
23
24
25
threat indica-
Discussion Draft
BAG15121
S.L.C.
33
1
(II) PROCEDURES
AND
ACT.Clause
IMPLEMENTED
UNDER
THIS
10
procedures
11
12
DEVELOPED
developed
and
imple-
13
(a) MONITORING
OF
INFORMATION SYSTEMS.No
(b) SHARING
CATORS.No
OR
RECEIPT
OF
Discussion Draft
BAG15121
S.L.C.
34
1
2
(1) such sharing or receipt is conducted in accordance with this Act; and
10
11
12
13
14
15 construed
16
17
18
19
20
21
22
23
24
25
GENERAL.Not
Discussion Draft
BAG15121
S.L.C.
35
1
5
6
10
11
12
13
14
15
16
sharing.
17
18
19
20
21
22
23
available.
24
25
Discussion Draft
BAG15121
S.L.C.
36
1
10
11
12
13
14
15
16
17
impact.
18
19
20
21
22
23
24
tion 5.
Discussion Draft
BAG15121
S.L.C.
37
1
Federal Government.
threat indicators.
10
11
12
13
14
15
(4) FORM
OF REPORT.Each
report required
16
17
18
(b) REPORTS
19
ON
PRIVACY
(1) BIENNIAL
AND
REPORT
CIVIL LIBERTIES.
FROM
PRIVACY
AND
BOARD.Not
later
20
CIVIL
21
22
23
24
25
report providing
LIBERTIES
OVERSIGHT
Discussion Draft
BAG15121
S.L.C.
38
1
(2) BIENNIAL
9
10
ERAL.
(A) IN
GENERAL.Not
11
12
13
14
15
16
17
18
19
20
21
22
23
Discussion Draft
BAG15121
S.L.C.
39
1
lowing:
ties.
10
11
12
13
14
15
sharing information.
16
17
18
19
20
21
22
23
24
BAG15121
Discussion Draft
S.L.C.
40
1
4
5
12 this Act shall be construed to prohibit or limit the disclo13 sure of information protected under section 2302(b)(8) of
14 title 5, United States Code (governing disclosures of ille15 gality, waste, fraud, abuse, or public health or safety
16 threats), section 7211 of title 5, United States Code (gov17 erning disclosures to Congress), section 1034 of title 10,
18 United States Code (governing disclosure to Congress by
19 members of the military), section 1104 of the National
20 Security Act of 1947 (50 U.S.C. 3234) (governing disclo21 sure by employees of elements of the intelligence commu22 nity), or any similar provision of Federal or State law.
23
(c) PROTECTION
OF
SOURCES
AND
METHODS.
Discussion Draft
BAG15121
S.L.C.
41
1
7
8
10
11
12
States.
13
(d) RELATIONSHIP
TO
OTHER LAWS.Nothing in
18 shall be construed to permit price-fixing, allocating a mar19 ket between competitors, monopolizing or attempting to
20 monopolize a market, boycotting, or exchanges of price or
21 cost information, customer lists, or information regarding
22 future competitive planning.
23
Discussion Draft
BAG15121
S.L.C.
42
1
sharing relationship;
tionship;
ment; or
10
11
(g) PRESERVATION
12
AND
OF
CONTRACTUAL OBLIGATIONS
13
14
15
16
17
tity; or
18
19
20
Discussion Draft
BAG15121
S.L.C.
43
1
or
(i) NO LIABILITY
FOR
NON-PARTICIPATION.Noth-
(j) USE
AND
RETENTION
OF
INFORMATION.Noth-
13 ing in this Act shall be construed to authorize, or to mod14 ify any existing authority of, a department or agency of
15 the Federal Government to retain or use any information
16 shared under this Act for any use other than permitted
17 in this Act.
18
19
(1) IN
GENERAL.This
20
21
22
23
Act.
24
25
(2) STATE
LAW ENFORCEMENT.Nothing
in
Discussion Draft
BAG15121
S.L.C.
44
1
5 shall be construed
6
7
(1) to authorize the promulgation of any regulations not specifically authorized by this Act;
10
Act; or
11
12
13
14
15
(m) AUTHORITY
16 RESPOND
TO
OF
SECRETARY
OF
DEFENSE
TO
17 be construed to limit the authority of the Secretary of De18 fense to develop, prepare, coordinate, or, when directed by
19 the President to do so, conduct a military cyber operation
20 in response to a cyber attack carried out against the
21 United States or a United States person by a foreign gov22 ernment or an organization sponsored by a foreign govern23 ment.
Discussion Draft
BAG15121
S.L.C.
45
1
2
14
15
16
17
18
19
20
21
22
23
24
25
26
Discussion Draft
BAG15121
S.L.C.
46
1
10
11
and breaches.
12
13
14
15
16
data breaches.
17
18
19
20
21
(c) FORM
OF
22 section (a) shall be made available in classified and unclas23 sified forms.
24
Discussion Draft
BAG15121
S.L.C.
47
1 ing given that term in section 3 of the National Security
2 Act of 1947 (50 U.S.C. 3003).
3
4
8
9
10
11
12
13
14
15
(b) MODIFICATION
16
TION OF
17
TIONS OF
OF
LIMITATION
ON
DISSEMINA-
BAG15121
Discussion Draft
S.L.C.
48
1 promulgated by the Attorney General under section 5 of
2 the Cybersecurity Information Sharing Act of 2015..