S.2151 - SECURE IT112th Congress (2011-2012)
Summary: S.2151 — 112th Congress (2011-2012)
Introduced in Senate (03/01/2012)
Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act of 2012 or SECURE IT - Authorizes private entities to employ countermeasures and use cybersecurity systems to obtain, identify, or possess cyber threat information on its own networks or the networks of another entity with such entity's authorization.
Allows private entities, nonfederal government agencies, or state, tribal, or local governments to voluntarily disclose cyber threat information to designated cybersecurity centers or to each other to assist with preventing, investigating, or mitigating threats to information security.
Requires federal contractors of electronic communication, remote computing, or cybersecurity services to immediately provide the contracting agency with any cyber threat information directly related to the contract. Permits contractors to also provide such information to a cybersecurity center.
Directs federal agencies receiving such contractor-provided information to disclose it immediately to a cybersecurity center.
Permits cyber threat information provided to a cybersecurity center to be disclosed to, or used by, the federal government for a cybersecurity or national security purpose or to prevent, investigate, or prosecute various criminal offenses for which law enforcement officials are authorized, under existing law, to seek a court order authorizing an interception of wire, oral, or electronic communications.
Prohibits federal, state, tribal, or local agencies from directly using such information to regulate an entity's lawful activities.
Sets forth conditions with regard to information provided to a cybersecurity center including: (1) the disclosure of such information to state, tribal, or local governments; (2) the use, distribution, and any prerequisite consent necessary for sharing such information; and (3) the legal treatment of such information under specified privileges, exemptions, ex parte communications rules, and requirements for disclosing public information and records.
Provides legal protections to entities engaged in authorized cybersecurity activities.
Directs the Director of National Intelligence (DNI) and Secretary of Defense (DOD) to develop procedures for sharing classified and unclassified information.
Amends the Federal Information Security Management Act of 2002 to replace existing information security procedures for federal agencies with a new framework for coordinating and securing federal information.
Directs the Secretary of Commerce to issue compulsory and binding policies and directives governing agency information security operations. Requires that national security systems be overseen as directed by the President.
Requires each agency to comply with such policies and provide risk-commensurate information security protections for information systems used or operated by the agency or a contractor or other organization on an agency's behalf.
Requires each agency's Chief Information Officer to develop an agencywide information security program.
Directs the Secretary of Homeland Security (DHS) to: (1) designate a DHS entity to conduct an ongoing security analysis of agency information systems using automated processes, and (2) develop a timeline for each agency to adopt continuous monitoring systems. Sets forth separate requirements for national security systems.
Requires that federal information systems be based on National Institute of Standards and Technology (NIST) standards.
Amends the Computer Fraud and Abuse Act to increase and further delineate the criminal penalties for computer fraud and related activities.
Establishes an offense for aggravated damage to a public or private critical infrastructure computer that manages or controls systems or assets vital to national defense, national security, national economic security, or public health or safety.
Amends the High-Performance Computing Act of 1991 to re-designate the National High-Performance Computing Program as the Networking and Information Technology Research and Development Program.
Requires the Director of the Office of Science and Technology Policy (STP) to establish goals for inter-agency collaborative research and development with Program Component Areas, industry, institutions of higher education, federal laboratories, and international organizations. Directs agencies to develop a five-year strategic plan.
Requires that agencies be encouraged under the Program to address application areas with potential for contributions to national economic competitiveness and other societal benefits including technical solutions to cybersecurity, health care, energy management, transportation, cyber-physical systems, physical and behavioral phenomena, and privacy protection.
Defines "cyber-physical systems" as physical or engineered systems whose networking and information technology functions and physical elements are integrated and actively connected to the physical world through sensors, actuators, or other means to perform monitoring and control functions.
Requires the STP Director to convene a task force to report to Congress on options for the research, development, and organizational structure of cyber-physical systems.
Requires the National Science Foundation (NSF) to continue a Federal Cyber Scholarship-for-Service program.
Requires the NIST to coordinate federal agencies engaged in the development of international technical standards.
Amends the Cyber Security Research and Development Act to add research areas eligible for NSF computer and network security research grants. Authorizes: (1) various grant programs through FY2013, and (2) the cybersecurity faculty development traineeship program through FY2014.