US Congress House Bill 174 (Prior Session Legislation)

---

Spectrum: Partisan Bill (Democrat 9-0)
Status: Introduced on January 5 2011 - 25% progression, died in committee
Action: 2011-02-08 - Referred to the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform .
Pending: House Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform Committee
Text: Latest bill text (Introduced) [PDF]

Homeland Security Cyber and Physical Infrastructure Protection Act of 2011 - Amends the Homeland Security Act of 2002 to establish within the Department of Homeland Security (DHS) an Office of Cybersecurity and Communications, which shall be headed by the Assistant Secretary for Cybersecurity and Communications and which shall include: (1) the United States Computer Emergency Readiness Team; (2) a Cybersecurity Compliance Division (established by this Act); and (3) other DHS components with primary responsibility for emergency or national communications or cybersecurity. Directs the Secretary of DHS, acting through the Assistant Secretary or the Director of such Division, to establish and enforce cybersecurity requirements for civilian nonmilitary and non-intelligence community federal systems to prevent, deter, respond to, and recover from cyber attacks and incidents. Requires the Assistant Secretary to chair an interagency working group, which shall: (1) develop risk- and performance-based cybersecurity requirements for civilian federal agency computer networks and federally owned critical infrastructure, to be enforced by the Assistant Secretary through the Director; (2) develop remedies for noncompliance with such requirements, to be executed by the Director of the Office of Management and Budget (OMB); (3) recommend budgets for security of such networks; and (4) propose updates for the Common Criteria for Information Technology Security Evaluation. Requires all federal entities to report any cyber incidents on their networks to the Director and to the Team, which shall research each incident and report on the extent of any compromise, the attackers, the method of penetration, the ramifications, and recommended mitigation activities. Requires: (1) the Secretary, through the Director, to establish and enforce risk-based cybersecurity requirements for private sector computer networks within covered critical infrastructures; and (2) the Director to require entities determined to be covered critical infrastructures to comply with such requirements and to submit a proposed cybersecurity plan to satisfy such requirements to the first-party regulatory agency or sector-specific agency for approval and enforcement. Prescribes penalties for noncompliance. Requires the Assistant Secretary to: (1) share information regarding cybersecurity threats and vulnerabilities and proposed actions to mitigate them with all federal agencies, appropriate state, local, or tribal authority representatives, and all covered critical infrastructure owners and operators; and (2) designate information received from and provided to federal agencies and critical infrastructure owners and operators under this Act as sensitive security information and enforce requirements for handling, storage, and dissemination of such information. Directs the Under Secretary for Science and Technology to support research, development, testing, evaluation, and transition of cybersecurity technology, with an emphasis on research and development relevant to large-scale, high-impact attacks. Requires the Assistant Secretary to: (1) develop a strategic cybersecurity workforce plan as part of the federal agency performance plan; (2) establish a cybersecurity awareness and education curriculum that shall be required for all federal employees and contractors engaged in the design, development, or operation of civilian federal agency computer networks; and (3) implement a strategy to provide federal employees who work in cybersecurity-related areas with the opportunity to obtain additional education. Authorizes: (1) the appointment of up to 500 employees to carry out this Act's requirements without regard to the civil service laws upon certification to Congress that standard federal hiring processes have not resulted in the required number of critical cybersecurity positions being filled; and (2) payment of bonuses necessary to retain such an employee.

Homeland Security Cyber and Physical Infrastructure Protection Act of 2011

Rep. Bennie Thompson [D-MS]	Rep. Donna Christensen [D-VI]	Rep. Yvette Clarke [D-NY]	Rep. Danny Davis [D-IL]
Rep. William Keating [D-MA]	Rep. Bill Pascrell [D-NJ]	Rep. Laura Richardson [D-CA]	Rep. Cedric Richmond [D-LA]
Rep. Steven Rothman [D-NJ]

Date	Chamber	Action
2011-02-08	House	Referred to the Subcommittee on Technology, Information Policy, Intergovernmental Relations and Procurement Reform .
2011-01-31	House	Referred to the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.
2011-01-05	House	Referred to House Oversight and Government Reform
2011-01-05	House	Referred to House Homeland Security
2011-01-05	House	Referred to the Committee on Homeland Security, and in addition to the Committee on Oversight and Government Reform, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.

Type	Source
Summary	https://www.congress.gov/bill/112th-congress/house-bill/174/all-info
Text	https://www.congress.gov/112/bills/hr174/BILLS-112hr174ih.pdf