[Congressional Bills 115th Congress]
[From the U.S. Government Publishing Office]
[S. 3182 Introduced in Senate (IS)]
<DOC>
115th CONGRESS
2d Session
S. 3182
To amend the Homeland Security Act of 2002 to provide for the
responsibility of the National Cybersecurity and Communications
Integration Center to maintain capabilities to identify threats to
industrial control systems, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 28, 2018
Mr. Sasse introduced the following bill; which was read twice and
referred to the Committee on Homeland Security and Governmental Affairs
_______________________________________________________________________
A BILL
To amend the Homeland Security Act of 2002 to provide for the
responsibility of the National Cybersecurity and Communications
Integration Center to maintain capabilities to identify threats to
industrial control systems, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``DHS Industrial Control Systems
Capabilities Enhancement Act of 2018''.
SEC. 2. CAPABILITIES OF NATIONAL CYBERSECURITY AND COMMUNICATIONS
INTEGRATION CENTER TO IDENTIFY THREATS TO INDUSTRIAL
CONTROL SYSTEMS.
(a) In General.--Section 227 of the Homeland Security Act of 2002
(6 U.S.C. 148) is amended--
(1) in subsection (e)(1)--
(A) in subparagraph (G), by striking ``and;'' after
the first semicolon;
(B) in subparagraph (H), by inserting ``and'' after
the semicolon; and
(C) by adding at the end the following new
subparagraph:
``(I) activities of the Center address the security
of both information technology and operational
technology, including industrial control systems;'';
(2) by redesignating subsections (f) through (m) as
subsections (g) through (n), respectively; and
(3) by inserting after subsection (e) the following new
subsection:
``(f) Industrial Control Systems.--The Center shall maintain
capabilities to identify and address threats and vulnerabilities to
products and technologies intended for use in the automated control of
critical infrastructure processes. In carrying out this subsection, the
Center shall--
``(1) lead, in coordination with relevant sector specific
agencies, Federal Government efforts to identify and mitigate
cybersecurity threats to industrial control systems, including
supervisory control and data acquisition systems;
``(2) maintain cross-sector incident response capabilities
to respond to industrial control system cybersecurity
incidents;
``(3) provide cybersecurity technical assistance to
industry end-users, product manufacturers, and other industrial
control system stakeholders to identify and mitigate
vulnerabilities;
``(4) collect, coordinate, and provide vulnerability
information to the industrial control systems community by, as
appropriate, working closely with security researchers,
industry end-users, product manufacturers, and other industrial
control systems stakeholders; and
``(5) conduct such other efforts and assistance as the
Secretary determines appropriate.''.
(b) Report to Congress.--Not later than 180 days after the date of
enactment of this Act, and every 6 months thereafter during the
subsequent 4-year period, the National Cybersecurity and Communications
Integration Center shall provide to the Committee on Homeland Security
of the House of Representatives and the Committee on Homeland Security
and Governmental Affairs of the Senate a briefing on the industrial
control systems capabilities of the Center under subsection (f) of
section 227 of the Homeland Security Act of 2002 (6 U.S.C. 148), as
added by subsection (a).
<all>