Bill > S1869

Introduced Session

A bill to improve Federal network security and authorize and enhance an existing intrusion detection and prevention system for civilian Federal networks. Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (OMB), to implement an intrusion assessment plan to identify and remove intruders in federal agency information systems. Directs DHS to deploy and operate, for use by other agencies, capabilities to detect and prevent or remove cybersecurity risks in network traffic transiting or traveling to or from agency information systems. Authorizes the DHS Secretary to access, and agency heads to disclose to the Secretary, information transiting agency systems, regardless of the location from which the information is accessed, notwithstanding any laws that would otherwise restrict or prevent such disclosures. Requires agencies to utilize such capabilities and adopt subsequent improvements. Provides liability protections to private entities authorized to assist the Secretary with such capabilities. Terminates authority for such capabilities seven years after enactment of this Act. Requires DHS to include in the Continuous Diagnostics and Mitigation Program advanced network security tools to improve visibility of network activity to detect and mitigate intrusions and anomalous activity. Directs the OMB to implement a plan to ensure that agencies utilize such advanced tools. Directs DHS to collaborate with the OMB to update government information security metrics to include measures of intrusion and incident detection and response times. Requires the OMB to display additional agency metrics on federal government performance websites. Authorizes DHS, upon an agency's request, to operate and maintain technology that is deployed to agencies to diagnose and mitigate against cyber threats and vulnerabilities. Requires agencies to: (1) encrypt sensitive and mission critical data, (2) implement single sign-on trusted identity platforms for public websites, and (3) implement multifactor authentication standards for remote access to agency systems. Excludes the Department of Defense and the intelligence community from procedures of this Act.

Committee Categories

Tom Carper (D)*,  Ron Johnson (R), 

Placed on Senate Legislative Calendar under General Orders. Calendar No. 673. (on 11/17/2016)

Official Document