Homeland Security Cyber and Physical Infrastructure Protection Act of 2011
HB-174
About HB-174
Homeland Security Cyber and Physical Infrastructure Protection Act of 2011 - Amends the Homeland Security Act of 2002 to establish within the Department of Homeland Security (DHS) an Office of Cybersecurity and Communications, which shall be headed by the Assistant Secretary for Cybersecurity and Communications and which shall include:
- (1) the United States Computer Emergency Readiness Team;
- (2) a Cybersecurity Compliance Division (established by this Act); and
- (3) other DHS components with primary responsibility for emergency or national communications or cybersecurity
Directs the Secretary of DHS, acting through the Assistant Secretary or the Director of such Division, to establish and enforce cybersecurity requirements for civilian nonmilitary and non-intelligence community federal systems to prevent, deter, respond to, and recover from cyber attacks and incidents. Requires the Assistant Secretary to chair an interagency working group, which shall:
- (1) develop risk- and performance-based cybersecurity requirements for civilian federal agency computer networks and federally owned critical infrastructure, to be enforced by the Assistant Secretary through the Director;
- (2) develop remedies for noncompliance with such requirements, to be executed by the Director of the Office of Management and Budget (OMB);
- (3) recommend budgets for security of such networks; and
- (4) propose updates for the Common Criteria for Information Technology Security Evaluation
Requires all federal entities to report any cyber incidents on their networks to the Director and to the Team, which shall research each incident and report on the extent of any compromise, the attackers, the method of penetration, the ramifications, and recommended mitigation activities. Requires:
- (1) the Secretary, through the Director, to establish and enforce risk-based cybersecurity requirements for private sector computer networks within covered critical infrastructures; and
- (2) the Director to require entities determined to be covered critical infrastructures to comply with such requirements and to submit a proposed cybersecurity plan to satisfy such requirements to the first-party regulatory agency or sector-specific agency for approval and enforcement
Prescribes penalties for noncompliance. Requires the Assistant Secretary to:
- (1) share information regarding cybersecurity threats and vulnerabilities and proposed actions to mitigate them with all federal agencies, appropriate state, local, or tribal authority representatives, and all covered critical infrastructure owners and operators; and
- (2) designate information received from and provided to federal agencies and critical infrastructure owners and operators under this Act as sensitive security information and enforce requirements for handling, storage, and dissemination of such information
Directs the Under Secretary for Science and Technology to support research, development, testing, evaluation, and transition of cybersecurity technology, with an emphasis on research and development relevant to large-scale, high-impact attacks. Requires the Assistant Secretary to:
- (1) develop a strategic cybersecurity workforce plan as part of the federal agency performance plan;
- (2) establish a cybersecurity awareness and education curriculum that shall be required for all federal employees and contractors engaged in the design, development, or operation of civilian federal agency computer networks; and
- (3) implement a strategy to provide federal employees who work in cybersecurity-related areas with the opportunity to obtain additional education
Authorizes:
- (1) the appointment of up to 500 employees to carry out this Act's requirements without regard to the civil service laws upon certification to Congress that standard federal hiring processes have not resulted in the required number of critical cybersecurity positions being filled; and
- (2) payment of bonuses necessary to retain such an employee.