Bill Sponsor
House Bill 2980
117th Congress(2021-2022)
Cybersecurity Vulnerability Remediation Act
Active
Active
Passed House on Jul 20, 2021
Overview
Text
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
No Linkage Found
About Linkage
Multiple bills can contain the same text. This could be an identical bill in the opposite chamber or a smaller bill with a section embedded in a larger bill.
Bill Sponsor regularly scans bill texts to find sections that are contained in other bill texts. When a matching section is found, the bills containing that section can be viewed by clicking "View Bills" within the bill text section.
Bill Sponsor is currently only finding exact word-for-word section matches. In a future release, partial matches will be included.
H. R. 2980 (Introduced-in-House)


117th CONGRESS
1st Session
H. R. 2980


To amend the Homeland Security Act of 2002 to provide for the remediation of cybersecurity vulnerabilities, and for other purposes.


IN THE HOUSE OF REPRESENTATIVES

May 4, 2021

Ms. Jackson Lee introduced the following bill; which was referred to the Committee on Homeland Security


A BILL

To amend the Homeland Security Act of 2002 to provide for the remediation of cybersecurity vulnerabilities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

SECTION 1. Short title.

This Act may be cited as the “Cybersecurity Vulnerability Remediation Act”.

SEC. 2. Cybersecurity vulnerabilities.

Section 2209 of the Homeland Security Act of 2002 (6 U.S.C. 659) is amended—

(1) in subsection (a)—

(A) in paragraph (5), by striking “and” after the semicolon at the end;

(B) by redesignating paragraph (6) as paragraph (7); and

(C) by inserting after paragraph (5) the following new paragraph:

“(6) the term ‘cybersecurity vulnerability’ has the meaning given the term ‘security vulnerability’ in section 102 of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1501); and”.

(2) in subsection (c)—

(A) in paragraph (5)—

(i) in subparagraph (A), by striking “and” after the semicolon at the end;

(ii) by redesignating subparagraph (B) as subparagraph (C);

(iii) by inserting after subparagraph (A) the following new subparagraph:

“(B) sharing mitigation protocols to counter cybersecurity vulnerabilities pursuant to subsection (n); and”; and

(iv) in subparagraph (C), as so redesignated, by inserting “and mitigation protocols to counter cybersecurity vul­ner­a­bil­i­ties in accordance with subparagraph (B)” before “with Federal”;

(B) in paragraph (7)(C), by striking “sharing” and inserting “share”; and

(C) in paragraph (9), by inserting “mitigation protocols to counter cybersecurity vulnerabilities,” after “measures,”;

(3) in subsection (e)(1)(G), by striking the semicolon after “and” at the end; and

(4) by adding at the end the following new subsection:

“(n) Protocols To counter cybersecurity vulnerabilities.—The Director may, as appropriate, identify, develop, and disseminate actionable protocols to mitigate cybersecurity vulnerabilities, including in circumstances in which such vulnerabilities exist because software or hardware is no longer supported by a vendor.”.

SEC. 3. Report on cybersecurity vulnerabilities.

(a) Report.—Not later than one year after the date of the enactment of this Act, the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security shall submit to the Committee on Homeland Security of the House of Representatives and the Committee on Homeland Security and Governmental Affairs of the Senate a report on how the Agency carries out subsection (m) of section 2209 of the Homeland Security Act of 2002 to coordinate vulnerability disclosures, including disclosures of cybersecurity vul­ner­a­bil­i­ties (as such term is defined in such section), and subsection (n) of such section (as added by section 2) to disseminate actionable protocols to mitigate cybersecurity vulnerabilities, that includes the following:

(1) A description of the policies and procedures relating to the coordination of vulnerability disclosures.

(2) A description of the levels of activity in furtherance of such subsections (m) and (n) of such section 2209.

(3) Any plans to make further improvements to how information provided pursuant to such subsections can be shared (as such term is defined in such section 2209) between the Department and industry and other stakeholders.

(4) Any available information on the degree to which such information was acted upon by industry and other stakeholders.

(5) A description of how privacy and civil liberties are preserved in the collection, retention, use, and sharing of vulnerability disclosures.

(b) Form.—The report required under subsection (b) shall be submitted in unclassified form but may contain a classified annex.

SEC. 4. Competition relating to cybersecurity vulnerabilities.

The Under Secretary for Science and Technology of the Department of Homeland Security, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency of the Department, may establish an incentive-based program that allows industry, individuals, academia, and others to compete in providing remediation solutions for cybersecurity vulnerabilities (as such term is defined in section 2209 of the Homeland Security Act of 2002, as amended by section 2).