STRENGTHENING CYBER RESILIENCE AGAINST STATE-SPONSORED THREATS ACT

On 2024-12-10, Representative Laurel M. Lee (R-FL-15) delivered a floor speech titled "STRENGTHENING CYBER RESILIENCE AGAINST STATE-SPONSORED THREATS ACT" in the House. The speech addressed taxes and also covered the environment, foreign policy. It referenced legislation: HR9769.

STRENGTHENING CYBER RESILIENCE AGAINST STATE-SPONSORED THREATS ACT

Congressional Record, Volume 170 Issue 183 (Tuesday, December 10, 2024) [Congressional Record Volume 170, Number 183 (Tuesday, December 10, 2024)] [House] [Pages H6562-H6564] From the Congressional Record Online through the Government Publishing Office [ www.gpo.gov ] STRENGTHENING CYBER RESILIENCE AGAINST STATE-SPONSORED THREATS ACT Mr. GREEN of Tennessee. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 9769) to ensure the security and integrity of United States critical infrastructure by establishing an interagency task force and requiring a comprehensive report on the targeting of United States critical infrastructure by People's Republic of China state-sponsored cyber actors, and for other purposes. The Clerk read the title of the bill. The text of the bill is as follows: H.R. 9769 Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the ``Strengthening Cyber Resilience Against State-Sponsored Threats Act''. SEC. 2. INTERAGENCY TASK FORCE AND REPORT ON THE TARGETING OF UNITED STATES CRITICAL INFRASTRUCTURE BY PEOPLE'S REPUBLIC OF CHINA STATE-SPONSORED CYBER ACTORS. (a) Interagency Task Force.--Not later than 120 days after the date of the enactment of this Act, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security, in consultation with the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies as determined by the Director of CISA, shall establish a joint interagency task force (in this section referred to as the ``task force'') to facilitate collaboration and coordination among the Sector Risk Management Agencies assigned a Federal role or responsibility in National Security Memorandum-22, issued April 30, 2024 (relating to critical infrastructure security and resilience), or any successor document, to detect, analyze, and respond to the cybersecurity threat posed by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China by ensuring that such agencies' actions are aligned and mutually reinforcing. (b) Chairs.-- (1) Chairperson.--The Director of CISA (or the Director of CISA's designee) shall serve as the chairperson of the task force. (2) Vice chairperson.--The Director of the Federal Bureau of Investigation (or such Director's designee) shall serve as the vice chairperson of the task force. (c) Composition.-- (1) In general.--The task force shall consist of appropriate representatives of the departments and agencies specified in subsection (a). (2) Qualifications.--To materially assist in the activities of the task force, representatives under paragraph (1) should be subject matter experts who have familiarity and technical expertise regarding cybersecurity, digital forensics, or threat intelligence analysis, or in-depth knowledge of the tactics, techniques, and procedures (TTPs) commonly used by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (d) Vacancy.--Any vacancy occurring in the membership of the task force shall be filled in the same manner in which the original appointment was made. (e) Establishment Flexibility.--To avoid redundancy, the task force may coordinate with any preexisting task force, working group, or cross-intelligence effort within the Homeland Security Enterprise or the intelligence community that has examined or responded to the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (f) Task Force Reports; Briefing.-- (1) Initial report.--Not later than 540 days after the establishment of the task force, the task force shall submit to the appropriate congressional committees the first report containing the initial findings, conclusions, and recommendations of the task force. (2) Annual report.--Not later than one year after the date of the submission of the initial report under paragraph (1) and annually thereafter for five years, the task force shall submit to the appropriate congressional committees an annual report containing the findings, conclusions, and recommendations of the task force. (3) Contents.--The reports under this subsection shall include the following: (A) An assessment at the lowest classification feasible of the sector-specific risks, trends relating to incidents impacting sectors, and tactics, techniques, and procedures utilized by or relating to State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (B) An assessment of additional resources and authorities needed by Federal departments and agencies to better counter the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (C) A classified assessment of the extent of potential destruction, compromise, or disruption to United States critical infrastructure by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States. (D) A classified assessment of the ability of the United States to counter the cybersecurity threat posed by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States, including with respect to different cybersecurity measures and recommendations that could mitigate such a threat. (E) A classified assessment of the ability of State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China to disrupt operations of the United States Armed Forces by hindering mobility across critical infrastructure such as rail, aviation, and ports, including how such would impair the ability of the United States Armed Forces to deploy and maneuver forces effectively. (F) A classified assessment of the economic and social ramifications of a disruption to one or multiple United States critical infrastructure sectors by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China in the event of a major crisis or future conflict between the People's Republic of China and the United States. (G) Such recommendations as the task force may have for the Homeland Security Enterprise, the intelligence community, or critical infrastructure owners and operators [[Page H6563]] to improve the detection and mitigation of the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (H) A one-time plan for an awareness campaign to familiarize critical infrastructure owners and operators with security resources and support offered by Federal departments and agencies to mitigate the cybersecurity threat posed by State-sponsored cyber actors, including Volt Typhoon, of the People's Republic of China. (4) Briefing.--Not later than 30 days after the date of the submission of each report under this subsection, the task force shall provide to the appropriate congressional committees a classified briefing on the findings, conclusions, and recommendations of the task force. (5) Form.--Each report under this subsection shall be submitted in classified form, consistent with the protection of intelligence sources and methods, but may include an unclassified executive summary. (6) Publication.--The unclassified executive summary of each report required under this subsection shall be published on a publicly accessible website of the Department of Homeland Security. (g) Access to Information.-- (1) In general.--The Secretary of Homeland Security, the Director of CISA, the Attorney General, the Director of the Federal Bureau of Investigation, and the heads of appropriate Sector Risk Management Agencies, as determined by the Director of CISA, shall provide to the task force such information, documents, analysis, assessments, findings, evaluations, inspections, audits, or reviews relating to efforts to counter the cybersecurity threat posed by State- sponsored cyber actors, including Volt Typhoon, of the People's Republic of China as the task force considers necessary to carry out this section. (2) Receipt, handling, storage, and dissemination.-- Information, documents, analysis, assessments, findings, evaluations, inspections, audits, and reviews described in this subsection shall be received, handled, stored, and disseminated only by members of the task force consistent with all applicable statutes, regulations, and executive orders. (3) Security clearances for task force members.--No member of the task force may be provided with access to classified information under this section without the appropriate security clearances. (h) Termination.--The task force, and all the authorities of this section, shall terminate on the date that is 60 days after the final briefing required under subsection (h)(4). (i) Exemption From FACA.--Chapter 10 of title 5, United States Code (commonly referred to as the ``Federal Advisory Committee Act''), shall not apply to the task force. (j) Exemption From Paperwork Reduction Act.--Chapter 35 of title 44, United States Code (commonly known as the ``Paperwork Reduction Act''), shall not apply to the task force. (k) Definitions.--In this section: (1) Appropriate congressional committees.--The term ``appropriate congressional committees'' means-- (A) the Committee on Homeland Security, the Committee on Judiciary, and the Select Committee on Intelligence of the House of Representatives; and (B) the Committee on Homeland Security and Governmental Affairs, the Committee on Judiciary, and the Select Committee on Intelligence of the Senate. (2) Assets.--The term ``assets'' means a person, struct

Referenced legislation: HR9769, HR9769