On 2026-06-24, Senator Mike Rounds (R-SD) delivered a floor speech titled "Text Of Senate Amendment 6213" in the Senate.
Text of Senate Amendment 6213 Congressional Record, Volume 172 Issue 106 (Wednesday, June 24, 2026) [Congressional Record Volume 172, Number 106 (Wednesday, June 24, 2026)] [Senate] [Pages S3386-S3387] From the Congressional Record Online through the Government Publishing Office [ www.gpo.gov ] SA 6213. Mr. ROUNDS (for himself and Mr. Peters) submitted an amendment intended to be proposed by him to the bill S. 4784, to authorize appropriations for fiscal year 2027 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to prescribe military personnel strengths for such fiscal year, and for other purposes; which was ordered to lie on the table; as follows: At the appropriate place in title X, insert the following: SEC. ___. REAUTHORIZATION OF THE CYBERSECURITY INFORMATION SHARING ACT OF 2015. (a) In General.--The Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1501 et seq.) is amended-- (1) in section 102 (6 U.S.C. 1501; relating to definitions)-- (A) by redesignating paragraphs (4), (5), (6), (7), (8), (9), (10), (11), (12), (13), (14), (15), (16), (17), and (18) as paragraphs (6), (7), (8), (9), (10), (11), (12), (13), (14), (15), (16), (17), (18), (19), and (20), respectively; and (B) by inserting after paragraph (3) the following new paragraphs: ``(4) Artificial intelligence.--The term `artificial intelligence' has the meaning given such term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 (15 U.S.C. 9401). ``(5) Critical infrastructure.--The term `critical infrastructure' has the meaning given such term in section 1016(e) of Public Law 107-56 (42 U.S.C. 5195c(e)).''; (2) in section 103 (6 U.S.C. 1502; relating to sharing of information by the Federal Government)-- (A) in subsection (a), in the matter preceding paragraph (1), by striking ``develop and issue'' and inserting ``develop, issue, and, as appropriate, update''; and (B) in subsection (b)-- (i) in paragraph (1)-- (I) in the matter preceding subparagraph (A), by inserting ``and, as appropriate, updated,'' after ``developed''; (II) by amending subparagraph (A) to read as follows: ``(A) ensure the Federal Government has and maintains the capability to share cyber threat indicators and defensive measures in real-time consistent with the protection of classified information, and maintains the capability to provide technical assistance, on a [[Page S3387]] voluntary basis, to non-Federal entities in utilizing cyber threat indicators and defensive measures for cybersecurity purposes;''; (III) in subparagraph (E)(ii), by striking ``and'' after the semicolon; (IV) in subparagraph (F), by striking the period and inserting ``; and''; and (V) by adding at the end the following new subparagraph: ``(G) pursuant to section 2212 of the Homeland Security Act of 2002 (6 U.S.C. 662), provide one-time read-ins, as appropriate, to select individuals identified by non-Federal entities that own or operate critical infrastructure or artificial intelligence;''; and (ii) in paragraph (2)-- (I) by inserting ``and, as appropriate, updating,'' after ``developing''; and (II) by inserting ``and defensive measures'' after ``promote the sharing of cyber threat indicators''; and (C) in subsection (c)-- (i) by inserting ``and not later than 60 days after any update, as appropriate, of procedures required by subsection (a),'' after ``Act,''; and (ii) by inserting ``(or update, as appropriate)'' after ``procedures''; (3) in section 104 (6 U.S.C. 1503; relating to authorizations for preventing, detecting, analyzing, and mitigating cybersecurity threats)-- (A) in paragraph (3) of subsection (c)-- (i) in the matter preceding subparagraph (A), by striking ``shall be'' and inserting ``may be''; (ii) in subparagraph (A), by striking ``or'' after the semicolon; (iii) in subparagraph (B), by striking the period and inserting ``; or''; and (iv) by adding at the end the following new subparagraph: ``(C) to preclude the use of artificial intelligence that is strictly deployed for cybersecurity purposes in carrying out the activities authorized under paragraph (1) provided that such deployment complies with section 105(d)(5).''; and (B) in subparagraph (B) of subsection (d)(2), by inserting ``, which may utilize artificial intelligence that is strictly deployed for cybersecurity purposes,'' after ``technical capability''; (4) in section 105 (6 U.S.C. 1504; relating to sharing of cyber threat indicators and defensive measures with the Federal Government)-- (A) in subsection (a)-- (i) in paragraph (2), by adding at the end the following new sentences: ``As appropriate, the Attorney General and the Secretary of Homeland Security shall, in consultation with the heads of the appropriate Federal entities, jointly update such policies and procedures, and issue and make publicly available such updated policies and procedures. Such updates shall prioritize rapid dissemination to State, local, Tribal, and territorial governments and owners and operators of non- Federal critical infrastructure or artificial intelligence of relevant and actionable cyber threat indicators and defensive measures.''; (ii) in paragraph (3), in the matter preceding subparagraph (A), by striking ``developed or issued'' and inserting ``developed, issued, or, as appropriate, updated,''; and (iii) in paragraph (4)-- (I) in subparagraph (A), by adding at the end the following new sentence: ``As appropriate, the Attorney General and the Secretary of Homeland Security shall jointly update and make publicly available such guidance to so assist entities and promote such sharing of cyber threat indicators and defensive measures with such Federal entities under this title.''; and (II) in subparagraph (B), in the matter preceding clause (i), by inserting ``and, as appropriate, updated,'' after ``developed''; (B) in subsection (b)-- (i) in paragraph (2)(B), by inserting ``, and, as appropriate, update,'' after ``review''; and (ii) in paragraph (3), in the matter preceding subparagraph (A), by inserting ``and, as appropriate, updated,'' after ``required''; and (C) in subsection (c)(1)(D), by inserting ``, including if such capability and process employs artificial intelligence'' before the semicolon; and (D) in subsection (d)-- (i) in paragraph (1), by striking ``trade secret protection'' and inserting ``intellectual property protection''; and (ii) in paragraph (5)(A)-- (I) in clause (iv), by striking ``or'' after the semicolon; (II) in clause (v)(III), by striking the period and inserting ``; or''; and (III) by adding at the end the following new clause: ``(vi) the purpose of rapidly providing to other Federal entities awareness of a cybersecurity threat that may impact the information systems of such Federal entities.''; (5) in section 108 (6 U.S.C. 1507; relating to construction and preemption)-- (A) in subsection (c)-- (i) in the matter preceding paragraph (1), by striking ``shall be'' and inserting ``may be''; (ii) in paragraph (2), by striking ``or'' after the semicolon; (iii) in paragraph (3), by striking the period and inserting ``; or''; and (iv) by adding at the end the following new paragraph: ``(4) to preclude the use of artificial intelligence that is strictly deployed for cybersecurity purposes in carrying out activities authorized by this title.''; and (B) in subsection (f)(3), by inserting ``to share cyber threat indicators or defensive measures'' after ``relationship''; (6) in section 109 (6 U.S.C. 1508; relating to report on cybersecurity threats)-- (A) in subsection (a)-- (i) by inserting ``and not later than September 30 of every two years thereafter,'' after ``Act,''; (ii) by inserting ``the Secretary of Homeland Security and'' after ``in coordination with''; (iii) by inserting ``and the Committee on Homeland Security and Governmental Affairs'' before ``of the Senate''; (iv) by inserting ``and the Committee on Homeland Security'' before ``of the House''; and (v) by inserting ``prepositioning activities, ransomware,'' after ``attacks,''; and (B) in subsection (b)-- (i) by inserting ``prepositioning activities, ransomware,'' after ``attacks,'' each place it appears; and (ii) in paragraph (2), by inserting ``prepositioning activity, ransomware,'' after ``attack,''; and (7) in section 111(a) (6 U.S.C. 1510(a), relating to effective period), by striking ``September 30, 2026'' and inserting ``September 30, 2036''. (b) Conforming Amendments.--Section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650; relating to definitions) is amended-- (1) in paragraph (5)-- (A) in subparagraph (B), by inserting ``or compromising'' after ``defeating''; (B) in subparagraph (C), by inserting ``including a security vulnerability affecting an information system or a technology included in the critical and emerging technologies list of the Office of Science and Technology Policy or successor list, such as artificial intelligence, which may be in a Federal entity's or non-Federal entity's software or hardware supply chain,'' after ``security vulnerability,''; (C) in subparagraph (D), by inserting ``or compromise'' after ``defeat''; and (D) in subparagraph (F), by inserting ``or compromised'' after ``exfiltrated''; (2) in paragraph (14), by amending subparagraph (B) to read as follows: ``(B) includes, in accordance with section 104(d)(2) of the Cybersecurity Information Sharing Act of 2015 (6 U.S.C. 1503(d)(2)), operational technology, including industrial control systems, such as supervisory control and data acquisition systems, distributed control systems, and programmable logic controllers.''; and (3) in paragraph (25), by inserting ``or compromise'' after ``defeat''. ______