2013 US Code
Title 6 - Domestic Security
Chapter 1 - HOMELAND SECURITY ORGANIZATION (§§ 101 - 613)
Subchapter II - INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION (§§ 121 - 165)
Part A - Information and Analysis and Infrastructure Protection; Access to Information (§§ 121 - 124m)
Section 121 - Information and Analysis and Infrastructure Protection
Publication Title | United States Code, 2012 Edition, Supplement 1, Title 6 - DOMESTIC SECURITY |
Category | Bills and Statutes |
Collection | United States Code |
SuDoc Class Number | Y 1.2/5: |
Contained Within | Title 6 - DOMESTIC SECURITY CHAPTER 1 - HOMELAND SECURITY ORGANIZATION SUBCHAPTER II - INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION Part A - Information and Analysis and Infrastructure Protection; Access to Information Sec. 121 - Information and Analysis and Infrastructure Protection |
Contains | section 121 |
Date | 2013 |
Laws in Effect as of Date | January 16, 2014 |
Positive Law | No |
Disposition | standard |
Source Credit | Pub. L. 107-296, title II, §201, Nov. 25, 2002, 116 Stat. 2145; Pub. L. 110-53, title V, §§501(a)(2)(A), (b), 531(a), title X, §1002(a), Aug. 3, 2007, 121 Stat. 309, 332, 374; Pub. L. 110-417, [div. A], title IX, §931(b)(5), Oct. 14, 2008, 122 Stat. 4575; Pub. L. 111-84, div. A, title X, §1073(c)(9), Oct. 28, 2009, 123 Stat. 2475; Pub. L. 111-258, §5(b)(1), Oct. 7, 2010, 124 Stat. 2650. |
Presidential Document Number References | Executive Order 12333, Executive Order 12382, Executive Order 12829, Executive Order 12866, Executive Order 12958, Executive Order 12968, Executive Order 13228, Executive Order 13228, Executive Order 13549, Executive Order 13563, Executive Order 13563, Executive Order 13609, Executive Order 13610 |
Statutes at Large References | 61 Stat. 495 116 Stat. 2145, 2135 120 Stat. 1388 121 Stat. 309, 323, 335, 370, 547, 548, 2075 122 Stat. 4575 123 Stat. 2475, 2177, 2474 124 Stat. 2650, 2689 125 Stat. 146, 976, 1603 127 Stat. 373 |
Public Law References | Public Law 92-500, Public Law 93-523, Public Law 104-113, Public Law 107-295, Public Law 107-296, Public Law 108-458, Public Law 109-295, Public Law 110-53, Public Law 110-161, Public Law 110-417, Public Law 111-83, Public Law 111-84, Public Law 111-258, Public Law 111-259, Public Law 112-10, Public Law 112-74, Public Law 112-81, Public Law 113-6 |
Download PDF
There shall be in the Department an Office of Intelligence and Analysis and an Office of Infrastructure Protection.
(b) Under Secretary for Intelligence and Analysis and Assistant Secretary for Infrastructure Protection (1) Office of Intelligence and AnalysisThe Office of Intelligence and Analysis shall be headed by an Under Secretary for Intelligence and Analysis, who shall be appointed by the President, by and with the advice and consent of the Senate.
(2) Chief Intelligence OfficerThe Under Secretary for Intelligence and Analysis shall serve as the Chief Intelligence Officer of the Department.
(3) Office of Infrastructure ProtectionThe Office of Infrastructure Protection shall be headed by an Assistant Secretary for Infrastructure Protection, who shall be appointed by the President.
(c) Discharge of responsibilitiesThe Secretary shall ensure that the responsibilities of the Department relating to information analysis and infrastructure protection, including those described in subsection (d), are carried out through the Under Secretary for Intelligence and Analysis or the Assistant Secretary for Infrastructure Protection, as appropriate.
(d) Responsibilities of Secretary relating to intelligence and analysis and infrastructure protectionThe responsibilities of the Secretary relating to intelligence and analysis and infrastructure protection shall be as follows:
(1) To access, receive, and analyze law enforcement information, intelligence information, and other information from agencies of the Federal Government, State and local government agencies (including law enforcement agencies), and private sector entities, and to integrate such information, in support of the mission responsibilities of the Department and the functions of the National Counterterrorism Center established under section 119 of the National Security Act of 1947 [50 U.S.C. 3056], in order to—
(A) identify and assess the nature and scope of terrorist threats to the homeland;
(B) detect and identify threats of terrorism against the United States; and
(C) understand such threats in light of actual and potential vulnerabilities of the homeland.
(2) To carry out comprehensive assessments of the vulnerabilities of the key resources and critical infrastructure of the United States, including the performance of risk assessments to determine the risks posed by particular types of terrorist attacks within the United States (including an assessment of the probability of success of such attacks and the feasibility and potential efficacy of various countermeasures to such attacks).
(3) To integrate relevant information, analysis, and vulnerability assessments (regardless of whether such information, analysis or assessments are provided by or produced by the Department) in order to—
(A) identify priorities for protective and support measures regarding terrorist and other threats to homeland security by the Department, other agencies of the Federal Government, State, and local government agencies and authorities, the private sector, and other entities; and
(B) prepare finished intelligence and information products in both classified and unclassified formats, as appropriate, whenever reasonably expected to be of benefit to a State, local, or tribal government (including a State, local, or tribal law enforcement agency) or a private sector entity.
(4) To ensure, pursuant to section 122 of this title, the timely and efficient access by the Department to all information necessary to discharge the responsibilities under this section, including obtaining such information from other agencies of the Federal Government.
(5) To develop a comprehensive national plan for securing the key resources and critical infrastructure of the United States, including power production, generation, and distribution systems, information technology and telecommunications systems (including satellites), electronic financial and property record storage and transmission systems, emergency preparedness communications systems, and the physical and technological assets that support such systems.
(6) To recommend measures necessary to protect the key resources and critical infrastructure of the United States in coordination with other agencies of the Federal Government and in cooperation with State and local government agencies and authorities, the private sector, and other entities.
(7) To review, analyze, and make recommendations for improvements to the policies and procedures governing the sharing of information within the scope of the information sharing environment established under section 485 of this title, including homeland security information, terrorism information, and weapons of mass destruction information, and any policies, guidelines, procedures, instructions, or standards established under that section.
(8) To disseminate, as appropriate, information analyzed by the Department within the Department, to other agencies of the Federal Government with responsibilities relating to homeland security, and to agencies of State and local governments and private sector entities with such responsibilities in order to assist in the deterrence, prevention, preemption of, or response to, terrorist attacks against the United States.
(9) To consult with the Director of National Intelligence and other appropriate intelligence, law enforcement, or other elements of the Federal Government to establish collection priorities and strategies for information, including law enforcement-related information, relating to threats of terrorism against the United States through such means as the representation of the Department in discussions regarding requirements and priorities in the collection of such information.
(10) To consult with State and local governments and private sector entities to ensure appropriate exchanges of information, including law enforcement-related information, relating to threats of terrorism against the United States.
(11) To ensure that—
(A) any material received pursuant to this chapter is protected from unauthorized disclosure and handled and used only for the performance of official duties; and
(B) any intelligence information under this chapter is shared, retained, and disseminated consistent with the authority of the Director of National Intelligence to protect intelligence sources and methods under the National Security Act of 1947 [50 U.S.C. 3001 et seq.] and related procedures and, as appropriate, similar authorities of the Attorney General concerning sensitive law enforcement information.
(12) To request additional information from other agencies of the Federal Government, State and local government agencies, and the private sector relating to threats of terrorism in the United States, or relating to other areas of responsibility assigned by the Secretary, including the entry into cooperative agreements through the Secretary to obtain such information.
(13) To establish and utilize, in conjunction with the chief information officer of the Department, a secure communications and information technology infrastructure, including data-mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of the responsibilities under this section, and to disseminate information acquired and analyzed by the Department, as appropriate.
(14) To ensure, in conjunction with the chief information officer of the Department, that any information databases and analytical tools developed or utilized by the Department—
(A) are compatible with one another and with relevant information databases of other agencies of the Federal Government; and
(B) treat information in such databases in a manner that complies with applicable Federal law on privacy.
(15) To coordinate training and other support to the elements and personnel of the Department, other agencies of the Federal Government, and State and local governments that provide information to the Department, or are consumers of information provided by the Department, in order to facilitate the identification and sharing of information revealed in their ordinary duties and the optimal utilization of information received from the Department.
(16) To coordinate with elements of the intelligence community and with Federal, State, and local law enforcement agencies, and the private sector, as appropriate.
(17) To provide intelligence and information analysis and support to other elements of the Department.
(18) To coordinate and enhance integration among the intelligence components of the Department, including through strategic oversight of the intelligence activities of such components.
(19) To establish the intelligence collection, processing, analysis, and dissemination priorities, policies, processes, standards, guidelines, and procedures for the intelligence components of the Department, consistent with any directions from the President and, as applicable, the Director of National Intelligence.
(20) To establish a structure and process to support the missions and goals of the intelligence components of the Department.
(21) To ensure that, whenever possible, the Department—
(A) produces and disseminates unclassified reports and analytic products based on open-source information; and
(B) produces and disseminates such reports and analytic products contemporaneously with reports or analytic products concerning the same or similar information that the Department produced and disseminated in a classified format.
(22) To establish within the Office of Intelligence and Analysis an internal continuity of operations plan.
(23) Based on intelligence priorities set by the President, and guidance from the Secretary and, as appropriate, the Director of National Intelligence—
(A) to provide to the heads of each intelligence component of the Department guidance for developing the budget pertaining to the activities of such component; and
(B) to present to the Secretary a recommendation for a consolidated budget for the intelligence components of the Department, together with any comments from the heads of such components.
(24) To perform such other duties relating to such responsibilities as the Secretary may provide.
(25) To prepare and submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security in the House of Representatives, and to other appropriate congressional committees having jurisdiction over the critical infrastructure or key resources, for each sector identified in the National Infrastructure Protection Plan, a report on the comprehensive assessments carried out by the Secretary of the critical infrastructure and key resources of the United States, evaluating threat, vulnerability, and consequence, as required under this subsection. Each such report—
(A) shall contain, if applicable, actions or countermeasures recommended or taken by the Secretary or the head of another Federal agency to address issues identified in the assessments;
(B) shall be required for fiscal year 2007 and each subsequent fiscal year and shall be submitted not later than 35 days after the last day of the fiscal year covered by the report; and
(C) may be classified.
(e) Staff (1) In generalThe Secretary shall provide the Office of Intelligence and Analysis and the Office of Infrastructure Protection with a staff of analysts having appropriate expertise and experience to assist such offices in discharging responsibilities under this section.
(2) Private sector analystsAnalysts under this subsection may include analysts from the private sector.
(3) Security clearancesAnalysts under this subsection shall possess security clearances appropriate for their work under this section.
(f) Detail of personnel (1) In generalIn order to assist the Office of Intelligence and Analysis and the Office of Infrastructure Protection in discharging responsibilities under this section, personnel of the agencies referred to in paragraph (2) may be detailed to the Department for the performance of analytic functions and related duties.
(2) Covered agenciesThe agencies referred to in this paragraph are as follows:
(A) The Department of State.
(B) The Central Intelligence Agency.
(C) The Federal Bureau of Investigation.
(D) The National Security Agency.
(E) The National Geospatial-Intelligence Agency.
(F) The Defense Intelligence Agency.
(G) Any other agency of the Federal Government that the President considers appropriate.
(3) Cooperative agreementsThe Secretary and the head of the agency concerned may enter into cooperative agreements for the purpose of detailing personnel under this subsection.
(4) BasisThe detail of personnel under this subsection may be on a reimbursable or non-reimbursable basis.
(g) Functions transferredIn accordance with subchapter XII of this chapter, there shall be transferred to the Secretary, for assignment to the Office of Intelligence and Analysis and the Office of Infrastructure Protection under this section, the functions, personnel, assets, and liabilities of the following:
(1) The National Infrastructure Protection Center of the Federal Bureau of Investigation (other than the Computer Investigations and Operations Section), including the functions of the Attorney General relating thereto.
(2) The National Communications System of the Department of Defense, including the functions of the Secretary of Defense relating thereto.
(3) The Critical Infrastructure Assurance Office of the Department of Commerce, including the functions of the Secretary of Commerce relating thereto.
(4) The National Infrastructure Simulation and Analysis Center of the Department of Energy and the energy security and assurance program and activities of the Department, including the functions of the Secretary of Energy relating thereto.
(5) The Federal Computer Incident Response Center of the General Services Administration, including the functions of the Administrator of General Services relating thereto.
(Pub. L. 107–296, title II, §201, Nov. 25, 2002, 116 Stat. 2145; Pub. L. 110–53, title V, §§501(a)(2)(A), (b), 531(a), title X, §1002(a), Aug. 3, 2007, 121 Stat. 309, 332, 374; Pub. L. 110–417, [div. A], title IX, §931(b)(5), Oct. 14, 2008, 122 Stat. 4575; Pub. L. 111–84, div. A, title X, §1073(c)(9), Oct. 28, 2009, 123 Stat. 2475; Pub. L. 111–258, §5(b)(1), Oct. 7, 2010, 124 Stat. 2650.)
REFERENCES IN TEXTThis chapter, referred to in subsec. (d)(11), was in the original “this Act”, meaning Pub. L. 107–296, Nov. 25, 2002, 116 Stat. 2135, known as the Homeland Security Act of 2002, which is classified principally to this chapter. For complete classification of this Act to the Code, see Short Title note set out under section 101 of this title and Tables.
The National Security Act of 1947, referred to in subsec. (d)(11)(B), is act July 26, 1947, ch. 343, 61 Stat. 495, which was formerly classified principally to chapter 15 (§401 et seq.) of Title 50, War and National Defense, prior to editorial reclassification in Title 50, and is now classified principally to chapter 44 (§3001 et seq.) of Title 50. For complete classification of this Act to the Code, see Tables.
CODIFICATIONSection is comprised of section 201 of Pub. L. 107–296. Subsec. (h) of section 201 of Pub. L. 107–296 amended section 3003 of Title 50, War and National Defense.
AMENDMENTS2010—Subsec. (d)(3). Pub. L. 111–258 amended par. (3) generally. Prior to amendment, par. (3) read as follows: “To integrate relevant information, analyses, and vulnerability assessments (whether such information, analyses, or assessments are provided or produced by the Department or others) in order to identify priorities for protective and support measures by the Department, other agencies of the Federal Government, State and local government agencies and authorities, the private sector, and other entities.”
2009—Subsec. (f)(2)(E). Pub. L. 111–84 made technical amendment to directory language of Pub. L. 110–417. See 2008 amendment note below.
2008—Subsec. (f)(2)(E). Pub. L. 110–417, §931(b)(5), as amended by Pub. L. 111–84, substituted “National Geospatial-Intelligence Agency” for “National Imagery and Mapping Agency”.
2007—Pub. L. 110–53, §531(a)(1), substituted “Information and” for “Directorate for Information” in section catchline.
Subsecs. (a) to (c). Pub. L. 110–53, §531(a)(2), added subsecs. (a) to (c) and struck out former subsecs. (a) to (c) which related to, in subsec. (a), establishment and responsibilities of Directorate for Information Analysis and Infrastructure Protection, in subsec. (b), positions of Assistant Secretary for Information Analysis and Assistant Secretary for Infrastructure Protection, and, in subsec. (c), Secretary's duty to ensure that responsibilities regarding information analysis and infrastructure protection would be carried out through the Under Secretary for Information Analysis and Infrastructure Protection.
Subsec. (d). Pub. L. 110–53, §531(a)(3), substituted “Secretary relating to intelligence and analysis and infrastructure protection” for “Under Secretary” in heading and “The responsibilities of the Secretary relating to intelligence and analysis and infrastructure protection” for “Subject to the direction and control of the Secretary, the responsibilities of the Under Secretary for Information Analysis and Infrastructure Protection” in introductory provisions.
Subsec. (d)(1). Pub. L. 110–53, §501(b)(1), inserted “, in support of the mission responsibilities of the Department and the functions of the National Counterterrorism Center established under section 119 of the National Security Act of 1947 (50 U.S.C. 404o),” after “to integrate such information” in introductory provisions.
Subsec. (d)(7). Pub. L. 110–53, §501(b)(2), added par. (7) and struck out former par. (7) which read as follows: “To review, analyze, and make recommendations for improvements in the policies and procedures governing the sharing of law enforcement information, intelligence information, intelligence-related information, and other information relating to homeland security within the Federal Government and between the Federal Government and State and local government agencies and authorities.”
Pub. L. 110–53, §501(a)(2)(A), redesignated par. (8) as (7) and struck out former par. (7) which read as follows: “To administer the Homeland Security Advisory System, including—
“(A) exercising primary responsibility for public advisories related to threats to homeland security; and
“(B) in coordination with other agencies of the Federal Government, providing specific warning information, and advice about appropriate protective measures and countermeasures, to State and local government agencies and authorities, the private sector, other entities, and the public.”
Subsec. (d)(8). Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (9) as (8). Former par. (8) redesignated (7).
Subsec. (d)(9). Pub. L. 110–53, §531(a)(3)(C), substituted “Director of National Intelligence” for “Director of Central Intelligence”.
Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (10) as (9). Former par. (9) redesignated (8).
Subsec. (d)(10). Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (11) as (10). Former par. (10) redesignated (9).
Subsec. (d)(11). Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (12) as (11). Former par. (11) redesignated (10).
Subsec. (d)(11)(B). Pub. L. 110–53, §531(a)(3)(D), substituted “Director of National Intelligence” for “Director of Central Intelligence”.
Subsec. (d)(12) to (17). Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated pars. (13) to (18) as (12) to (17), respectively. Former par. (12) redesignated (11).
Subsec. (d)(18). Pub. L. 110–53, §531(a)(3)(E), (F), added par. (18) and redesignated former par. (18) as (24).
Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (19) as (18). Former par. (18) redesignated (17).
Subsec. (d)(19). Pub. L. 110–53, §531(a)(3)(F), added par. (19).
Pub. L. 110–53, §501(a)(2)(A)(ii), redesignated par. (19) as (18).
Subsec. (d)(20) to (23). Pub. L. 110–53, §531(a)(3)(F), added pars. (20) to (23).
Subsec. (d)(24). Pub. L. 110–53, §531(a)(3)(E), redesignated par. (18) as (24).
Subsec. (d)(25). Pub. L. 110–53, §1002(a), added par. (25).
Subsec. (e)(1). Pub. L. 110–53, §531(a)(4), substituted “provide the Office of Intelligence and Analysis and the Office of Infrastructure Protection” for “provide the Directorate” and “assist such offices in discharging” for “assist the Directorate in discharging”.
Subsec. (f)(1). Pub. L. 110–53, §531(a)(5), substituted “Office of Intelligence and Analysis and the Office of Infrastructure Protection” for “Directorate”.
Subsec. (g). Pub. L. 110–53, §531(a)(6), substituted “Office of Intelligence and Analysis and the Office of Infrastructure Protection” for “Under Secretary for Information Analysis and Infrastructure Protection” in introductory provisions.
EFFECTIVE DATE OF 2009 AMENDMENTPub. L. 111–84, div. A, title X, §1073(c), Oct. 28, 2009, 123 Stat. 2474, provided that the amendment by section 1073(c)(9) is effective as of Oct. 14, 2008, and as if included in Pub. L. 110–417 as enacted.
REGULATIONSPub. L. 109–295, title V, §550, Oct. 4, 2006, 120 Stat. 1388, as amended by Pub. L. 110–161, div. E, title V, §534, Dec. 26, 2007, 121 Stat. 2075; Pub. L. 111–83, title V, §550, Oct. 28, 2009, 123 Stat. 2177; Pub. L. 112–10, div. B, title VI, §1650, Apr. 15, 2011, 125 Stat. 146; Pub. L. 112–74, div. D, title V, §540, Dec. 23, 2011, 125 Stat. 976; Pub. L. 113–6, div. D, title V, §537, Mar. 26, 2013, 127 Stat. 373, provided that:
“(a) No later than six months after the date of enactment of this Act [Oct. 4, 2006], the Secretary of Homeland Security shall issue interim final regulations establishing risk-based performance standards for security of chemical facilities and requiring vulnerability assessments and the development and implementation of site security plans for chemical facilities: Provided, That such regulations shall apply to chemical facilities that, in the discretion of the Secretary, present high levels of security risk: Provided further, That such regulations shall permit each such facility, in developing and implementing site security plans, to select layered security measures that, in combination, appropriately address the vulnerability assessment and the risk-based performance standards for security for the facility: Provided further, That the Secretary may not disapprove a site security plan submitted under this section based on the presence or absence of a particular security measure, but the Secretary may disapprove a site security plan if the plan fails to satisfy the risk-based performance standards established by this section: Provided further, That the Secretary may approve alternative security programs established by private sector entities, Federal, State, or local authorities, or other applicable laws if the Secretary determines that the requirements of such programs meet the requirements of this section and the interim regulations: Provided further, That the Secretary shall review and approve each vulnerability assessment and site security plan required under this section: Provided further, That the Secretary shall not apply regulations issued pursuant to this section to facilities regulated pursuant to the Maritime Transportation Security Act of 2002, Public Law 107–295, as amended [see Tables for classification]; Public Water Systems, as defined by section 1401 of the Safe Drinking Water Act, Public Law 93–523, as amended [42 U.S.C. 300f]; Treatment Works as defined in section 212 of the Federal Water Pollution Control Act, Public Law 92–500, as amended [33 U.S.C. 1292]; any facility owned or operated by the Department of Defense or the Department of Energy, or any facility subject to regulation by the Nuclear Regulatory Commission.
“(b) Interim regulations issued under this section shall apply until the effective date of interim or final regulations promulgated under other laws that establish requirements and standards referred to in subsection (a) and expressly supersede this section: Provided, That the authority provided by this section shall terminate on October 4, 2013.
“(c) Notwithstanding any other provision of law and subsection (b), information developed under this section, including vulnerability assessments, site security plans, and other security related information, records, and documents shall be given protections from public disclosure consistent with similar information developed by chemical facilities subject to regulation under section 70103 of title 46, United States Code: Provided, That this subsection does not prohibit the sharing of such information, as the Secretary deems appropriate, with State and local government officials possessing the necessary security clearances, including law enforcement officials and first responders, for the purpose of carrying out this section, provided that such information may not be disclosed pursuant to any State or local law: Provided further, That in any proceeding to enforce this section, vulnerability assessments, site security plans, and other information submitted to or obtained by the Secretary under this section, and related vulnerability or security information, shall be treated as if the information were classified material.
“(d) Any person who violates an order issued under this section shall be liable for a civil penalty under section 70119(a) of title 46, United States Code: Provided, That nothing in this section confers upon any person except the Secretary a right of action against an owner or operator of a chemical facility to enforce any provision of this section.
“(e) The Secretary of Homeland Security shall audit and inspect chemical facilities for the purposes of determining compliance with the regulations issued pursuant to this section.
“(f) Nothing in this section shall be construed to supersede, amend, alter, or affect any Federal law that regulates the manufacture, distribution in commerce, use, sale, other treatment, or disposal of chemical substances or mixtures.
“(g) If the Secretary determines that a chemical facility is not in compliance with this section, the Secretary shall provide the owner or operator with written notification (including a clear explanation of deficiencies in the vulnerability assessment and site security plan) and opportunity for consultation, and issue an order to comply by such date as the Secretary determines to be appropriate under the circumstances: Provided, That if the owner or operator continues to be in noncompliance, the Secretary may issue an order for the facility to cease operation, until the owner or operator complies with the order.
“(h) This section shall not preclude or deny any right of any State or political subdivision thereof to adopt or enforce any regulation, requirement, or standard of performance with respect to chemical facility security that is more stringent than a regulation, requirement, or standard of performance issued under this section, or otherwise impair any right or jurisdiction of any State with respect to chemical facilities within that State, unless there is an actual conflict between this section and the law of that State.”
CYBERSECURITY COLLABORATION BETWEEN THE DEPARTMENT OF DEFENSE AND THE DEPARTMENT OF HOMELAND SECURITYPub. L. 112–81, div. A, title X, §1090, Dec. 31, 2011, 125 Stat. 1603, provided that:
“(a)
“(1)
“(A) strategic planning for the cybersecurity of the United States;
“(B) mutual support for cybersecurity capabilities development; and
“(C) synchronization of current operational cybersecurity mission activities.
“(2)
“(A) to improve the efficiency and effectiveness of requirements formulation and requests for products, services, and technical assistance for, and coordination and performance assessment of, cybersecurity missions executed across a variety of Department of Defense and Department of Homeland Security elements; and
“(B) to leverage the expertise of each individual Department and to avoid duplicating, replicating, or aggregating unnecessarily the diverse line organizations across technology developments, operations, and customer support that collectively execute the cybersecurity mission of each Department.
“(b)
“(1)
“(2)
Pub. L. 111–259, title III, §336, Oct. 7, 2010, 124 Stat. 2689, provided that:
“(a)
“(1)
“(A)
“(B)
“(2)
“(A) the legal basis for the cybersecurity program;
“(B) the certification, if any, made pursuant to section 2511(2)(a)(ii)(B) of title 18, United States Code, or other statutory certification of legality for the cybersecurity program;
“(C) the concept for the operation of the cybersecurity program that is approved by the head of the appropriate department or agency of the United States;
“(D) the assessment, if any, of the privacy impact of the cybersecurity program prepared by the privacy or civil liberties protection officer or comparable officer of such department or agency;
“(E) the plan, if any, for independent audit or review of the cybersecurity program to be carried out by the head of such department or agency, in conjunction with the appropriate inspector general; and
“(F) recommendations, if any, for legislation to improve the capabilities of the United States Government to protect the cybersecurity of the United States.
“(b)
“(1)
“(A) the results of any audit or review of the cybersecurity program carried out under the plan referred to in subsection (a)(2)(E), if any; and
“(B) an assessment of whether the implementation of the cybersecurity program—
“(i) is in compliance with—
“(I) the legal basis referred to in subsection (a)(2)(A); and
“(II) an assessment referred to in subsection (a)(2)(D), if any;
“(ii) is adequately described by the concept of operation referred to in subsection (a)(2)(C); and
“(iii) includes an adequate independent audit or review system and whether improvements to such independent audit or review system are necessary.
“(2)
“(A)
“(B)
“(3)
“(A)
“(B)
“(c)
“(1) a description of how cyber-threat intelligence information, including classified information, is shared among the agencies and departments of the United States and with persons responsible for critical infrastructure;
“(2) a description of the mechanisms by which classified cyber-threat information is distributed;
“(3) an assessment of the effectiveness of cyber-threat information sharing and distribution; and
“(4) any other matters identified by either Inspector General that would help to fully inform Congress or the President regarding the effectiveness and legality of cybersecurity programs.
“(d)
“(1)
“(2)
“(A) for a period of not more than three years; and
“(B) on a reimbursable or nonreimbursable basis.
“(e)
“(1) an assessment of the capabilities of the current workforce;
“(2) an examination of issues of recruiting, retention, and the professional development of such workforce, including the possibility of providing retention bonuses or other forms of compensation;
“(3) an assessment of the benefits of outreach and training with both private industry and academic institutions with respect to such workforce;
“(4) an assessment of the impact of the establishment of the Department of Defense Cyber Command on such workforce;
“(5) an examination of best practices for making the intelligence community workforce aware of cybersecurity best practices and principles; and
“(6) strategies for addressing such other matters as the Director of National Intelligence considers necessary to the cybersecurity of the intelligence community.
“(f)
“(1)
“(A) improving the ability of the intelligence community to detect hostile actions and attribute attacks to specific parties;
“(B) the need for data retention requirements to assist the intelligence community and law enforcement agencies;
“(C) improving the ability of the intelligence community to anticipate nontraditional targets of foreign intelligence services; and
“(D) the adequacy of existing criminal statutes to successfully deter cyber attacks, including statutes criminalizing the facilitation of criminal acts, the scope of laws for which a cyber crime constitutes a predicate offense, trespassing statutes, data breach notification requirements, and victim restitution statutes.
“(2)
“(g)
“(h)
“(1)
“(A) screened by a cybersecurity system outside of the department or agency of the United States that was the intended recipient of the personally identifiable data;
“(B) transferred, for the purpose of cybersecurity, outside the department or agency of the United States that was the intended recipient of the personally identifiable data; or
“(C) transferred, for the purpose of cybersecurity, to an element of the intelligence community.
“(2)
“(3)
[For definition of “intelligence community” as used in section 336 of Pub. L. 111–259, set out above, see section 2 of Pub. L. 111–259, set out as a note under section 3003 of Title 50, War and National Defense.]
TREATMENT OF INCUMBENT UNDER SECRETARY FOR INTELLIGENCE AND ANALYSISPub. L. 110–53, title V, §531(c), Aug. 3, 2007, 121 Stat. 335, provided that: “The individual administratively performing the duties of the Under Secretary for Intelligence and Analysis as of the date of the enactment of this Act [Aug. 3, 2007] may continue to perform such duties after the date on which the President nominates an individual to serve as the Under Secretary pursuant to section 201 of the Homeland Security Act of 2002 [6 U.S.C. 121], as amended by this section, and until the individual so appointed assumes the duties of the position.”
REPORTS TO BE SUBMITTED TO CERTAIN COMMITTEESPub. L. 110–53, title XXIV, §2403, Aug. 3, 2007, 121 Stat. 547, provided that: “The Committee on Commerce, Science, and Transportation of the Senate shall receive the reports required by the following provisions of law in the same manner and to the same extent that the reports are to be received by the Committee on Homeland Security and Governmental Affairs of the Senate:
“(1) Section 1016(j)(1) of the Intelligence Reform and Terrorist [Terrorism] Prevention Act of 2004 (6 U.S.C. 485(j)(1)).
“(2) Section 511(d) of this Act [121 Stat. 323].
“(3) Subsection (a)(3)(D) of section 2022 of the Homeland Security Act of 2002 [6 U.S.C. 612(a)(3)(D)], as added by section 101 of this Act.
“(4) Section 7215(d) of the Intelligence Reform and Terrorism Prevention Act of 2004 (6 U.S.C. 123(d)).
“(5) Section 7209(b)(1)(C) of the Intelligence Reform and Terrorism Prevention Act of 2004 [Pub. L. 108–458] (8 U.S.C. 1185 note).
“(6) Section 804(c) of this Act [42 U.S.C. 2000ee–3(c)].
“(7) Section 901(b) of this Act [121 Stat. 370].
“(8) Section 1002(a) of this Act [amending this section].
“(9) Title III of this Act [enacting sections 579 and 580 of this title and amending sections 194 and 572 of this title].”
SECURITY MANAGEMENT SYSTEMS DEMONSTRATION PROJECTPub. L. 110–53, title XXIV, §2404, Aug. 3, 2007, 121 Stat. 548, provided that:
“(a)
“(1) establish a demonstration project to conduct demonstrations of security management systems that—
“(A) shall use a management system standards approach; and
“(B) may be integrated into quality, safety, environmental and other internationally adopted management systems; and
“(2) enter into one or more agreements with a private sector entity to conduct such demonstrations of security management systems.
“(b)
Ex. Ord. No. 13231, Oct. 16, 2001, 66 F.R. 53063, as amended by Ex. Ord. No. 13284, §2, Jan. 23, 2003, 68 F.R. 4075; Ex. Ord. No. 13286, §7, Feb. 28, 2003, 68 F.R. 10620; Ex. Ord. No. 13385, §5, Sept. 29, 2005, 70 F.R. 57990; Ex. Ord. No. 13652, §6, Sept. 30, 2013, 78 F.R. 61818, provided:
By the authority vested in me as President by the Constitution and the laws of the United States of America, and in order to ensure protection of information systems for critical infrastructure, including emergency preparedness communications and the physical assets that support such systems, in the information age, it is hereby ordered as follows:
(a) Executive Branch Information Systems Security. The Director of the Office of Management and Budget (OMB) has the responsibility to develop and oversee the implementation of government-wide policies, principles, standards, and guidelines for the security of information systems that support the executive branch departments and agencies, except those noted in section 2(b) of this order. The Director of OMB shall advise the President and the appropriate department or agency head when there is a critical deficiency in the security practices within the purview of this section in an executive branch department or agency.
(b) National Security Information Systems. The Secretary of Defense and the Director of Central Intelligence (DCI) shall have responsibility to oversee, develop, and ensure implementation of policies, principles, standards, and guidelines for the security of information systems that support the operations under their respective control. In consultation with the Assistant to the President for National Security Affairs and the affected departments and agencies, the Secretary of Defense and the DCI shall develop policies, principles, standards, and guidelines for the security of national security information systems that support the operations of other executive branch departments and agencies with national security information.
(i) Policies, principles, standards, and guidelines developed under this subsection may require more stringent protection than those developed in accordance with section 2(a) of this order.
(ii) The Assistant to the President for National Security Affairs shall advise the President and the appropriate department or agency when there is a critical deficiency in the security practices of a department or agency within the purview of this section.
(iii) National Security Systems. The National Security Telecommunications and Information Systems Security Committee, as established by and consistent with NSD–42 and chaired by the Department of Defense, shall be designated as the “Committee on National Security Systems.”
(c) Additional Responsibilities. The heads of executive branch departments and agencies are responsible and accountable for providing and maintaining adequate levels of security for information systems, including emergency preparedness communications systems, for programs under their control. Heads of such departments and agencies shall ensure the development and, within available appropriations, funding of programs that adequately address these mission systems, especially those critical systems that support the national security and other essential government programs. Additionally, security should enable, and not unnecessarily impede, department and agency business operations.
(a) Membership. The NIAC shall be composed of not more than 30 members appointed by the President, taking appropriate account of the benefits of having members:
(i) from the private sector, including individuals with experience in banking and finance, transportation, energy, water, communications, health care services, food and agriculture, government facilities, emergency services organizations, institutions of higher education, environmental and climate resilience, and State, local, and tribal governments;
(ii) with senior executive leadership responsibilities for the availability and reliability, including security and resilience, of critical infrastructure sectors;
(iii) with expertise relevant to the functions of the NIAC; and
(iv) with experience equivalent to that of a chief executive of an organization.
Unless otherwise determined by the President, no full-time officer or employee of the executive branch shall be appointed to serve as a member of the NIAC. The President shall designate from among the members of the NIAC a Chair and a Vice Chair, who shall perform the functions of the Chair if the Chair is absent or disabled, or in the instance of a vacancy in the Chair.
(b) Functions of the NIAC. The NIAC shall meet periodically to:
(i) enhance the partnership of the public and private sectors in securing and enhancing the security and resilience of critical infrastructure and their supporting functional systems, physical assets, and cyber networks, and provide reports on this issue to the President, through the Secretary of Homeland Security, as appropriate;
(ii) propose and develop ways to encourage private industry to perform periodic risk assessments and implement risk-reduction programs;
(iii) monitor the development and operations of critical infrastructure sector coordinating councils and their information-sharing mechanisms and provide recommendations to the President, through the Secretary of Homeland Security, on how these organizations can best foster improved cooperation among the sectors, the Department of Homeland Security, and other Federal Government entities;
(iv) report to the President through the Secretary of Homeland Security, who shall ensure appropriate coordination with the Assistant to the President for Homeland Security and Counterterrorism, the Assistant to the President for Economic Policy, and the Assistant to the President for National Security Affairs under the terms of this order; and
(v) advise sector-specific agencies with critical infrastructure responsibilities to include issues pertaining to sector and government coordinating councils and their information sharing mechanisms.
In implementing this order, the NIAC shall not advise or otherwise act on matters pertaining to National Security and Emergency Preparedness (NS/EP) Communications and, with respect to any matters to which the NIAC is authorized by this order to provide advice or otherwise act on that may depend on or affect NS/EP Communications, shall coordinate with the National Security and Telecommunications Advisory Committee established by Executive Order 12382 of September 13, 1982, as amended.
(c) Administration of the NIAC.
(i) The NIAC may hold hearings, conduct inquiries, and establish subcommittees, as appropriate.
(ii) Upon request of the Chair, and to the extent permitted by law, the heads of the executive departments and agencies shall provide the NIAC with information and advice relating to its functions.
(iii) Senior Federal Government officials may participate in the meetings of the NIAC, as appropriate.
(iv) Members shall serve without compensation for their work on the NIAC. However, members may be reimbursed for travel expenses, including per diem in lieu of subsistence, as authorized by law for persons serving intermittently in Federal Government service (5 U.S.C. 5701–5707).
(v) To the extent permitted by law and subject to the availability of appropriations, the Department of Homeland Security shall provide the NIAC with administrative services, staff, and other support services, and such funds as may be necessary for the performance of the NIAC's functions.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2005, by Ex. Ord. No. 13316, Sept. 17, 2003, 68 F.R. 55255, formerly set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5, Government Organizations and Employees.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2007, by Ex. Ord. No. 13385, Sept. 29, 2005, 70 F.R. 57989, formerly set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2009, by Ex. Ord. No. 13446, Sept. 28, 2007, 72 F.R. 56175, formerly set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2011, by Ex. Ord. No. 13511, Sept. 29, 2009, 74 F.R. 50909, formerly set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2013, by Ex. Ord. No. 13585, Sept. 30, 2011, 76 F.R. 62281, formerly set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5.
Term of National Infrastructure Advisory Council extended until Sept. 30, 2015, by Ex. Ord. No. 13652, Sept. 30, 2013, 78 F.R. 61817, set out as a note under section 14 of the Federal Advisory Committee Act in the Appendix to Title 5.
EX. ORD. NO. 13284. AMENDMENT OF EXECUTIVE ORDERS, AND OTHER ACTIONS, IN CONNECTION WITH THE ESTABLISHMENT OF THE DEPARTMENT OF HOMELAND SECURITYEx. Ord. No. 13284, Jan. 23, 2003, 68 F.R. 4075, provided:
By the authority vested in me as President by the Constitution and the laws of the United States of America, including the Homeland Security Act of 2002 (Public Law 107–296) [see Tables for classification], and the National Security Act of 1947, as amended (50 U.S.C. 401 et seq.) [now 50 U.S.C. 3001 et seq.], and in order to reflect responsibilities vested in the Secretary of Homeland Security and take other actions in connection with the establishment of the Department of Homeland Security, it is hereby ordered as follows:
The Secretary of Homeland Security, the Deputy Secretary of Homeland Security, the Under Secretary for Information Analysis and Infrastructure Protection, Department of Homeland Security, and the Assistant Secretary for Information Analysis, Department of Homeland Security, each shall be considered a “Senior Official of the Intelligence Community” for purposes of Executive Order 12333 [50 U.S.C. 3001 note], and all other relevant authorities, and shall:
(a) recognize and give effect to all current clearances for access to classified information held by those who become employees of the Department of Homeland Security by operation of law pursuant to the Homeland Security Act of 2002 or by Presidential appointment;
(b) recognize and give effect to all current clearances for access to classified information held by those in the private sector with whom employees of the Department of Homeland Security may seek to interact in the discharge of their homeland security-related responsibilities;
(c) make all clearance and access determinations pursuant to Executive Order 12968 of August 2, 1995 [50 U.S.C. 3161 note], or any successor Executive Order, as to employees of, and applicants for employment in, the Department of Homeland Security who do not then hold a current clearance for access to classified information; and
(d) ensure all clearance and access determinations for those in the private sector with whom employees of the Department of Homeland Security may seek to interact in the discharge of their homeland security-related responsibilities are made in accordance with Executive Order 12829 of January 6, 1993 [50 U.S.C. 3161 note].
George W. Bush.
EX. ORD. NO. 13636. IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITYEx. Ord. No. 13636, Feb. 12, 2013, 78 F.R. 11739, provided:
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
(b) The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a process that rapidly disseminates the reports produced pursuant to section 4(a) of this order to the targeted entity. Such process shall also, consistent with the need to protect national security information, include the dissemination of classified reports to critical infrastructure entities authorized to receive them. The Secretary and the Attorney General, in coordination with the Director of National Intelligence, shall establish a system for tracking the production, dissemination, and disposition of these reports.
(c) To assist the owners and operators of critical infrastructure in protecting their systems from unauthorized access, exploitation, or harm, the Secretary, consistent with 6 U.S.C. 143 and in collaboration with the Secretary of Defense, shall, within 120 days of the date of this order, establish procedures to expand the Enhanced Cybersecurity Services program to all critical infrastructure sectors. This voluntary information sharing program will provide classified cyber threat and technical information from the Government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.
(d) The Secretary, as the Executive Agent for the Classified National Security Information Program created under Executive Order 13549 of August 18, 2010 (Classified National Security Information Program for State, Local, Tribal, and Private Sector Entities), shall expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators, prioritizing the critical infrastructure identified in section 9 of this order.
(e) In order to maximize the utility of cyber threat information sharing with the private sector, the Secretary shall expand the use of programs that bring private sector subject-matter experts into Federal service on a temporary basis. These subject matter experts should provide advice regarding the content, structure, and types of information most useful to critical infrastructure owners and operators in reducing and mitigating cyber risks.
(b) The Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of the Department of Homeland Security (DHS) shall assess the privacy and civil liberties risks of the functions and programs undertaken by DHS as called for in this order and shall recommend to the Secretary ways to minimize or mitigate such risks, in a publicly available report, to be released within 1 year of the date of this order. Senior agency privacy and civil liberties officials for other agencies engaged in activities under this order shall conduct assessments of their agency activities and provide those assessments to DHS for consideration and inclusion in the report. The report shall be reviewed on an annual basis and revised as necessary. The report may contain a classified annex if necessary. Assessments shall include evaluation of activities against the Fair Information Practice Principles and other applicable privacy and civil liberties policies, principles, and frameworks. Agencies shall consider the assessments and recommendations of the report in implementing privacy and civil liberties protections for agency activities.
(c) In producing the report required under subsection (b) of this section, the Chief Privacy Officer and the Officer for Civil Rights and Civil Liberties of DHS shall consult with the Privacy and Civil Liberties Oversight Board and coordinate with the Office of Management and Budget (OMB).
(d) Information submitted voluntarily in accordance with 6 U.S.C. 133 by private entities under this order shall be protected from disclosure to the fullest extent permitted by law.
(b) The Cybersecurity Framework shall provide a prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk. The Cybersecurity Framework shall focus on identifying cross-sector security standards and guidelines applicable to critical infrastructure. The Cybersecurity Framework will also identify areas for improvement that should be addressed through future collaboration with particular sectors and standards-developing organizations. To enable technical innovation and account for organizational differences, the Cybersecurity Framework will provide guidance that is technology neutral and that enables critical infrastructure sectors to benefit from a competitive market for products and services that meet the standards, methodologies, procedures, and processes developed to address cyber risks. The Cybersecurity Framework shall include guidance for measuring the performance of an entity in implementing the Cybersecurity Framework.
(c) The Cybersecurity Framework shall include methodologies to identify and mitigate impacts of the Cybersecurity Framework and associated information security measures or controls on business confidentiality, and to protect individual privacy and civil liberties.
(d) In developing the Cybersecurity Framework, the Director shall engage in an open public review and comment process. The Director shall also consult with the Secretary, the National Security Agency, Sector-Specific Agencies and other interested agencies including OMB, owners and operators of critical infrastructure, and other stakeholders through the consultative process established in section 6 of this order. The Secretary, the Director of National Intelligence, and the heads of other relevant agencies shall provide threat and vulnerability information and technical expertise to inform the development of the Cybersecurity Framework. The Secretary shall provide performance goals for the Cybersecurity Framework informed by work under section 9 of this order.
(e) Within 240 days of the date of this order, the Director shall publish a preliminary version of the Cybersecurity Framework (the “preliminary Framework”). Within 1 year of the date of this order, and after coordination with the Secretary to ensure suitability under section 8 of this order, the Director shall publish a final version of the Cybersecurity Framework (the “final Framework”).
(f) Consistent with statutory responsibilities, the Director will ensure the Cybersecurity Framework and related guidance is reviewed and updated as necessary, taking into consideration technological changes, changes in cyber risks, operational feedback from owners and operators of critical infrastructure, experience from the implementation of section 8 of this order, and any other relevant factors.
(b) Sector-Specific Agencies, in consultation with the Secretary and other interested agencies, shall coordinate with the Sector Coordinating Councils to review the Cybersecurity Framework and, if necessary, develop implementation guidance or supplemental materials to address sector-specific risks and operating environments.
(c) Sector-Specific Agencies shall report annually to the President, through the Secretary, on the extent to which owners and operators notified under section 9 of this order are participating in the Program.
(d) The Secretary shall coordinate establishment of a set of incentives designed to promote participation in the Program. Within 120 days of the date of this order, the Secretary and the Secretaries of the Treasury and Commerce each shall make recommendations separately to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs, that shall include analysis of the benefits and relative effectiveness of such incentives, and whether the incentives would require legislation or can be provided under existing law and authorities to participants in the Program.
(e) Within 120 days of the date of this order, the Secretary of Defense and the Administrator of General Services, in consultation with the Secretary and the Federal Acquisition Regulatory Council, shall make recommendations to the President, through the Assistant to the President for Homeland Security and Counterterrorism and the Assistant to the President for Economic Affairs, on the feasibility, security benefits, and relative merits of incorporating security standards into acquisition planning and contract administration. The report shall address what steps can be taken to harmonize and make consistent existing procurement requirements related to cybersecurity.
(b) Heads of Sector-Specific Agencies and other relevant agencies shall provide the Secretary with information necessary to carry out the responsibilities under this section. The Secretary shall develop a process for other relevant stakeholders to submit information to assist in making the identifications required in subsection (a) of this section.
(c) The Secretary, in coordination with Sector-Specific Agencies, shall confidentially notify owners and operators of critical infrastructure identified under subsection (a) of this section that they have been so identified, and ensure identified owners and operators are provided the basis for the determination. The Secretary shall establish a process through which owners and operators of critical infrastructure may submit relevant information and request reconsideration of identifications under subsection (a) of this section.
(b) If current regulatory requirements are deemed to be insufficient, within 90 days of publication of the final Framework, agencies identified in subsection (a) of this section shall propose prioritized, risk-based, efficient, and coordinated actions, consistent with Executive Order 12866 of September 30, 1993 (Regulatory Planning and Review), Executive Order 13563 of January 18, 2011 (Improving Regulation and Regulatory Review), and Executive Order 13609 of May 1, 2012 (Promoting International Regulatory Cooperation), to mitigate cyber risk.
(c) Within 2 years after publication of the final Framework, consistent with Executive Order 13563 and Executive Order 13610 of May 10, 2012 (Identifying and Reducing Regulatory Burdens), agencies identified in subsection (a) of this section shall, in consultation with owners and operators of critical infrastructure, report to OMB on any critical infrastructure subject to ineffective, conflicting, or excessively burdensome cybersecurity requirements. This report shall describe efforts made by agencies, and make recommendations for further actions, to minimize or eliminate such requirements.
(d) The Secretary shall coordinate the provision of technical assistance to agencies identified in subsection (a) of this section on the development of their cybersecurity workforce and programs.
(e) Independent regulatory agencies with responsibility for regulating the security of critical infrastructure are encouraged to engage in a consultative process with the Secretary, relevant Sector-Specific Agencies, and other affected parties to consider prioritized actions to mitigate cyber risks for critical infrastructure consistent with their authorities.
(b) “Critical Infrastructure Partnership Advisory Council” means the council established by DHS under 6 U.S.C. 451 to facilitate effective interaction and coordination of critical infrastructure protection activities among the Federal Government; the private sector; and State, local, territorial, and tribal governments.
(c) “Fair Information Practice Principles” means the eight principles set forth in Appendix A of the National Strategy for Trusted Identities in Cyberspace.
(d) “Independent regulatory agency” has the meaning given the term in 44 U.S.C. 3502(5).
(e) “Sector Coordinating Council” means a private sector coordinating council composed of representatives of owners and operators within a particular sector of critical infrastructure established by the National Infrastructure Protection Plan or any successor.
(f) “Sector-Specific Agency” has the meaning given the term in Presidential Policy Directive–21 of February 12, 2013 (Critical Infrastructure Security and Resilience), or any successor.
(b) Nothing in this order shall be construed to impair or otherwise affect the functions of the Director of OMB relating to budgetary, administrative, or legislative proposals.
(c) All actions taken pursuant to this order shall be consistent with requirements and authorities to protect intelligence and law enforcement sources and methods. Nothing in this order shall be interpreted to supersede measures established under authority of law to protect the security and integrity of specific activities and associations that are in direct support of intelligence and law enforcement operations.
(d) This order shall be implemented consistent with U.S. international obligations.
(e) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
Barack Obama.
EX. ORD. NO. 13650. IMPROVING CHEMICAL FACILITY SAFETY AND SECURITYEx. Ord. No. 13650, Aug. 1, 2013, 78 F.R. 48029, provided:
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:
(i) the Department of Justice;
(ii) the Department of Agriculture; and
(iii) the Department of Transportation.
(b) In carrying out its responsibilities under this order, the Working Group shall consult with representatives from:
(i) the Council on Environmental Quality;
(ii) the National Security Staff;
(iii) the Domestic Policy Council;
(iv) the Office of Science and Technology Policy;
(v) the Office of Management and Budget (OMB);
(vi) the White House Office of Cabinet Affairs; and
(vii) such other agencies and offices as the President may designate.
(c) The Working Group shall meet no less than quarterly to discuss the status of efforts to implement this order. The Working Group is encouraged to invite other affected agencies, such as the Nuclear Regulatory Commission, to attend these meetings as appropriate. Additionally, the Working Group shall provide, within 270 days of the date of this order, a status report to the President through the Chair of the Council on Environmental Quality and the Assistant to the President for Homeland Security and Counterterrorism.
(i) identify ways to improve coordination among the Federal Government, first responders, and State, local, and tribal entities;
(ii) take into account the capabilities, limitations, and needs of the first responder community;
(iii) identify ways to ensure that State homeland security advisors, State Emergency Response Commissions (SERCs), Tribal Emergency Response Commissions (TERCs), Local Emergency Planning Committees (LEPCs), Tribal Emergency Planning Committees (TEPCs), State regulators, and first responders have ready access to key information in a useable format, including by thoroughly reviewing categories of chemicals for which information is provided to first responders and the manner in which it is made available, so as to prevent, prepare for, and respond to chemical incidents;
(iv) identify areas, in collaboration with State, local, and tribal governments and private sector partners, where joint collaborative programs can be developed or enhanced, including by better integrating existing authorities, jurisdictional responsibilities, and regulatory programs in order to achieve a more comprehensive engagement on chemical risk management;
(v) identify opportunities and mechanisms to improve response procedures and to enhance information sharing and collaborative planning between chemical facility owners and operators, TEPCs, LEPCs, and first responders;
(vi) working with the National Response Team (NRT) and Regional Response Teams (RRTs), identify means for Federal technical assistance to support developing, implementing, exercising, and revising State, local, and tribal emergency contingency plans, including improved training; and
(vii) examine opportunities to improve public access to information about chemical facility risks consistent with national security needs and appropriate protection of confidential business information.
(b) Within 90 days of the date of this order, the Attorney General, through the head of the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), shall assess the feasibility of sharing data related to the storage of explosive materials with SERCs, TEPCs, and LEPCs.
(c) Within 90 days of the date of this order, the Secretary of Homeland Security shall assess the feasibility of sharing Chemical Facility Anti-Terrorism Standards (CFATS) data with SERCs, TEPCs, and LEPCs on a categorical basis.
(a) Within 45 days of the date of this order, the Working Group shall deploy a pilot program, involving the EPA, Department of Labor, Department of Homeland Security, and any other appropriate agency, to validate best practices and to test innovative methods for Federal interagency collaboration regarding chemical facility safety and security. The pilot program shall operate in at least one region and shall integrate regional Federal, State, local, and tribal assets, where appropriate. The pilot program shall include innovative and effective methods of collecting, storing, and using facility information, stakeholder outreach, inspection planning, and, as appropriate, joint inspection efforts. The Working Group shall take into account the results of the pilot program in developing integrated standard operating procedures pursuant to subsection (b) of this section.
(b) Within 270 days of the date of this order, the Working Group shall create comprehensive and integrated standard operating procedures for a unified Federal approach for identifying and responding to risks in chemical facilities (including during pre-inspection, inspection execution, post-inspection, and post-accident investigation activities), incident reporting and response procedures, enforcement, and collection, storage, and use of facility information. This effort shall reflect best practices and shall include agency-to-agency referrals and joint inspection procedures where possible and appropriate, as well as consultation with the Federal Emergency Management Agency on post-accident response activities.
(c) Within 90 days of the date of this order, the Working Group shall consult with the Chemical Safety Board (CSB) and determine what, if any, changes are required to existing memorandums of understanding (MOUs) and processes between EPA and CSB, ATF and CSB, and the Occupational Safety and Health Administration and CSB for timely and full disclosure of information. To the extent appropriate, the Working Group may develop a single model MOU with CSB in lieu of existing agreements.
(a) Within 90 days of the date of this order, the Working Group shall develop an analysis, including recommendations, on the potential to improve information collection by and sharing between agencies to help identify chemical facilities which may not have provided all required information or may be non-compliant with Federal requirements to ensure chemical facility safety. This analysis should consider ongoing data-sharing efforts, other federally collected information, and chemical facility reporting among agencies (including information shared with State, local, and tribal governments).
(b) Within 180 days of the date of this order, the Working Group shall produce a proposal for a coordinated, flexible data-sharing process which can be utilized to track data submitted to agencies for federally regulated chemical facilities, including locations, chemicals, regulated entities, previous infractions, and other relevant information. The proposal shall allow for the sharing of information with and by State, local, and tribal entities where possible, consistent with section 3 of this order, and shall address computer-based and non-computer-based means for improving the process in the short-term, if they exist.
(c) Within 180 days of the date of this order, the Working Group shall identify and recommend possible changes to streamline and otherwise improve data collection to meet the needs of the public and Federal, State, local, and tribal agencies (including those charged with protecting workers and the public), consistent with the Paperwork Reduction Act and other relevant authorities, including opportunities to lessen the reporting burden on regulated industries. To the extent feasible, efforts shall minimize the duplicative collection of information while ensuring that pertinent information is shared with all key entities.
(i) within 90 days of the date of this order, develop options for improved chemical facility safety and security that identifies improvements to existing risk management practices through agency programs, private sector initiatives, Government guidance, outreach, standards, and regulations;
(ii) within 90 days of developing the options described in subsection (a)(i) of this section, engage key stakeholders to discuss the options and other means to improve chemical risk management that may be available; and
(iii) within 90 days of completing the outreach and consultation effort described in subsection (a)(ii) of this section, develop a plan for implementing practical and effective improvements to chemical risk management identified pursuant to subsections (a)(i) and (ii) of this section.
(b) Within 90 days of the date of this order, the Secretary of Homeland Security, the Secretary of Labor, and the Secretary of Agriculture shall develop a list of potential regulatory and legislative proposals to improve the safe and secure storage, handling, and sale of ammonium nitrate and identify ways in which ammonium nitrate safety and security can be enhanced under existing authorities.
(c) Within 90 days of the date of this order, the Administrator of EPA and the Secretary of Labor shall review the chemical hazards covered by the Risk Management Program (RMP) and the Process Safety Management Standard (PSM) and determine if the RMP or PSM can and should be expanded to address additional regulated substances and types of hazards. In addition, the EPA and the Department of Labor shall develop a plan, including a timeline and resource requirements, to expand, implement, and enforce the RMP and PSM in a manner that addresses the additional regulated substances and types of hazards.
(d) Within 90 days of the date of this order, the Secretary of Homeland Security shall identify a list of chemicals, including poisons and reactive substances, that should be considered for addition to the CFATS Chemicals of Interest list.
(e) Within 90 days of the date of this order, the Secretary of Labor shall:
(i) identify any changes that need to be made in the retail and commercial grade exemptions in the PSM Standard; and
(ii) issue a Request for Information designed to identify issues related to modernization of the PSM Standard and related standards necessary to meet the goal of preventing major chemical accidents.
(b) Nothing in this order shall be construed to impair or otherwise affect:
(i) the authority granted by law to a department, agency, or the head thereof; or
(ii) the functions of the Director of OMB relating to budgetary, administrative, or legislative proposals.
(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person.
Barack Obama.
Disclaimer: These codes may not be the most recent version. The United States Government Printing Office may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the US site. Please check official sources.