State Department: Condemning Cyber-Attack by North Korea

via United States State Department:

Condemning Cyber-Attack by North Korea
Press Statement
John Kerry
Secretary of State
Washington, DC
December 19, 2014

The United States condemns North Korea for the cyber-attack targeting Sony Pictures Entertainment and the unacceptable threats against movie theatres and moviegoers. These actions are a brazen attempt by an isolated regime to suppress free speech and stifle the creative expression of artists beyond the borders of its own country.

Freedom of expression is at the center of America’s values and a founding principle of our Bill of Rights. We’re a country where artists openly mock and criticize the powerful, including our own government. We don’t always like what they say about us or about others, and sometimes we’re even deeply offended. But those offenses have always taken a backseat to freedom of expression. That’s why the United States is and always will be a staunch advocate for and protector of the right of artists to express themselves freely and creatively. Whatever one’s system of government or views about free expression, there is absolutely no justification whatsoever for an attack like this.

We are deeply concerned about the destructive nature of this state sponsored cyber-attack targeting a commercial entity and its employees in the United States. These lawless acts of intimidation demonstrate North Korea’s flagrant disregard for international norms. Threats in cyberspace pose one of the greatest national security challenges to the United States, and North Korea’s actions – intended to inflict significant economic damage and suppress free speech – are well beyond the bounds of acceptable state behavior in cyberspace. This provocative and unprecedented attack and subsequent threats only strengthen our resolve to continue to work with partners around the world to strengthen cybersecurity, promote norms of acceptable state behavior, uphold freedom of expression, and ensure that the Internet remains open, interoperable, secure and reliable. We encourage our allies and partners to stand with us as we defend the values of all of our people in the face of state-sponsored intimidation.

 

UNGA Res 69/85. International cooperation in the peaceful uses of outer space

The United Nations General Assembly passed Resolution 69/85. International Cooperation in the peaceful uses of outer space on December 16, 2014:

Resolution adopted by the General Assembly on 5 December 2014

[on the report of the Special Political and Decolonization Committee
(Fourth Committee) (A/69/452)
]

69/85.      International cooperation in the peaceful uses of outer space

 

 

        The General Assembly,

Recalling its resolutions 51/122 of 13 December 1996, 54/68 of 6 December 1999, 59/2 of 20 October 2004, 61/110 and 61/111 of 14 December 2006, 62/101 of 17 December 2007, 62/217 of 22 December 2007, 65/97 of 10 December 2010, 65/271 of 7 April 2011, 66/71 of 9 December 2011, 67/113 of 18 December 2012, 68/50 of 5 December 2013 and 68/74 and 68/75 of 11 December 2013,

Emphasizing the significant progress in the development of space science and technology and their applications that has enabled humans to explore the universe, and the extraordinary achievements made over the past 50 years in space exploration efforts, including deepening the understanding of the planetary system and the Sun and the Earth itself, in the use of space science and technology for the benefit of all humankind and in the development of the international legal regime governing space activities, and recognizing in that regard the unique platform at the global level for international cooperation in space activities represented by the Committee on the Peaceful Uses of Outer Space and its subsidiary bodies and assisted by the Office for Outer Space Affairs of the Secretariat,

Deeply convinced of the common interest of all humankind in promoting and expanding the exploration and use of outer space, as the province of all humankind, for peaceful purposes and in continuing efforts to extend to all States the benefits derived therefrom, and also of the importance of international cooperation in this field, for which the United Nations should continue to provide a focal point,

Reaffirming the importance of international cooperation in developing the rule of law, including the relevant norms of space law and their important role in international cooperation for the exploration and use of outer space for peaceful purposes, and of the widest possible adherence to international treaties that promote the peaceful uses of outer space in order to meet emerging new challenges, especially for developing countries,

Seriously concerned about the possibility of an arms race in outer space, and bearing in mind the importance of article IV of the Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies,[1]

Recognizing that all States, in particular those with major space capabilities, should contribute actively to the prevention of an arms race in outer space with a view to promoting and strengthening international cooperation in the exploration and use of outer space for peaceful purposes,

Deeply concerned about the fragility of the space environment and the challenges to the long-term sustainability of outer space activities, in particular the impact of space debris which is an issue of concern to all nations,

Noting the progress achieved in the development of peaceful space exploration and applications as well as in various national and cooperative space projects, and the importance of further developing the legal framework to strengthen international cooperation in space,

Convinced that space science and technology and their applications, such as satellite communications, Earth observation systems and satellite navigation technologies, provide indispensable tools for viable long-term solutions for sustainable development and can contribute more effectively to efforts to promote the development of all countries and regions of the world, and stressing in that regard the need to harness the benefits of space technology towards implementing and monitoring the United Nations Millennium Declaration[2] and contributing to the post‑2015 development agenda process,

Seriously concerned about the devastating impact of disasters,[3] and desirous of enhancing international coordination and cooperation at the global level in disaster management and emergency response through greater access to and use of space-based services and geospatial information for all countries and facilitating capacity-building and institutional strengthening for disaster management, in particular in developing countries,

Firmly convinced that the use of space science and technology and their applications in areas such as tele-health, tele-education, disaster management, environmental protection, natural resources management and climate monitoring contribute to achieving the objectives of the global conferences of the United Nations that address various aspects of economic, social and cultural development, particularly poverty eradication,

Deeply concerned about the devastating effects of infectious diseases, in particular Ebola virus disease, to the detriment of human life, society and development, and urging the international community, in particular scientific and academic institutions, to undertake studies on the role of tele-epidemiology in monitoring, preparedness and response activities,

Recalling, in that regard, the fact that the United Nations Conference on Sustainable Development, held in Rio de Janeiro, Brazil, from 20 to 22 June 2012, recognized the important role that space science and technology play in promoting sustainable development,[4]

Having considered the report of the Committee on the Peaceful Uses of Outer Space on the work of its fifty-seventh session,[5]

  1. Endorses the report of the Committee on the Peaceful Uses of Outer Space on the work of its fifty-seventh session;5
  2. Agrees that the Committee, at its fifty-eighth session, should consider the substantive items recommended at its fifty-seventh session,[6] taking into account the concerns of all countries, in particular those of developing countries;
  3. Notes that, at its fifty-third session, the Legal Subcommittee of the Committee continued its work,[7] as mandated by the General Assembly in its resolution 68/75;
  4. Agrees that the Legal Subcommittee, at its fifty-fourth session, should consider the substantive items and reconvene the working groups recommended by the Committee,[8] taking into account the concerns of all countries, in particular those of developing countries;
  5. Urges States that have not yet become parties to the international treaties governing the uses of outer space[9] to give consideration to ratifying or acceding to those treaties in accordance with their national law, as well as incorporating them into their national legislation;
  6. Notes with satisfaction the conclusion by the Office for Outer Space Affairs of a space law curriculum, which could encourage further studies within States;
  7. Notes that, at its fifty-first session, the Scientific and Technical Subcommittee of the Committee continued its work,[10] as mandated by the General Assembly in its resolution 68/75;
  8. Agrees that the Scientific and Technical Subcommittee, at its fifty-second session, should consider the substantive items and reconvene the working groups recommended by the Committee,[11] taking into account the concerns of all countries, in particular those of developing countries;
  9. Notes the importance of information-sharing in discovering, monitoring and physically characterizing potentially hazardous near-Earth objects to ensure that all countries, in particular developing countries with limited capacity in predicting and mitigating a near-Earth object impact, are aware of potential threats, emphasizes the need for capacity-building for effective emergency response and disaster management in the event of a near-Earth object impact, and recalls in that regard the recommendations for an international response to the near-Earth object impact threat, endorsed by the Scientific and Technical Subcommittee at its fiftieth session and by the Committee at its fifty-sixth session;[12]
  10. Notes with satisfaction that progress on establishing an international asteroid warning network and a space mission planning advisory group to implement the recommendations for an international response to the near-Earth object impact threat would be reported to the Subcommittee at its fifty-second session;
  11. Notes with appreciation that some States are already implementing space debris mitigation measures on a voluntary basis, through national mechanisms and consistent with the Space Debris Mitigation Guidelines of the Inter-Agency Space Debris Coordination Committee and with the Space Debris Mitigation Guidelines of the Committee on the Peaceful Uses of Outer Space,[13] endorsed by the General Assembly in its resolution 62/217, and invites other States to implement, through relevant national mechanisms, the Space Debris Mitigation Guidelines of the Committee on the Peaceful Uses of Outer Space;
  12. Considers that it is essential that States pay more attention to the problem of collisions of space objects, especially those with nuclear power sources, with space debris, and other aspects of space debris, calls for the continuation of national research on this question, for the development of improved technology for the monitoring of space debris and for the compilation and dissemination of data on space debris, also considers that, to the extent possible, information thereon should be provided to the Scientific and Technical Subcommittee, and agrees that international cooperation is needed to expand appropriate and affordable strategies to minimize the impact of space debris on future space missions;
  13. Urges all States, in particular those with major space capabilities, to contribute actively to the goal of preventing an arms race in outer space as an essential condition for the promotion of international cooperation in the exploration and use of outer space for peaceful purposes;
  14. Requests the Committee to continue to consider, as a matter of priority, ways and means of maintaining outer space for peaceful purposes and to report thereon to the General Assembly at its seventieth session, and agrees that during its consideration of the matter the Committee could continue to consider ways to promote regional and interregional cooperation and the role that space technology could play in the implementation of recommendations of the United Nations Conference on Sustainable Development;
  15. Welcomes the fact that the Committee, at its fifty-seventh session, agreed to consider, under the item entitled “Ways and means of maintaining outer space for peaceful purposes”, the broader perspective of space security and associated matters that would be instrumental in ensuring the safe and responsible conduct of space activities, and to identify effective tools that could potentially provide the Committee with new guidance, in a pragmatic manner and without prejudice to the mandate of other intergovernmental forums, and notes with satisfaction that, in that regard, and in line with resolution 68/50, the Committee agreed to consider at its fifty-eighth session, in 2015, the recommendations contained in the report of the Group of Governmental Experts on Transparency and Confidence-Building Measures in Outer Space Activities,[14] with a view to identifying those recommendations that could, to the extent practicable, be adapted to and instrumental in ensuring the safety of space operations and the long-term sustainability of outer space activities in general;[15]
  16. Recognizes the central role of the Office for Outer Space Affairs in fostering capacity-building in the use of space science and technology and their applications for the benefit of all countries, in particular developing countries, and urges all Member States to contribute to the Trust Fund in Support of the United Nations Programme on the Peaceful Uses of Outer Space in order to enhance the capacity of the Office to provide technical and legal advisory services in its priority thematic areas;
  17. Endorses the United Nations Programme on Space Applications for 2015, as proposed to the Committee by the Expert on Space Applications and endorsed by the Committee;[16]
  18. Notes with satisfaction the significant achievements made and the advisory support provided to more than 30 Member States within the framework of the United Nations Platform for Space-based Information for Disaster Management and Emergency Response (UN-SPIDER), with the valuable contributions of its network of regional support offices, and encourages Member States, on a voluntary basis, to provide the programme with the additional resources necessary to address the increasing demand for support successfully and in a timely manner;
  19. Also notes with satisfaction the continuous progress made by the International Committee on Global Navigation Satellite Systems with the support of the Office for Outer Space Affairs, in its capacity as executive secretariat of the International Committee, towards achieving compatibility and interoperability among global and regional space-based positioning, navigation and timing systems and in the promotion of the use of global navigation satellite systems and their integration into national infrastructure, particularly in developing countries, and notes with appreciation that the International Committee held its ninth meeting in Prague from 10 to 14 November 2014;
  20. Notes with appreciation that the regional centres for space science and technology education, affiliated to the United Nations, namely, the African regional centres for space science and technology education in the French and English languages, located in Morocco and Nigeria, respectively, the Centre for Space Science and Technology Education in Asia and the Pacific, located in India, the Regional Centre for Space Science and Technology Education for Latin America and the Caribbean, with campuses located in Brazil and Mexico, and the Centre for Space Science and Technology Education for Western Asia, located in Jordan, have continued their education programmes in 2014, encourages the regional centres to continue to promote greater participation of women in their education programmes, and agrees that the regional centres should continue to report to the Committee on the Peaceful Uses of Outer Space on their activities;
  21. Notes with satisfaction the progress on the establishment of a new regional centre for space science and technology education in Asia and the Pacific located at Beihang University in Beijing;
  22. Emphasizes that regional and interregional cooperation in the field of space activities is essential to strengthen the peaceful uses of outer space, assist States in the development of their space capabilities and contribute to the achievement of the goals of the United Nations Millennium Declaration,2 to that end requests relevant regional organizations and their groups of experts to offer the assistance necessary so that countries can carry out the recommendations of regional conferences, and in that regard notes the importance of the equal participation of women in all fields of science and technology;
  23. Recognizes, in that regard, the important role played by conferences and other mechanisms in strengthening regional and international cooperation among States, such as the African Leadership Conference on Space Science and Technology for Sustainable Development, the Asia-Pacific Regional Space Agency Forum, the Space Conference of the Americas, a process that should not be interrupted, and the Asia-Pacific Space Cooperation Organization;
  24. Emphasizes the need to increase the benefits of space technology and its applications and to contribute to an orderly growth of space activities favourable to sustained economic growth and sustainable development in all countries, including strengthening sustainable spatial data infrastructure at the regional and national levels and building resilience to reduce the consequences of disasters, in particular in developing countries;
  25. Reiterates the need to promote the benefits of space technology and its applications in the major United Nations conferences and summits for economic, social and cultural development and related fields, and recognizes that the fundamental significance of space science and technology and their applications for global, regional, national and local sustainable development processes should be promoted in the formulation of policies and programmes of action and their implementation, including through efforts towards achieving the objectives of those conferences and summits, including implementing the Millennium Declaration and contributing to the post‑2015 development agenda process;
  26. Encourages Member States, to that end, to promote the inclusion in those conferences, summits and processes of the relevance of space science and technology applications and the use of space-derived geospatial data;
  27. Encourages the Office for Outer Space Affairs to take active part in those conferences, summits and processes, including the Third World Conference on Disaster Risk Reduction and the summit on the post‑2015 development agenda, both to be held in 2015, as appropriate and within existing resources;
  28. Urges the Inter-Agency Meeting on Outer Space Activities (UN-Space), under the leadership of the Office for Outer Space Affairs, to continue to examine how space science and technology and their applications could contribute to implementing the Millennium Declaration and to the post‑2015 development agenda process, and encourages entities of the United Nations system to participate, as appropriate, in UN-Space coordination efforts;
  29. Notes that, in accordance with the agreement reached by the Committee at its forty-sixth session on the measures relating to the future composition of the bureaux of the Committee and its subsidiary bodies,[17] on the basis of the measures relating to the working methods of the Committee and its subsidiary bodies,[18] the Asia-Pacific States, the Eastern European States, the Latin American and Caribbean States and the Western European and other States have nominated their candidates for the offices of Chair of the Scientific and Technical Subcommittee, First Vice-Chair of the Committee, Chair of the Legal Subcommittee and Chair of the Committee, respectively, for the period 2016–2017;[19]
  30. Urges the African States to nominate their candidate for the office of Second Vice-Chair/Rapporteur of the Committee for the period 2016–2017 before the next session of the Committee;
  31. Agrees that, upon the nomination of the candidate of the African States, the Committee and its subsidiary bodies, at their respective sessions in 2016, should elect their officers nominated for the period 2016–2017;
  32. Decides that Luxembourg shall become a member of the Committee;[20]
  33. Endorses the decision of the Committee to grant permanent observer status to the African Association of Remote Sensing of the Environment;[21]
  34. Encourages the regional groups to promote active participation in the work of the Committee and its subsidiary bodies by the States members of the Committee that are also members of the respective regional groups.

 

64th plenary meeting
5 December 2014

[1] United Nations, Treaty Series, vol. 610, No. 8843.

[2] Resolution 55/2.

[3] The term “disasters” refers to natural or technological disasters.

[4] Resolution 66/288, annex, para. 274.

[5] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20).

[6] Ibid., para. 393.

[7] Ibid., chap. II.C; and A/AC.105/1067.

[8] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20), paras. 283–285.

[9] Treaty on Principles Governing the Activities of States in the Exploration and Use of Outer Space, including the Moon and Other Celestial Bodies (United Nations, Treaty Series, vol. 610, No. 8843); Agreement on the Rescue of Astronauts, the Return of Astronauts and the Return of Objects Launched into Outer Space (United Nations, Treaty Series, vol. 672, No. 9574); Convention on International Liability for Damage Caused by Space Objects (United Nations, Treaty Series, vol. 961, No. 13810); Convention on Registration of Objects Launched into Outer Space (United Nations, Treaty Series, vol. 1023, No. 15020); and Agreement Governing the Activities of States on the Moon and Other Celestial Bodies (United Nations, Treaty Series, vol. 1363, No. 23002).

[10] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20), chap. II.B; and A/AC.105/1065.

[11] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20), paras. 209–211.

[12] Ibid., Sixty-eighth Session, Supplement No. 20 (A/68/20), para. 144; and A/AC.105/1038, para. 198, and annex III.

[13] Official Records of the General Assembly, Sixty-second Session, Supplement No. 20 (A/62/20), annex.

[14] A/68/189.

[15] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20), paras. 372 and 373.

[16] Ibid., para. 81; and A/AC.105/1062.

[17] Official Records of the General Assembly, Fifty-eighth Session, Supplement No. 20 (A/58/20), annex II, paras. 5–9.

[18] Ibid., Fifty-second Session, Supplement No. 20 (A/52/20), annex I; and ibid., Fifty-eighth Session, Supplement No. 20 (A/58/20), annex II, appendix III.

[19] Ibid., Sixty-ninth Session, Supplement No. 20 (A/69/20), paras. 381 and 382; and official communications from the Office for Outer Space Affairs to States members of the Committee dated 15 September and 7 October 2014.

[20] Official Records of the General Assembly, Sixty-ninth Session, Supplement No. 20 (A/69/20), para. 385.

[21] Ibid., para. 387.

 

 

 

SpaceX Completes First Milestone for Commercial Crew Transportation System | NASA

via NASA.

December 19, 2014

RELEASE 14-340

SpaceX Completes First Milestone for Commercial Crew Transportation System

Commercial Crew Transportation. The Mission is in Sight.

Image Credit: NASA

NASA has approved the completion of SpaceX’s first milestone in the company’s path toward launching crews to the International Space Station (ISS) from U.S. soil under a Commercial Crew Transportation Capability (CCtCap) contract with the agency.

During the Certification Baseline Review, SpaceX described its current design baseline including how the company plans to manufacture its Crew Dragon spacecraft and Falcon 9 v.1.1 rocket, then launch, fly, land and recover the crew. The company also outlined how it will achieve NASA certification of its system to enable transport of crews to and from the space station.

“This milestone sets the pace for the rigorous work ahead as SpaceX meets the certification requirements outlined in our contract,” said Kathy Lueders, manager of NASA’s Commercial Crew Program. “It is very exciting to see SpaceX’s proposed path to certification, including a flight test phase and completion of the system development.”

On Sept. 16, the agency unveiled its selection of SpaceX and Boeing to transport U.S. crews to and from the space station using their Crew Dragon and CST-100 spacecraft, respectively. These contracts will end the nation’s sole reliance on Russia and allow the station’s current crew of six to increase, enabling more research aboard the unique microgravity laboratory.

Under the CCtCap contracts, the companies will complete NASA certification of their human space transportation systems, including a crewed flight test with at least one NASA astronaut aboard, to verify the fully integrated rocket and spacecraft system can launch from the United States, maneuver in orbit, and dock to the space station, and validate its systems perform as expected.

Throughout the next few years, SpaceX will test its systems, materials and concept of operations to the limits to prove they are safe to transport astronauts to the station. Once certified, the Crew Dragon spacecraft and Falcon 9 v1.1 rocket will be processed and integrated inside a new hangar before being rolled out for launch. This will all take place at the historic Launch Complex 39A at NASA’s Kennedy Space Center in Florida.

The Crew Dragon is expected to be able to dock to the station for up to 210 days and serve as a 24-hour safe haven during an emergency in space.

“SpaceX designed the Dragon spacecraft with the ultimate goal of transporting people to space,” said Gwynne Shotwell, SpaceX President and Chief Operating Officer.  “Successful completion of the Certification Baseline Review represents a critical step in that effort—we applaud our team’s hard work to date and look forward to helping NASA return the transport of U.S. astronauts to American soil.”

By expanding the station crew size and enabling private companies to handle launches to low-Earth orbit — a region NASA has been visiting since 1962 — the nation’s space agency can focus on getting the most research and experience out of America’s investment in ISS. NASA also can expand its focus to develop the Space Launch System and Orion capsule for missions in the proving ground of deep space beyond the moon to advance the skills and techniques that will enable humans to explore Mars.

For more information on NASA’s Commercial Crew Program, visit:

http://www.nasa.gov/commercialcrew

-end-

Federal Information Security Modernization Act of 2014 (S. 2521) – GovTrack.us

Federal Information Security Modernization Act of 2014 was signed by on December 18, 2014:

One Hundred Thirteenth Congress

of the

United States of America

AT THE SECOND SESSION
Begun and held at the City of Washington on Friday,

the third day of January, two thousand and fourteen

An Act

To amend chapter 35 of title 44, United States Code, to provide for reform to Federal information security.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the `Federal Information Security Modernization Act of 2014′.
SEC. 2. FISMA REFORM.
(a) In General- Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting the following:
`SUBCHAPTER II–INFORMATION SECURITY

-`Sec. 3551. Purposes

`The purposes of this subchapter are to–
`(1) provide a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support Federal operations and assets;
`(2) recognize the highly networked nature of the current Federal computing environment and provide effective governmentwide management and oversight of the related information security risks, including coordination of information security efforts throughout the civilian, national security, and law enforcement communities;
`(3) provide for development and maintenance of minimum controls required to protect Federal information and information systems;
`(4) provide a mechanism for improved oversight of Federal agency information security programs, including through automated security tools to continuously diagnose and improve security;
`(5) acknowledge that commercially developed information security products offer advanced, dynamic, robust, and effective information security solutions, reflecting market solutions for the protection of critical information infrastructures important to the national defense and economic security of the nation that are designed, built, and operated by the private sector; and
`(6) recognize that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.
-`Sec. 3552. Definitions

`(a) In General- Except as provided under subsection (b), the definitions under section 3502 shall apply to this subchapter.
`(b) Additional Definitions- As used in this subchapter:
`(1) The term `binding operational directive’ means a compulsory direction to an agency that–
`(A) is for purposes of safeguarding Federal information and information systems from a known or reasonably suspected information security threat, vulnerability, or risk;
`(B) shall be in accordance with policies, principles, standards, and guidelines issued by the Director; and
`(C) may be revised or repealed by the Director if the direction issued on behalf of the Director is not in accordance with policies and principles developed by the Director.
`(2) The term `incident’ means an occurrence that–
`(A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or
`(B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.
`(3) The term `information security’ means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide–
`(A) integrity, which means guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity;
`(B) confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and
`(C) availability, which means ensuring timely and reliable access to and use of information.
`(4) The term `information technology’ has the meaning given that term in section 11101 of title 40.
`(5) The term `intelligence community’ has the meaning given that term in section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)).
`(6)(A) The term `national security system’ means any information system (including any telecommunications system) used or operated by an agency or by a contractor of an agency, or other organization on behalf of an agency–
`(i) the function, operation, or use of which–
`(I) involves intelligence activities;
`(II) involves cryptologic activities related to national security;
`(III) involves command and control of military forces;
`(IV) involves equipment that is an integral part of a weapon or weapons system; or
`(V) subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or
`(ii) is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept classified in the interest of national defense or foreign policy.
`(B) Subparagraph (A)(i)(V) does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications).
`(7) The term `Secretary’ means the Secretary of Homeland Security.
-`Sec. 3553. Authority and functions of the Director and the Secretary

`(a) Director- The Director shall oversee agency information security policies and practices, including–
`(1) developing and overseeing the implementation of policies, principles, standards, and guidelines on information security, including through ensuring timely agency adoption of and compliance with standards promulgated under section 11331 of title 40;
`(2) requiring agencies, consistent with the standards promulgated under such section 11331 and the requirements of this subchapter, to identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of–
`(A) information collected or maintained by or on behalf of an agency; or
`(B) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency;
`(3) ensuring that the Secretary carries out the authorities and functions under subsection (b);
`(4) coordinating the development of standards and guidelines under section 20 of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3) with agencies and offices operating or exercising control of national security systems (including the National Security Agency) to assure, to the maximum extent feasible, that such standards and guidelines are complementary with standards and guidelines developed for national security systems;
`(5) overseeing agency compliance with the requirements of this subchapter, including through any authorized action under section 11303 of title 40, to enforce accountability for compliance with such requirements; and
`(6) coordinating information security policies and procedures with related information resources management policies and procedures.
`(b) Secretary- The Secretary, in consultation with the Director, shall administer the implementation of agency information security policies and practices for information systems, except for national security systems and information systems described in paragraph (2) or (3) of subsection (e), including–
`(1) assisting the Director in carrying out the authorities and functions under paragraphs (1), (2), (3), (5), and (6) of subsection (a);
`(2) developing and overseeing the implementation of binding operational directives to agencies to implement the policies, principles, standards, and guidelines developed by the Director under subsection (a)(1) and the requirements of this subchapter, which may be revised or repealed by the Director if the operational directives issued on behalf of the Director are not in accordance with policies, principles, standards, and guidelines developed by the Director, including–
`(A) requirements for reporting security incidents to the Federal information security incident center established under section 3556;
`(B) requirements for the contents of the annual reports required to be submitted under section 3554(c)(1);
`(C) requirements for the mitigation of exigent risks to information systems; and
`(D) other operational requirements as the Director or Secretary, in consultation with the Director, may determine necessary;
`(3) monitoring agency implementation of information security policies and practices;
`(4) convening meetings with senior agency officials to help ensure effective implementation of information security policies and practices;
`(5) coordinating Government-wide efforts on information security policies and practices, including consultation with the Chief Information Officers Council established under section 3603 and the Director of the National Institute of Standards and Technology;
`(6) providing operational and technical assistance to agencies in implementing policies, principles, standards, and guidelines on information security, including implementation of standards promulgated under section 11331 of title 40, including by–
`(A) operating the Federal information security incident center established under section 3556;
`(B) upon request by an agency, deploying technology to assist the agency to continuously diagnose and mitigate against cyber threats and vulnerabilities, with or without reimbursement;
`(C) compiling and analyzing data on agency information security; and
`(D) developing and conducting targeted operational evaluations, including threat and vulnerability assessments, on the information systems; and
`(7) other actions as the Director or the Secretary, in consultation with the Director, may determine necessary to carry out this subsection.
`(c) Report- Not later than March 1 of each year, the Director, in consultation with the Secretary, shall submit to Congress a report on the effectiveness of information security policies and practices during the preceding year, including–
`(1) a summary of the incidents described in the annual reports required to be submitted under section 3554(c)(1), including a summary of the information required under section 3554(c)(1)(A)(iii);
`(2) a description of the threshold for reporting major information security incidents;
`(3) a summary of the results of evaluations required to be performed under section 3555;
`(4) an assessment of agency compliance with standards promulgated under section 11331 of title 40; and
`(5) an assessment of agency compliance with data breach notification policies and procedures issued by the Director.
`(d) National Security Systems- Except for the authorities and functions described in subsection (a)(5) and subsection (c), the authorities and functions of the Director and the Secretary under this section shall not apply to national security systems.
`(e) Department of Defense and Intelligence Community Systems- (1) The authorities of the Director described in paragraphs (1) and (2) of subsection (a) shall be delegated to the Secretary of Defense in the case of systems described in paragraph (2) and to the Director of National Intelligence in the case of systems described in paragraph (3).
`(2) The systems described in this paragraph are systems that are operated by the Department of Defense, a contractor of the Department of Defense, or another entity on behalf of the Department of Defense that processes any information the unauthorized access, use, disclosure, disruption, modification, or destruction of which would have a debilitating impact on the mission of the Department of Defense.
`(3) The systems described in this paragraph are systems that are operated by an element of the intelligence community, a contractor of an element of the intelligence community, or another entity on behalf of an element of the intelligence community that processes any information the unauthorized access, use, disclosure, disruption, modification, or destruction of which would have a debilitating impact on the mission of an element of the intelligence community.
`(f) Consideration-
`(1) IN GENERAL- In carrying out the responsibilities under subsection (b), the Secretary shall consider any applicable standards or guidelines developed by the National Institute of Standards and Technology and issued by the Secretary of Commerce under section 11331 of title 40.
`(2) DIRECTIVES- The Secretary shall–
`(A) consult with the Director of the National Institute of Standards and Technology regarding any binding operational directive that implements standards and guidelines developed by the National Institute of Standards and Technology; and
`(B) ensure that binding operational directives issued under subsection (b)(2) do not conflict with the standards and guidelines issued under section 11331 of title 40.
`(3) RULE OF CONSTRUCTION- Nothing in this subchapter shall be construed as authorizing the Secretary to direct the Secretary of Commerce in the development and promulgation of standards and guidelines under section 11331 of title 40.
`(g) Exercise of Authority- To ensure fiscal and policy consistency, the Secretary shall exercise the authority under this section subject to direction by the President, in coordination with the Director.
-`Sec. 3554. Federal agency responsibilities

`(a) In General- The head of each agency shall–
`(1) be responsible for–
`(A) providing information security protections commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of–
`(i) information collected or maintained by or on behalf of the agency; and
`(ii) information systems used or operated by an agency or by a contractor of an agency or other organization on behalf of an agency;
`(B) complying with the requirements of this subchapter and related policies, procedures, standards, and guidelines, including–
`(i) information security standards promulgated under section 11331 of title 40;
`(ii) operational directives developed by the Secretary under section 3553(b);
`(iii) policies and procedures issued by the Director; and
`(iv) information security standards and guidelines for national security systems issued in accordance with law and as directed by the President; and
`(C) ensuring that information security management processes are integrated with agency strategic, operational, and budgetary planning processes;
`(2) ensure that senior agency officials provide information security for the information and information systems that support the operations and assets under their control, including through–
`(A) assessing the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of such information or information systems;
`(B) determining the levels of information security appropriate to protect such information and information systems in accordance with standards promulgated under section 11331 of title 40, for information security classifications and related requirements;
`(C) implementing policies and procedures to cost-effectively reduce risks to an acceptable level; and
`(D) periodically testing and evaluating information security controls and techniques to ensure that they are effectively implemented;
`(3) delegate to the agency Chief Information Officer established under section 3506 (or comparable official in an agency not covered by such section) the authority to ensure compliance with the requirements imposed on the agency under this subchapter, including–
`(A) designating a senior agency information security officer who shall–
`(i) carry out the Chief Information Officer’s responsibilities under this section;
`(ii) possess professional qualifications, including training and experience, required to administer the functions described under this section;
`(iii) have information security duties as that official’s primary duty; and
`(iv) head an office with the mission and resources to assist in ensuring agency compliance with this section;
`(B) developing and maintaining an agencywide information security program as required by subsection (b);
`(C) developing and maintaining information security policies, procedures, and control techniques to address all applicable requirements, including those issued under section 3553 of this title and section 11331 of title 40;
`(D) training and overseeing personnel with significant responsibilities for information security with respect to such responsibilities; and
`(E) assisting senior agency officials concerning their responsibilities under paragraph (2);
`(4) ensure that the agency has trained personnel sufficient to assist the agency in complying with the requirements of this subchapter and related policies, procedures, standards, and guidelines;
`(5) ensure that the agency Chief Information Officer, in coordination with other senior agency officials, reports annually to the agency head on the effectiveness of the agency information security program, including progress of remedial actions;
`(6) ensure that senior agency officials, including chief information officers of component agencies or equivalent officials, carry out responsibilities under this subchapter as directed by the official delegated authority under paragraph (3); and
`(7) ensure that all personnel are held accountable for complying with the agency-wide information security program implemented under subsection (b).
`(b) Agency Program- Each agency shall develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source, that includes–
`(1) periodic assessments of the risk and magnitude of the harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the agency, which may include using automated tools consistent with standards and guidelines promulgated under section 11331 of title 40;
`(2) policies and procedures that–
`(A) are based on the risk assessments required by paragraph (1);
`(B) cost-effectively reduce information security risks to an acceptable level;
`(C) ensure that information security is addressed throughout the life cycle of each agency information system; and
`(D) ensure compliance with–
`(i) the requirements of this subchapter;
`(ii) policies and procedures as may be prescribed by the Director, and information security standards promulgated under section 11331 of title 40;
`(iii) minimally acceptable system configuration requirements, as determined by the agency; and
`(iv) any other applicable requirements, including standards and guidelines for national security systems issued in accordance with law and as directed by the President;
`(3) subordinate plans for providing adequate information security for networks, facilities, and systems or groups of information systems, as appropriate;
`(4) security awareness training to inform personnel, including contractors and other users of information systems that support the operations and assets of the agency, of–
`(A) information security risks associated with their activities; and
`(B) their responsibilities in complying with agency policies and procedures designed to reduce these risks;
`(5) periodic testing and evaluation of the effectiveness of information security policies, procedures, and practices, to be performed with a frequency depending on risk, but no less than annually, of which such testing–
`(A) shall include testing of management, operational, and technical controls of every information system identified in the inventory required under section 3505(c);
`(B) may include testing relied on in an evaluation under section 3555; and
`(C) shall include using automated tools, consistent with standards and guidelines promulgated under section 11331 of title 40;
`(6) a process for planning, implementing, evaluating, and documenting remedial action to address any deficiencies in the information security policies, procedures, and practices of the agency;
`(7) procedures for detecting, reporting, and responding to security incidents, which–
`(A) shall be consistent with the standards and guidelines described in section 3556(b);
`(B) may include using automated tools; and
`(C) shall include–
`(i) mitigating risks associated with such incidents before substantial damage is done;
`(ii) notifying and consulting with the Federal information security incident center established in section 3556; and
`(iii) notifying and consulting with, as appropriate–
`(I) law enforcement agencies and relevant Offices of Inspector General and Offices of General Counsel;
`(II) an office designated by the President for any incident involving a national security system;
`(III) for a major incident, the committees of Congress described in subsection (c)(1)–
`(aa) not later than 7 days after the date on which there is a reasonable basis to conclude that the major incident has occurred; and

`(bb) after the initial notification under item (aa), within a reasonable period of time after additional information relating to the incident is discovered, including the summary required under subsection (c)(1)(A)(i); and

`(IV) any other agency or office, in accordance with law or as directed by the President; and
`(8) plans and procedures to ensure continuity of operations for information systems that support the operations and assets of the agency.
`(c) Agency Reporting-
`(1) ANNUAL REPORT-
`(A) IN GENERAL- Each agency shall submit to the Director, the Secretary, the Committee on Government Reform, the Committee on Homeland Security, and the Committee on Science of the House of Representatives, the Committee on Homeland Security and Governmental Affairs and the Committee on Commerce, Science, and Transportation of the Senate, the appropriate authorization and appropriations committees of Congress, and the Comptroller General a report on the adequacy and effectiveness of information security policies, procedures, and practices, including–
`(i) a description of each major information security incident or related sets of incidents, including summaries of–
`(I) the threats and threat actors, vulnerabilities, and impacts relating to the incident;
`(II) the risk assessments conducted under section 3554(a)(2)(A) of the affected information systems before the date on which the incident occurred;
`(III) the status of compliance of the affected information systems with applicable security requirements at the time of the incident; and
`(IV) the detection, response, and remediation actions;
`(ii) the total number of information security incidents, including a description of incidents resulting in significant compromise of information security, system impact levels, types of incident, and locations of affected systems;
`(iii) a description of each major information security incident that involved a breach of personally identifiable information, as defined by the Director, including–
`(I) the number of individuals whose information was affected by the major information security incident; and
`(II) a description of the information that was breached or exposed; and
`(iv) any other information as the Director or the Secretary, in consultation with the Director, may require.
`(B) UNCLASSIFIED REPORT-
`(i) IN GENERAL- Each report submitted under subparagraph (A) shall be in unclassified form, but may include a classified annex.
`(ii) ACCESS TO INFORMATION- The head of an agency shall ensure that, to the greatest extent practicable, information is included in the unclassified version of the reports submitted by the agency under subparagraph (A).
`(2) OTHER PLANS AND REPORTS- Each agency shall address the adequacy and effectiveness of information security policies, procedures, and practices in management plans and reports.
`(d) Performance Plan- (1) In addition to the requirements of subsection (c), each agency, in consultation with the Director, shall include as part of the performance plan required under section 1115 of title 31 a description of–
`(A) the time periods; and
`(B) the resources, including budget, staffing, and training,
that are necessary to implement the program required under subsection (b).
`(2) The description under paragraph (1) shall be based on the risk assessments required under subsection (b)(1).
`(e) Public Notice and Comment- Each agency shall provide the public with timely notice and opportunities for comment on proposed information security policies and procedures to the extent that such policies and procedures affect communication with the public.
-`Sec.

National Cybersecurity Protection Act of 2014

The National Cybersecurity Protection Act of 2014 was signed into law on December 18, 2014:

S.2519 — National Cybersecurity Protection Act of 2014 (Enrolled Bill [Final as Passed Both House and Senate] – ENR)

–S.2519–

S.2519

One Hundred Thirteenth Congress

of the

United States of America

AT THE SECOND SESSION
Begun and held at the City of Washington on Friday,

the third day of January, two thousand and fourteen

An Act

To codify an existing operations center for cybersecurity.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the `National Cybersecurity Protection Act of 2014′.
SEC. 2. DEFINITIONS.
In this Act–
(1) the term `Center’ means the national cybersecurity and communications integration center under section 226 of the Homeland Security Act of 2002, as added by section 3;
(2) the term `critical infrastructure’ has the meaning given that term in section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101);
(3) the term `cybersecurity risk’ has the meaning given that term in section 226 of the Homeland Security Act of 2002, as added by section 3;
(4) the term `information sharing and analysis organization’ has the meaning given that term in section 212(5) of the Homeland Security Act of 2002 (6 U.S.C. 131(5));
(5) the term `information system’ has the meaning given that term in section 3502(8) of title 44, United States Code; and
(6) the term `Secretary’ means the Secretary of Homeland Security.
SEC. 3. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.
(a) In General- Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.) is amended by adding at the end the following:

`SEC. 226. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.
`(a) Definitions- In this section–
`(1) the term `cybersecurity risk’ means threats to and vulnerabilities of information or information systems and any related consequences caused by or resulting from unauthorized access, use, disclosure, degradation, disruption, modification, or destruction of information or information systems, including such related consequences caused by an act of terrorism;
`(2) the term `incident’ means an occurrence that–
`(A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information on an information system; or
`(B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies;
`(3) the term `information sharing and analysis organization’ has the meaning given that term in section 212(5); and
`(4) the term `information system’ has the meaning given that term in section 3502(8) of title 44, United States Code.
`(b) Center- There is in the Department a national cybersecurity and communications integration center (referred to in this section as the `Center’) to carry out certain responsibilities of the Under Secretary appointed under section 103(a)(1)(H).
`(c) Functions- The cybersecurity functions of the Center shall include–
`(1) being a Federal civilian interface for the multi-directional and cross-sector sharing of information related to cybersecurity risks, incidents, analysis, and warnings for Federal and non-Federal entities;
`(2) providing shared situational awareness to enable real-time, integrated, and operational actions across the Federal Government and non-Federal entities to address cybersecurity risks and incidents to Federal and non-Federal entities;
`(3) coordinating the sharing of information related to cybersecurity risks and incidents across the Federal Government;
`(4) facilitating cross-sector coordination to address cybersecurity risks and incidents, including cybersecurity risks and incidents that may be related or could have consequential impacts across multiple sectors;
`(5)(A) conducting integration and analysis, including cross-sector integration and analysis, of cybersecurity risks and incidents; and
`(B) sharing the analysis conducted under subparagraph (A) with Federal and non-Federal entities;
`(6) upon request, providing timely technical assistance, risk management support, and incident response capabilities to Federal and non-Federal entities with respect to cybersecurity risks and incidents, which may include attribution, mitigation, and remediation; and
`(7) providing information and recommendations on security and resilience measures to Federal and non-Federal entities, including information and recommendations to–
`(A) facilitate information security; and
`(B) strengthen information systems against cybersecurity risks and incidents.
`(d) Composition-
`(1) IN GENERAL- The Center shall be composed of–
`(A) appropriate representatives of Federal entities, such as–
`(i) sector-specific agencies;
`(ii) civilian and law enforcement agencies; and
`(iii) elements of the intelligence community, as that term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4));
`(B) appropriate representatives of non-Federal entities, such as–
`(i) State and local governments;
`(ii) information sharing and analysis organizations; and
`(iii) owners and operators of critical information systems;
`(C) components within the Center that carry out cybersecurity and communications activities;
`(D) a designated Federal official for operational coordination with and across each sector; and
`(E) other appropriate representatives or entities, as determined by the Secretary.
`(2) INCIDENTS- In the event of an incident, during exigent circumstances the Secretary may grant a Federal or non-Federal entity immediate temporary access to the Center.
`(e) Principles- In carrying out the functions under subsection (c), the Center shall ensure–
`(1) to the extent practicable, that–
`(A) timely, actionable, and relevant information related to cybersecurity risks, incidents, and analysis is shared;
`(B) when appropriate, information related to cybersecurity risks, incidents, and analysis is integrated with other relevant information and tailored to the specific characteristics of a sector;
`(C) activities are prioritized and conducted based on the level of risk;
`(D) industry sector-specific, academic, and national laboratory expertise is sought and receives appropriate consideration;
`(E) continuous, collaborative, and inclusive coordination occurs–
`(i) across sectors; and
`(ii) with–
`(I) sector coordinating councils;
`(II) information sharing and analysis organizations; and
`(III) other appropriate non-Federal partners;
`(F) as appropriate, the Center works to develop and use mechanisms for sharing information related to cybersecurity risks and incidents that are technology-neutral, interoperable, real-time, cost-effective, and resilient; and
`(G) the Center works with other agencies to reduce unnecessarily duplicative sharing of information related to cybersecurity risks and incidents;
`(2) that information related to cybersecurity risks and incidents is appropriately safeguarded against unauthorized access; and
`(3) that activities conducted by the Center comply with all policies, regulations, and laws that protect the privacy and civil liberties of United States persons.
`(f) No Right or Benefit-
`(1) IN GENERAL- The provision of assistance or information to, and inclusion in the Center of, governmental or private entities under this section shall be at the sole and unreviewable discretion of the Under Secretary appointed under section 103(a)(1)(H).
`(2) CERTAIN ASSISTANCE OR INFORMATION- The provision of certain assistance or information to, or inclusion in the Center of, one governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, to similar assistance or information for any other governmental or private entity.’.
(b) Technical and Conforming Amendment- The table of contents in section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note) is amended by inserting after the item relating to section 225 the following:
`Sec. 226. National cybersecurity and communications integration center.’.
SEC. 4. RECOMMENDATIONS REGARDING NEW AGREEMENTS.
(a) In General- Not later than 180 days after the date of enactment of this Act, the Secretary shall submit recommendations on how to expedite the implementation of information-sharing agreements for cybersecurity purposes between the Center and non-Federal entities (referred to in this section as `cybersecurity information-sharing agreements’) to–
(1) the Committee on Homeland Security and Governmental Affairs and the Committee on the Judiciary of the Senate; and
(2) the Committee on Homeland Security and the Committee on the Judiciary of the House of Representatives.
(b) Contents- In submitting recommendations under subsection (a), the Secretary shall–
(1) address the development and utilization of a scalable form that retains all privacy and other protections in cybersecurity information-sharing agreements that are in effect as of the date on which the Secretary submits the recommendations, including Cooperative Research and Development Agreements; and
(2) include in the recommendations any additional authorities or resources that may be needed to carry out the implementation of any new cybersecurity information-sharing agreements.
SEC. 5. ANNUAL REPORT.
Not later than 1 year after the date of enactment of this Act, and every year thereafter for 3 years, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs and the Committee on the Judiciary of the Senate, the Committee on Homeland Security and the Committee on the Judiciary of the House of Representatives, and the Comptroller General of the United States a report on the Center, which shall include–
(a) information on the Center, including–
(1) an assessment of the capability and capacity of the Center to carry out its cybersecurity mission under this Act;
(2) the number of representatives from non-Federal entities that are participating in the Center, including the number of representatives from States, nonprofit organizations, and private sector entities, respectively;
(3) the number of requests from non-Federal entities to participate in the Center and the response to such requests;
(4) the average length of time taken to resolve requests described in paragraph (3);
(5) the identification of–
(A) any delay in resolving requests described in paragraph (3) involving security clearance processing; and
(B) the agency involved with a delay described in subparagraph (A);
(6) a description of any other obstacles or challenges to resolving requests described in paragraph (3) and a summary of the reasons for denials of any such requests;
(7) the extent to which the Department is engaged in information sharing with each critical infrastructure sector, including–
(A) the extent to which each sector has representatives at the Center;
(B) the extent to which owners and operators of critical infrastructure in each critical infrastructure sector participate in information sharing at the Center; and
(C) the volume and range of activities with respect to which the Secretary has collaborated with the sector coordinating councils and the sector-specific agencies to promote greater engagement with the Center; and
(8) the policies and procedures established by the Center to safeguard privacy and civil liberties.
SEC. 6. GAO REPORT.
Not later than 2 years after the date of enactment of this Act, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the effectiveness of the Center in carrying out its cybersecurity mission.
SEC. 7. CYBER INCIDENT RESPONSE PLAN; CLEARANCES; BREACHES.
(a) Cyber Incident Response Plan; Clearances- Subtitle C of title II of the Homeland Security Act of 2002 (6 U.S.C. 141 et seq.), as amended by section 3, is amended by adding at the end the following:

`SEC. 227. CYBER INCIDENT RESPONSE PLAN.
`The Under Secretary appointed under section 103(a)(1)(H) shall, in coordination with appropriate Federal departments and agencies, State and local governments, sector coordinating councils, information sharing and analysis organizations (as defined in section 212(5)), owners and operators of critical infrastructure, and other appropriate entities and individuals, develop, regularly update, maintain, and exercise adaptable cyber incident response plans to address cybersecurity risks (as defined in section 226) to critical infrastructure.

`SEC. 228. CLEARANCES.
`The Secretary shall make available the process of application for security clearances under Executive Order 13549 (75 Fed. Reg. 162; relating to a classified national security information program) or any successor Executive Order to appropriate representatives of sector coordinating councils, sector information sharing and analysis organizations (as defined in section 212(5)), owners and operators of critical infrastructure, and any other person that the Secretary determines appropriate.’.
(b) Breaches-
(1) REQUIREMENTS- The Director of the Office of Management and Budget shall ensure that data breach notification policies and guidelines are updated periodically and require–
(A) except as provided in paragraph (4), notice by the affected agency to each committee of Congress described in section 3544(c)(1) of title 44, United States Code, the Committee on the Judiciary of the Senate, and the Committee on Homeland Security and the Committee on the Judiciary of the House of Representatives, which shall–
(i) be provided expeditiously and not later than 30 days after the date on which the agency discovered the unauthorized acquisition or access; and
(ii) include–
(I) information about the breach, including a summary of any information that the agency knows on the date on which notification is provided about how the breach occurred;
(II) an estimate of the number of individuals affected by the breach, based on information that the agency knows on the date on which notification is provided, including an assessment of the risk of harm to affected individuals;
(III) a description of any circumstances necessitating a delay in providing notice to affected individuals; and
(IV) an estimate of whether and when the agency will provide notice to affected individuals; and
(B) notice by the affected agency to affected individuals, pursuant to data breach notification policies and guidelines, which shall be provided as expeditiously as practicable and without unreasonable delay after the agency discovers the unauthorized acquisition or access.
(2) NATIONAL SECURITY; LAW ENFORCEMENT; REMEDIATION- The Attorney General, the head of an element of the intelligence community (as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)), or the Secretary may delay the notice to affected individuals under paragraph (1)(B) if the notice would disrupt a law enforcement investigation, endanger national security, or hamper security remediation actions.
(3) OMB REPORT- During the first 2 years beginning after the date of enactment of this Act, the Director of the Office of Management and Budget shall, on an annual basis–
(A) assess agency implementation of data breach notification policies and guidelines in aggregate; and
(B) include the assessment described in clause (i) in the report required under section 3543(a)(8) of title 44, United States Code.
(4) EXCEPTION- Any element of the intelligence community (as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)) that is required to provide notice under paragraph (1)(A) shall only provide such notice to appropriate committees of Congress.
(c) Rule of Construction- Nothing in the amendment made by subsection (a) or in subsection (b)(1) shall be construed to alter any authority of a Federal agency or department.
(d) Technical and Conforming Amendment- The table of contents in section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note), as amended by section 3, is amended by inserting after the item relating to section 226 the following:
`Sec. 227. Cyber incident response plan.
`Sec. 228. Clearances.’.
SEC. 8. RULES OF CONSTRUCTION.
(a) Prohibition on New Regulatory Authority- Nothing in this Act or the amendments made by this Act shall be construed to grant the Secretary any authority to promulgate regulations or set standards relating to the cybersecurity of private sector critical infrastructure that was not in effect on the day before the date of enactment of this Act.
(b) Private Entities- Nothing in this Act or the amendments made by this Act shall be construed to require any private entity–
(1) to request assistance from the Secretary; or
(2) that requested such assistance from the Secretary to implement any measure or recommendation suggested by the Secretary.
Speaker of the House of Representatives.

Vice President of the United States and

President of the Senate.

Houston Spaceport Draft Environmental Assessment Available

Federal Register Volume 79, Number 250 (Wednesday, December 31, 2014), Pages 78936-78937:

 

 

DEPARTMENT OF TRANSPORTATION

Federal Aviation Administration

Office of Commercial Space

Transportation; Notice of Availability and Request for Comment on the Draft Environmental Assessment for the Houston Spaceport, City of Houston, Harris County, Texas

AGENCY: Federal Aviation

Administration (FAA), Department of Transportation (DOT).

ACTION: Notice of Availability, Notice of Public Comment Period, Notice of Public Meeting, and Request for Comment.

SUMMARY: In accordance with the National Environmental Policy Act of 1969, as amended (NEPA; 42 United States Code 4321 et seq.), Council on Environmental Quality NEPA implementing regulations (40 Code of Federal Regulations parts 1500 to 1508), and FAA Order 1050.1E, Change 1, Environmental Impacts: Policies and Procedures, the FAA is announcing the availability of and requesting comments on the Draft Environmental Assessment for the Houston Spaceport (Draft EA).

Alaska Halts Spaceport Progress

via Gov. Walker halts megaprojects | Juneau Empire – Alaska’s Capital City Online Newspaper:

Gov. Walker halts megaprojects

Posted: December 28, 2014 – 12:05am

By JAMES BROOKS and MELISSA GRIFFITHS

JUNEAU EMPIRE

In the face of plunging oil prices, Alaska Gov. Bill Walker has ordered progress stopped on six major Alaska construction projects.

On Friday, Walker issued an administrative order that directs “state agencies to halt to the maximum extent possible discretionary expenditures” for the Ambler Road Project, Juneau Access Project, Susitna-Watana Dam Project, Kodiak Launch Complex, Knik Arm Crossing and Alaska Stand-Alone Pipeline Project.

The estimated cost to complete all six projects is in the billions of dollars, but none except the Kodiak Launch Complex have advanced beyond the study stages, and it was not immediately clear what impact the order will have on the progress of the projects or how much money it will save. . . .

 

Space Law Reading List (2014-12-22)

Cybergovernance Reading List (2014-12-22)

UNGA Res. 69/31: Prevention of an arms race in outer space

UNGA Res. 69/31: Prevention of an arms race in outer space:

Resolution adopted by the General Assembly on 2 December 2014
[on the report of the First Committee (A/69/438)]
69/31. Prevention of an arms race in outer space
The General Assembly,
Recognizing the common interest of all mankind in the exploration and use of
outer space for peaceful purposes,
Reaffirming the will of all States that the exploration and use of outer space,
including the Moon and other celestial bodies, shall be for peaceful purposes and
shall be carried out for the benefit and in the interest of all countries, irrespective of
their degree of economic or scientific development,
Reaffirming also the provisions of articles III and IV of the Treaty on
Principles Governing the Activities of States in the Exploration and Use of Outer
Space, including the Moon and Other Celestial Bodies,1
Recalling the obligation of all States to observe the provisions of the Charter
of the United Nations regarding the use or threat of use of force in their
international relations, including in their space activities,
Reaffirming paragraph 80 of the Final Document of the Tenth Special Session
of the General Assembly,2
in which it is stated that, in order to prevent an arms race
in outer space, further measures should be taken and appropriate international
negotiations held in accordance with the spirit of the Treaty,
Recalling its previous resolutions on this issue, and taking note of the
proposals submitted to the General Assembly at its tenth special session and at its
regular sessions and of the recommendations made to the competent organs of the
United Nations and to the Conference on Disarmament,
Recognizing that the prevention of an arms race in outer space would avert a
grave danger for international peace and security,
Emphasizing the paramount importance of strict compliance with existing
arms limitation and disarmament agreements relevant to outer space, including
bilateral agreements, and with the existing legal regime concerning the use of outer
space,
Considering that wide participation in the legal regime applicable to outer
space could contribute to enhancing its effectiveness,
Noting that the Ad Hoc Committee on the Prevention of an Arms Race in
Outer Space, taking into account its previous efforts since its establishment in 1985
and seeking to enhance its functioning in qualitative terms, continued the
examination and identification of various issues, existing agreements and existing
proposals, as well as future initiatives relevant to the prevention of an arms race in
outer space, and that this contributed to a better understanding of a number of
problems and to a clearer perception of the various positions,
Noting also that there were no objections in principle in the Conference on
Disarmament to the re-establishment of the Ad Hoc Committee, subject to
re-examination of the mandate contained in the decision of the Conference on
Disarmament of 13 February 1992,3
Emphasizing the mutually complementary nature of bilateral and multilateral
efforts for the prevention of an arms race in outer space, and hoping that concrete
results will emerge from those efforts as soon as possible,
Convinced that further measures should be examined in the search for effective
and verifiable bilateral and multilateral agreements in order to prevent an arms race
in outer space, including the weaponization of outer space,
Stressing that the growing use of outer space increases the need for greater
transparency and better information on the part of the international community,
Recalling, in this context, its previous resolutions, in particular resolutions
45/55 B of 4 December 1990, 47/51 of 9 December 1992 and 48/74 A of
16 December 1993, in which, inter alia, it reaffirmed the importance of confidencebuilding
measures as a means conducive to ensuring the attainment of the objective
of the prevention of an arms race in outer space,
Conscious of the benefits of confidence- and security-building measures in the
military field,
Recognizing that negotiations for the conclusion of an international agreement
or agreements to prevent an arms race in outer space remain a priority task of the
Conference on Disarmament and that the concrete proposals on confidence-building
measures could form an integral part of such agreements,
Noting with satisfaction the constructive, structured and focused debate on the
prevention of an arms race in outer space at the Conference on Disarmament
in 2009, 2010, 2011, 2012, 2013 and 2014,
Noting the introduction by China and the Russian Federation at the Conference
on Disarmament of the draft treaty on the prevention of the placement of weapons in
outer space and of the threat or use of force against outer space objects in 2008 and
the submission of its updated version in 2014,4
Taking note of the decision of the Conference on Disarmament to establish for
its 2009 session a working group to discuss, substantially, without limitation, all
issues related to the prevention of an arms race in outer space,
1. Reaffirms the importance and urgency of preventing an arms race in outer
space and the readiness of all States to contribute to that common objective, in
conformity with the provisions of the Treaty on Principles Governing the Activities
of States in the Exploration and Use of Outer Space, including the Moon and Other
Celestial Bodies;1
2. Reaffirms its recognition, as stated in the report of the Ad Hoc
Committee on the Prevention of an Arms Race in Outer Space, that the legal regime
applicable to outer space by itself does not guarantee the prevention of an arms race
in outer space, that the regime plays a significant role in the prevention of an arms
race in that environment, that there is a need to consolidate and reinforce that
regime and enhance its effectiveness and that it is important to comply strictly with
existing agreements, both bilateral and multilateral;
3. Emphasizes the necessity of further measures with appropriate and
effective provisions for verification to prevent an arms race in outer space;
4. Calls upon all States, in particular those with major space capabilities, to
contribute actively to the objective of the peaceful use of outer space and of the
prevention of an arms race in outer space and to refrain from actions contrary to that
objective and to the relevant existing treaties in the interest of maintaining
international peace and security and promoting international cooperation;
5. Reiterates that the Conference on Disarmament, as the sole multilateral
disarmament negotiating forum, has the primary role in the negotiation of a
multilateral agreement or agreements, as appropriate, on the prevention of an arms
race in outer space in all its aspects;
6. Invites the Conference on Disarmament to establish a working group
under its agenda item entitled “Prevention of an arms race in outer space” as early
as possible during its 2015 session;
7. Recognizes, in this respect, the growing convergence of views on the
elaboration of measures designed to strengthen transparency, confidence and
security in the peaceful uses of outer space;
8. Urges States conducting activities in outer space, as well as States
interested in conducting such activities, to keep the Conference on Disarmament
informed of the progress of bilateral and multilateral negotiations on the matter, if
any, so as to facilitate its work;
9. Decides to include in the provisional agenda of its seventieth session the
item entitled “Prevention of an arms race in outer space”.
62nd plenary meeting
2 December 2014