Defense

H.R.1224 – NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

Short Titles as Introduced:

NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

Official Title as Introduced:

To amend the National Institute of Standards and Technology Act to implement a framework, assessment, and audits for improving United States cybersecurity.

Summary:
Introduced in House (02/27/2017)

NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017

This bill amends the National Institute of Standards and Technology Act to require the National Institute of Standards and Technology (NIST), in developing standards for information systems, to emphasize the principle that expanding cybersecurity threats require: (1) engineering security from the beginning of a system’s life cycle, (2) building more trustworthy and secure components and systems from the start, and (3) applying well-defined security design principles throughout systems.

NIST must provide guidance for agencies to incorporate into their information security risk management efforts the Framework for Improving Critical Infrastructure Cybersecurity, which was prepared by NIST with input from the private sector in response to an executive order.

NIST must chair a federal working group and establish a public-private working group to coordinate the development of metrics and tools to measure the effectiveness of the cybersecurity framework for: (1) federal agencies protecting their information and information systems, and (2) private entities voluntarily analyzing their individual corporate risks.

The public-private working group must provide information voluntarily submitted by private entities to NIST and other private entities to improve the cybersecurity framework and enable private entities to use the framework more effectively.

The federal working group and the public-private working group must assist the Office of Science and Technology Policy (OSTP) in publishing annual reports on agency and industry framework adoption rates.

NIST must initiate an individual cybersecurity audit of certain agencies to assess the extent to which they meet information security standards. NIST must report on the audit of each agency to: (1) the Office of Management and Budget, (2) the OSTP, (3) the Government Accountability Office, (4) the agency being audited and its inspector general, and (5) Congress.

Advertisements

Defense

H.R.983 – To bar prosecution under section 844(f)(1) of title 18, United States Code, in certain cases.

Title 18 section 844(f)(1) Info:

GOV:

“”(f)(1)   Whoever   maliciously   damages   or   destroys,  or  attempts  to  damage  or  destroy,  by
means of fire or an explosive, any building, vehicle,  or  other  personal  or  real  property  in  whole
or  in  part  owned  or  possessed  by,  or  leased  to, the United States, or any department or agency
thereof,  or  any  institution  or  organization  receiving Federal financial assistance, shall be imprisoned  for  not  less  than  5  years  and  not  more than 20 years, fined under this title, or both.
“”

Cornell:
“(f)
(1) Whoever maliciously damages or destroys, or attempts to damage or destroy, by means of fire or an explosive, any building, vehicle, or other personal or real property in whole or in part owned or possessed by, or leased to, the United States, or any department or agency thereof, or any institution or organization receiving Federal financial assistance, shall be imprisoned for not less than 5 years and not more than 20 years, fined under this title, or both.
(2) Whoever engages in conduct prohibited by this subsection, and as a result of such conduct, directly or proximately causes personal injury or creates a substantial risk of injury to any person, including any public safety officer performing duties, shall be imprisoned for not less than 7 years and not more than 40 years, fined under this title, or both.
(3) Whoever engages in conduct prohibited by this subsection, and as a result of such conduct directly or proximately causes the death of any person, including any public safety officer performing duties, shall be subject to the death penalty, or imprisoned for not less than 20 years or for life, fined under this title, or both.

Surveillance

H.R.387 – Email Privacy Act

Official Title as Introduced:

To amend title 18, United States Code, to update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs, and for other purposes.

Partial Text:

“SEC. 3. Amendments to required disclosure section.

Section 2703 of title 18, United States Code, is amended—

(1) by striking subsections (a) through (c) and inserting the following:

“(a) Contents of wire or electronic communications in electronic storage.—Except as provided in subsections (i) and (j), a governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication that is in electronic storage with or otherwise stored, held, or maintained by that service only if the governmental entity obtains a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) that—

“(1) is issued by a court of competent jurisdiction; and

“(2) may indicate the date by which the provider must make the disclosure to the governmental entity.”

Bill explanation via the App ‘Countable’:

“This bill would require law enforcement agencies to get a warrant before digging into your information from Internet service providers… Investigating parties would also have to give a copy of the warrant to the customer they are checking out ten days in advance. The government can, however apply for an order to extend the period of time before the customer is informed. The bill does not prevent government officials from obtaining information about a person’s location.”

Surveillance

H.R.701 – SPY Car Study Act of 2017

Short Titles as Introduced:

SPY Car Study Act of 2017
Security and Privacy in Your Car Study Act of 2017

Official Title as Introduced:

To direct the Administrator of the National Highway Traffic Safety Administration to conduct a study to determine appropriate cybersecurity standards for motor vehicles, and for other purposes.

Summary:

Shown Here:
Introduced in House (01/24/2017)

Security and Privacy in Your Car Study Act of 2017 or the SPY Car Study Act of 2017

This bill requires the National Highway Traffic Safety Administration to conduct a study to determine and recommend standards for the regulation of the cybersecurity of motor vehicles manufactured or imported for sale in the United States. The study shall identify:

  • isolation measures that are necessary to separate critical software systems that can affect the driver’s control of the movement of the vehicle from other software systems;
  • measures that are necessary to detect and prevent or minimize anomalous codes, in vehicle software systems, associated with malicious behavior;
  • techniques that are necessary to detect and prevent, discourage, or mitigate intrusions into vehicle software systems and other cybersecurity risks in motor vehicles; and
  • best practices to secure driving data about a vehicle’s status or about the owner, lessee, driver, or passenger of a vehicle that is collected by the electronic systems of motor vehicles; and
  • a timeline for implementing systems and software that reflect such measures, techniques, and best practices.

Surveillance

H.R.709 – We Are Watching You Act of 2017

Official Title as Introduced:

To provide for notification to consumers before a video service collects visual or auditory information from the viewing area and to provide consumers with choices that do not involve the collection of such information, and for other purposes.

Summary:

Introduced in House (01/27/2017)

We Are Watching You Act of 2017

This bill prohibits an operator of a video service from collecting visual or auditory information from the vicinity of the device used to display the video programming stream to the consumer unless the operator: (1) displays, as part of the stream, a message that reads, “We are watching you”; and (2) describes to the consumer the types of information that will be collected and how such information will be used.

The description of information collection must be provided: (1) as part of the terms and conditions to which the consumer must agree before using the video service; and (2) in the case of a video service accessed through a device sold or provided to the consumer by the operator, as part of the written instructions and other materials accompanying such device.

Operators must offer an alternative video service that does not involve the collection of such information but is otherwise identical. Any devices provided in connection with such alternative service must be incapable of collecting such information.

Operators may disclose such information only with the express consent of the consumer or as required by a court order in connection with a law enforcement investigation.

Violations of this bill are to be treated as unfair or deceptive acts or practices under the Federal Trade Commission Act.