Section 1650(b)(1) of the National Defense Authorization Act for fiscal year 2017 (114–328 10 U.S.C. ASSESSMENT OF DEFENSE CRITICAL ELECTRIC INFRASTRUCTURE. IN GENERAL.-Not later than January 1, 2018, the Secretary of Defense shall make such changes to the cybersecurity scorecard as are necessary to ensure that the Secretary measures the progress of each element of the Department of Defense in securing the industrial control systems of the Department against cyber threats, including such industrial control systems as supervisory control and data acquisition systems, distributed control systems, programmable logic controllers, and platform information technology.ĬYBERSECURITY SCORECARD DEFINED.-In this section, the term ''cybersecurity scorecard'' means the Department of Defense Cybersecurity Scorecard used by the Department to measure compliance with cybersecurity requirements as described in the plan of the Department titled ''Department of Defense Cybersecurity Discipline Implementation Plan''.įY17 NDAA SEC. MEASUREMENT OF COMPLIANCE WITH CYBERSECURITY REQUIREMENTS FOR INDUSTRIAL CONTROL SYSTEMS - Requires a scorecard to measure progress towards securing the ICS of DoD against cyber threats, including CS and PIT. (1) Identification of significant security risks to defense critical electric infrastructure posed by significant malicious cyber-enabled activities.įY18 NDAA SEC. (a) REPORT REQUIRED.- Not later than 90 days after the date of the enactment of this Act, the Secretary of Defense shall, in coordination with the Director of National Intelligence, the Secretary of Energy, and the Secretary of Homeland Security, submit to the appropriate committees of Congress a report setting forth the following.
REPORT ON SIGNIFICANT SECURITY RISKS OF DEFENSE CRITICAL ELECTRIC INFRASTRUCTURE – Requires identification of significant security risks to defense critical electric infrastructure posed by significant malicious cyber-enabled activities. The National Defense Authorization Act is the law that funds the Department of Defense, and enables Congress to perform oversight by requiring DoD to conduct studies and analysis, conduct pilot programs, and produce reports related to cybersecuring control systems.įY18 NDAA SEC. This section is the collection of key legislation, executive orders, policy and guidance documents that implement the DoD Cybersecurity and Risk Management Framework processes with an emphasis on EI&E owned and operated critical infrastructure, control systems, and real-property assets.
0 kommentar(er)
