“A bill to require a report on Federal support to the cybersecurity of commercial satellite systems, and for other purposes.”
No CRS summary available for this bill.
This section defines terms for purposes of the Act, including (1) "appropriate congressional committees," meaning specified committees in the Senate (Commerce, Science, and Transportation; Homeland Security and Governmental Affairs) and House (Energy and Commerce; Space, Science, and Technology; Homeland Security); (2) "clearinghouse," meaning the commercial satellite system cybersecurity clearinghouse required under section 4(b)(1); (3) "commercial satellite system," meaning a system owned or operated by a non-Federal entity holding a U.S. license for business operations, composed of at least one earth satellite, and including related ground support infrastructure and transmission links; (4) "critical infrastructure," as defined in 42 U.S.C. 5195c(e); (5) "cybersecurity risk" and (6) "cybersecurity threat," as defined in 6 U.S.C. 650; and (7) "Secretary," meaning the Secretary of Commerce.
This section directs the Comptroller General of the United States to conduct a study on federal actions supporting cybersecurity for commercial satellite systems, including as part of critical infrastructure protection efforts. Not later than two years after enactment, the Comptroller General must submit an unclassified report (with a possible classified annex) and provide a briefing to the appropriate congressional committees that assesses the effectiveness of those efforts (including coordination with international entities and the private sector), public resources available (including via the cybersecurity clearinghouse), reliance of such systems on or by critical infrastructure and federal agencies (including foreign-owned or controlled systems), integration into risk analyses and protection plans, interagency coordination or duplication, and recommendations for further action.
This section directs the Secretary of Commerce (Secretary), in coordination with the Chair of the Federal Communications Commission and the Director of the Cybersecurity and Infrastructure Security Agency, to develop and maintain a publicly available online commercial satellite system cybersecurity clearinghouse not later than 180 days after enactment of this Act (using an existing platform where practicable), with materials specifically aimed at assisting small business concerns. The clearinghouse shall contain cybersecurity resources, including voluntary recommendations consolidated by the Secretary (in coordination with the Secretary of Homeland Security) that address, to the greatest extent practicable—(1) risk-based cybersecurity engineering and continuous monitoring; (2) recovery of control after incidents; (3) protections against unauthorized access, jamming, spoofing, supply chain risks, foreign ownership or infrastructure vulnerabilities, and other threats; and (4) relevant findings from a specified Comptroller General study. In implementing these requirements, the Secretary shall partner with the private sector; coordinate with the Secretary of Homeland Security, Office of the National Cyber Director, National Space Council, FCC, and other relevant agencies; and consult non-Federal entities and standards organizations. The Secretary shall submit reports to the appropriate congressional committees not later than one year after enactment and biennially thereafter through nine years after enactment summarizing partnerships, consultations, coordination, clearinghouse maintenance, consolidated recommendations, and feedback received.
This section directs the Secretary, jointly with the National Space Council and the Office of the National Cyber Director and in coordination with the Secretary of Homeland Security, the Director of the Office of Space Commerce, the Chair of the Federal Communications Commission, and heads of other relevant agencies, to submit to the appropriate congressional committees, not later than 120 days after enactment, a strategy for Federal agency activities to address and improve the cybersecurity of commercial satellite systems. The strategy must identify (1) proposed roles and responsibilities for relevant agencies and (2) as applicable, the extent to which cybersecurity threats to such systems are addressed in Federal and non-Federal critical infrastructure risk analyses and protection plans.
This section specifies that nothing in the Act may be construed to (1) designate commercial satellite systems or other space assets as a critical infrastructure sector or (2) infringe upon or alter the authorities of the agencies described in section 3(c).