The bill would also consolidate DHS cybersecurity programs into a unified office called the the National Center for Cybersecurity and Communications.
The bill sets up a public/private partnership to encourage information sharing regarding incidents, threats and best practices.
The partnership would also include the DHS working with infrastructure owners performance requirements for infrastructure system practices.
The bill would require assessments of practices already in place and if they seem sufficiently secure, no new requirements will be put forth.
DHS will decide who must meet the set of risk-based security standards it will develop.
System operators will be able to appeal if they believe their system was wrongly designated.
The bill also calls for a third-party assessor to verify systems’ compliance.