Cybersecurity and Infrastructure Protection Agency Act of 2016

Cybersecurity and Infrastructure Protection Agency Act of 2016

This bill amends the Homeland Security Act of 2002 to redesignate the Department of Homeland Security's (DHS's) National Protection and Programs Directorate as the Cybersecurity and Infrastructure Protection Agency (CIPA) to be headed by a Director of National Cybersecurity (appointed by the President with the Senate's consent) to lead national efforts to protect and enhance the security and resilience of U.S. cyber and critical infrastructure.

CIPA shall be composed of DHS components reorganized as: (1) the Cybersecurity Division, (2) the Infrastructure Protection Division, (3) the Emergency Communications Division, and (4) the Federal Protective Service.

CIPA must develop and update at least every two years: (1) a national risk assessment of cybersecurity and critical infrastructure risks in coordination with other DHS components and federal entities, and (2) an integrated assessment comparing risks and incidents to their relative risks and cascading effects. The assessments must consider evolving threats to the United States as indicated by the intelligence community and include actions or countermeasures recommended or taken by agencies to address such issues. DHS must use the assessments to guide its resource allocations.

The Cybersecurity Division must: (1) carry out DHS's federal information security activities and the functions of the national cybersecurity and communications integration center (NCCIC), (2) coordinate with nonfederal entities to reduce cybersecurity risks through voluntary partnerships, and (3) conduct network and malicious code analysis.

The Infrastructure Protection Division must: (1) secure U.S. high-risk chemical facilities; (2) coordinate nonfederal entities to reduce risk to critical infrastructure from terrorist attack or natural disaster; (3) operate stakeholder engagement mechanisms for appropriate critical infrastructure sectors; and (4) administer a National Infrastructure Coordinating Center to be co-located with the NCCIC to collect, share, and provide recommendations about critical infrastructure information.

The Cybersecurity Division and the Infrastructure Protection Division must: (1) perform critical infrastructure risk assessments to determine the risks posed by particular types of terrorist attacks within the United States, and (2) recommend measures necessary to protect critical infrastructure in coordination with other federal entities and in cooperation with nonfederal entities.

The President must appoint within DHS: (1) a Principal Deputy Director of the Cybersecurity Division, (2) an Assistant Secretary of the Office of Public Affairs, and (3) an Assistant Secretary of the Office of Legislative Affairs.

CIPA must carry out DHS's responsibilities concerning chemical facility antiterrorism standards.

An Office of Biometric Identity Management is established within DHS to:

• provide biometric identity services to support antiterrorism, counterterrorism, border security, credentialing, national security, and public safety;
• enable operational missions across DHS by matching, storing, sharing, and analyzing biometric data;
• operate Biometric Support Centers to provide biometric identification and verification analysis and services to DHS, federal, state, local, territorial, and tribal agencies, foreign governments, and the private sector;
• make government-wide biometric conformity standards; and
• enter data sharing agreements with federal agencies to support immigration, law enforcement, national security, and public safety missions.