{"identifier":"/us/usc/t42/s300g\u201310","title":42,"num":"\u00a7\u202f300g\u201310.","heading":"Cybersecurity support for public water systems","text":"\u00a7\u202f300g\u201310.\nCybersecurity support for public water systems\n(a)\nDefinitions\nIn this section:\n(1)\nAppropriate Congressional committees\nThe term \u201cappropriate Congressional committees\u201d means\u2014\n(A) the Committee on Environment and Public Works of the Senate;\n(B) the Committee on Homeland Security and Governmental Affairs of the Senate;\n(C) the Committee on Energy and Commerce of the House of Representatives; and\n(D) the Committee on Homeland Security of the House of Representatives.\n(2)\nDirector\nThe term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency.\n(3)\nIncident\nThe term \u201cincident\u201d has the meaning given the term in\nsection 3552 of title 44\n(4)\nPrioritization Framework\nThe term \u201cPrioritization Framework\u201d means the prioritization framework developed by the Administrator under subsection (b)(1)(A).\n(5)\nSupport Plan\nThe term \u201cSupport Plan\u201d means the Technical Cybersecurity Support Plan developed by the Administrator under subsection (b)(2)(A).\n(b)\nIdentification of and support for public water systems\n(1)\nPrioritization Framework\n(A)\nIn general\nNot later than 180 days after\nNovember 15, 2021\n(B)\nConsiderations\nIn developing the Prioritization Framework, to the extent practicable, the Administrator shall incorporate consideration of\u2014\n(i) whether cybersecurity vulnerabilities for a public water system have been identified under\nsection 300i\u20132 of this title\n(ii) the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support;\n(iii) whether a public water system serves a defense installation or critical national security asset; and\n(iv) whether a public water system, if degraded or rendered inoperable due to an incident, would cause a cascading failure of other critical infrastructure.\n(2)\nTechnical Cybersecurity Support Plan\n(A)\nIn general\nNot later than 270 days after\nNovember 15, 2021\n(B)\nRequirements\nThe Support Plan\u2014\n(i) shall establish a methodology for identifying specific public water systems for which cybersecurity support should be prioritized;\n(ii) shall establish timelines for making voluntary technical support for cybersecurity available to specific public water systems;\n(iii) may include public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity;\n(iv) shall include specific capabilities of the Administrator and the Director that may be utilized to provide support to public water systems under the Support Plan, including\u2014\n(I) site vulnerability and risk assessments;\n(II) penetration tests; and\n(III) any additional support determined to be appropriate by the Administrator; and\n(v) shall only include plans for providing voluntary support to public water systems.\n(3)\nConsultation required\nIn developing the Prioritization Framework pursuant to paragraph (1) and the Support Plan pursuant to paragraph (2), the Administrator shall consult with such Federal or non-Federal entities as determined to be appropriate by the Administrator.\n(4)\nReports required\n(A)\nPrioritization Framework\nNot later than 190 days after\nNovember 15, 2021\n(B)\nTechnical Cybersecurity Support Plan\nNot later than 280 days after\n(i) the Support Plan; and\n(ii) a list describing any public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity during the development of the Support Plan.\n(c)\nRules of construction\nNothing in this section\u2014\n(1) alters the existing authorities of the Administrator; or\n(2) compels a public water system to accept technical support offered by the Administrator.","url":"https://projectusc.org/usc/t42/s300g\u201310.html","content":[{"t":"sec","id":"/us/usc/t42/s300g\u201310","children":[{"t":"num","text":"\u00a7\u202f300g\u201310."},{"t":"heading","text":"Cybersecurity support for public water systems"},{"t":"subsec","id":"/us/usc/t42/s300g\u201310/a","children":[{"t":"num","text":"(a)"},{"t":"heading","text":"Definitions"},{"t":"chapeau","text":"In this section:"},{"t":"para","id":"/us/usc/t42/s300g\u201310/a/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Appropriate Congressional committees"},{"t":"chapeau","text":"The term \u201cappropriate Congressional committees\u201d means\u2014"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/a/1/A","children":[{"t":"num","text":"(A)"},{"t":"content","text":" the Committee on Environment and Public Works of the Senate;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/a/1/B","children":[{"t":"num","text":"(B)"},{"t":"content","text":" the Committee on Homeland Security and Governmental Affairs of the Senate;","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/a/1/C","children":[{"t":"num","text":"(C)"},{"t":"content","text":" the Committee on Energy and Commerce of the House of Representatives; and","tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/a/1/D","children":[{"t":"num","text":"(D)"},{"t":"content","text":" the Committee on Homeland Security of the House of Representatives.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/a/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Director"},{"t":"content","children":[{"t":"p","text":"The term \u201cDirector\u201d means the Director of the Cybersecurity and Infrastructure Security Agency.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/a/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"Incident"},{"t":"content","children":[{"t":"p","text":"The term \u201cincident\u201d has the meaning given the term in ","children":[{"t":"ref","text":"section 3552 of title 44","href":"/us/usc/t44/s3552","tail":"."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/a/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Prioritization Framework"},{"t":"content","children":[{"t":"p","text":"The term \u201cPrioritization Framework\u201d means the prioritization framework developed by the Administrator under subsection (b)(1)(A).","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/a/5","children":[{"t":"num","text":"(5)"},{"t":"heading","text":"Support Plan"},{"t":"content","children":[{"t":"p","text":"The term \u201cSupport Plan\u201d means the Technical Cybersecurity Support Plan developed by the Administrator under subsection (b)(2)(A).","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t42/s300g\u201310/b","children":[{"t":"num","text":"(b)"},{"t":"heading","text":"Identification of and support for public water systems"},{"t":"para","id":"/us/usc/t42/s300g\u201310/b/1","children":[{"t":"num","text":"(1)"},{"t":"heading","text":"Prioritization Framework"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/1/A","children":[{"t":"num","text":"(A)"},{"t":"heading","text":"In general"},{"t":"content","children":[{"t":"p","text":"Not later than 180 days after ","children":[{"t":"text","text":"November 15, 2021","tail":", the Administrator, in coordination with the Director, shall develop a prioritization framework to identify public water systems (including sources of water for those public water systems) that, if degraded or rendered inoperable due to an incident, would lead to significant impacts on the health and safety of the public."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/1/B","children":[{"t":"num","text":"(B)"},{"t":"heading","text":"Considerations"},{"t":"chapeau","text":"In developing the Prioritization Framework, to the extent practicable, the Administrator shall incorporate consideration of\u2014"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/1/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" whether cybersecurity vulnerabilities for a public water system have been identified under ","children":[{"t":"ref","text":"section 300i\u20132 of this title","href":"/us/usc/t42/s300i\u20132","tail":";"}],"tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/1/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support;","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/1/B/iii","children":[{"t":"num","text":"(iii)"},{"t":"content","text":" whether a public water system serves a defense installation or critical national security asset; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/1/B/iv","children":[{"t":"num","text":"(iv)"},{"t":"content","text":" whether a public water system, if degraded or rendered inoperable due to an incident, would cause a cascading failure of other critical infrastructure.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/b/2","children":[{"t":"num","text":"(2)"},{"t":"heading","text":"Technical Cybersecurity Support Plan"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/2/A","children":[{"t":"num","text":"(A)"},{"t":"heading","text":"In general"},{"t":"content","children":[{"t":"p","text":"Not later than 270 days after ","children":[{"t":"text","text":"November 15, 2021","tail":", the Administrator, in coordination with the Director and using existing authorities of the Administrator and the Director for providing voluntary support to public water systems and the Prioritization Framework, shall develop a Technical Cybersecurity Support Plan for public water systems."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/2/B","children":[{"t":"num","text":"(B)"},{"t":"heading","text":"Requirements"},{"t":"chapeau","text":"The Support Plan\u2014"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/2/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" shall establish a methodology for identifying specific public water systems for which cybersecurity support should be prioritized;","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/2/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" shall establish timelines for making voluntary technical support for cybersecurity available to specific public water systems;","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/2/B/iii","children":[{"t":"num","text":"(iii)"},{"t":"content","text":" may include public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity;","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/2/B/iv","children":[{"t":"num","text":"(iv)"},{"t":"chapeau","text":" shall include specific capabilities of the Administrator and the Director that may be utilized to provide support to public water systems under the Support Plan, including\u2014"},{"t":"subclause","id":"/us/usc/t42/s300g\u201310/b/2/B/iv/I","children":[{"t":"num","text":"(I)"},{"t":"content","text":" site vulnerability and risk assessments;","tail":"\n"}],"tail":"\n"},{"t":"subclause","id":"/us/usc/t42/s300g\u201310/b/2/B/iv/II","children":[{"t":"num","text":"(II)"},{"t":"content","text":" penetration tests; and","tail":"\n"}],"tail":"\n"},{"t":"subclause","id":"/us/usc/t42/s300g\u201310/b/2/B/iv/III","children":[{"t":"num","text":"(III)"},{"t":"content","text":" any additional support determined to be appropriate by the Administrator; and","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/2/B/v","children":[{"t":"num","text":"(v)"},{"t":"content","text":" shall only include plans for providing voluntary support to public water systems.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/b/3","children":[{"t":"num","text":"(3)"},{"t":"heading","text":"Consultation required"},{"t":"content","children":[{"t":"p","text":"In developing the Prioritization Framework pursuant to paragraph (1) and the Support Plan pursuant to paragraph (2), the Administrator shall consult with such Federal or non-Federal entities as determined to be appropriate by the Administrator.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/b/4","children":[{"t":"num","text":"(4)"},{"t":"heading","text":"Reports required"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/4/A","children":[{"t":"num","text":"(A)"},{"t":"heading","text":"Prioritization Framework"},{"t":"content","children":[{"t":"p","text":"Not later than 190 days after ","children":[{"t":"text","text":"November 15, 2021","tail":", the Administrator shall submit to the appropriate Congressional committees a report describing the Prioritization Framework."}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subpara","id":"/us/usc/t42/s300g\u201310/b/4/B","children":[{"t":"num","text":"(B)"},{"t":"heading","text":"Technical Cybersecurity Support Plan"},{"t":"chapeau","text":"Not later than 280 days after ","children":[{"t":"text","text":"November 15, 2021","tail":", the Administrator shall submit to the appropriate Congressional committees\u2014"}]},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/4/B/i","children":[{"t":"num","text":"(i)"},{"t":"content","text":" the Support Plan; and","tail":"\n"}],"tail":"\n"},{"t":"clause","id":"/us/usc/t42/s300g\u201310/b/4/B/ii","children":[{"t":"num","text":"(ii)"},{"t":"content","text":" a list describing any public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity during the development of the Support Plan.","tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"subsec","id":"/us/usc/t42/s300g\u201310/c","children":[{"t":"num","text":"(c)"},{"t":"heading","text":"Rules of construction"},{"t":"chapeau","text":"Nothing in this section\u2014"},{"t":"para","id":"/us/usc/t42/s300g\u201310/c/1","children":[{"t":"num","text":"(1)"},{"t":"content","text":" alters the existing authorities of the Administrator; or","tail":"\n"}],"tail":"\n"},{"t":"para","id":"/us/usc/t42/s300g\u201310/c/2","children":[{"t":"num","text":"(2)"},{"t":"content","text":" compels a public water system to accept technical support offered by the Administrator.","tail":"\n"}],"tail":"\n"}],"tail":"\n"},{"t":"text","text":"\n"}]}]}