Statutes, codes, and regulations
United States Code
Title 6 - DOMESTIC SECURITYChapter 1 - HOMELAND SECURITY ORGANIZATIONSubchapter XVIII - CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY
Part A - CYBERSECURITY AND INFRASTRUCTURE SECURITY
Section 665h - National Cyber Exercise Program

6 U.S.C. § 665h

Download
PDF
Current through P.L. 118-106 (published on www.congress.gov on 10/04/2024)
Section 665h - National Cyber Exercise Program
(a) Establishment of program
(1) In general

There is established in the Agency the National Cyber Exercise Program (referred to in this section as the "Exercise Program") to evaluate the National Cyber Incident Response Plan, and other related plans and strategies.

(2) Requirements
(A) In general

The Exercise Program shall be-

(i) based on current risk assessments, including credible threats, vulnerabilities, and consequences;
(ii) designed, to the extent practicable, to simulate the partial or complete incapacitation of a government or critical infrastructure network resulting from a cyber incident;
(iii) designed to provide for the systematic evaluation of cyber readiness and enhance operational understanding of the cyber incident response system and relevant information sharing agreements; and
(iv) designed to promptly develop after-action reports and plans that can quickly incorporate lessons learned into future operations.
(B) Model exercise selection

The Exercise Program shall-

(i) include a selection of model exercises that government and private entities can readily adapt for use; and
(ii) aid such governments and private entities with the design, implementation, and evaluation of exercises that-
(I) conform to the requirements described in subparagraph (A);
(II) are consistent with any applicable national, State, local, or Tribal strategy or plan; and
(III) provide for systematic evaluation of readiness.
(3) Consultation

In carrying out the Exercise Program, the Director may consult with appropriate representatives from Sector Risk Management Agencies, the Office of the National Cyber Director, cybersecurity research stakeholders, and Sector Coordinating Councils.

(b) Definitions

In this section:

(1) State

The term "State" means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Northern Mariana Islands, the United States Virgin Islands, Guam, American Samoa, and any other territory or possession of the United States.

(2) Private entity

The term "private entity" has the meaning given such term in section 1501 of this title.

(c) Rule of construction

Nothing in this section shall be construed to affect the authorities or responsibilities of the Administrator of the Federal Emergency Management Agency pursuant to section 748 of this title.

6 U.S.C. § 665h

Pub. L. 107-296, title XXII, §2220B, as added Pub. L. 117-81, div. A, title XV, §1547(a), Dec. 27, 2021, 135 Stat. 2059.
State
The term "State" means any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and any possession of the United States.
Administrator
the term "Administrator" means the Administrator of the Agency;
Agency
the term "Agency" means the Federal Emergency Management Agency;
emergency management
the term "emergency management" means the governmental function that coordinates and integrates all activities necessary to build, sustain, and improve the capability to prepare for, protect against, respond to, recover from, or mitigate against threatened or actual natural disasters, acts of terrorism, or other man-made disasters;