Criminal Justice & the Rule of Law Cybersecurity & Tech

The Most Interesting Database to Hack? Congress Wants to Know Too

Paul Rosenzweig
Thursday, August 13, 2015, 9:11 AM

A helpful reader drew our attention to this last minute addition to the Carper CISA amendment authorizing DHS Einstein. Coincidence or Lawfare readers in our midst?

SEC. 208. IDENTIFICATION OF INFORMATION SYSTEMS RELATING TO NATIONAL SECURITY.

 (a) In General.—Except as provided in subsection (c), not later than 180 days after the date of enactment of this Act—

Published by The Lawfare Institute
in Cooperation With
Brookings

A helpful reader drew our attention to this last minute addition to the Carper CISA amendment authorizing DHS Einstein. Coincidence or Lawfare readers in our midst?

SEC. 208. IDENTIFICATION OF INFORMATION SYSTEMS RELATING TO NATIONAL SECURITY.

 (a) In General.—Except as provided in subsection (c), not later than 180 days after the date of enactment of this Act—

 (1) the Director of National Intelligence, in coordination with the heads of other agencies, shall—

 (A) identify all unclassified information systems that provide access to information that may provide an adversary with the ability to derive information that would otherwise be considered classified;

 (B) assess the risks that would result from the breach of each unclassified information system identified in subparagraph (A); and

 (C) assess the cost and impact on the mission carried out by each agency that owns an unclassified information system identified in subparagraph (A) if the system were to be subsequently designated as a national security system, as defined in section 11103 of title 40, United States Code; and

 (2) the Director of National Intelligence shall submit to the appropriate congressional committees, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives a report that includes the findings under paragraph (1).

 (b) Form.—The report submitted under subsection (a)(2) shall be in unclassified form, and shall include a classified annex.

 (c) Exception.—The requirements under subsection (a)(1) shall not apply to the Department of Defense or an element of the intelligence community.


Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare