The Most Interesting Database to Hack? Congress Wants to Know Too

A helpful reader drew our attention to this last minute addition to the Carper CISA amendment authorizing DHS Einstein. Coincidence or Lawfare readers in our midst?

SEC. 208. IDENTIFICATION OF INFORMATION SYSTEMS RELATING TO NATIONAL SECURITY.

 (a) In General.—Except as provided in subsection (c), not later than 180 days after the date of enactment of this Act—

(1) the Director of National Intelligence, in coordination with the heads of other agencies, shall—

(A) identify all unclassified information systems that provide access to information that may provide an adversary with the ability to derive information that would otherwise be considered classified;

(B) assess the risks that would result from the breach of each unclassified information system identified in subparagraph (A); and

(C) assess the cost and impact on the mission carried out by each agency that owns an unclassified information system identified in subparagraph (A) if the system were to be subsequently designated as a national security system, as defined in section 11103 of title 40, United States Code; and

(2) the Director of National Intelligence shall submit to the appropriate congressional committees, the Select Committee on Intelligence of the Senate, and the Permanent Select Committee on Intelligence of the House of Representatives a report that includes the findings under paragraph (1).

 (b) Form.—The report submitted under subsection (a)(2) shall be in unclassified form, and shall include a classified annex.

 (c) Exception.—The requirements under subsection (a)(1) shall not apply to the Department of Defense or an element of the intelligence community.