§3330 — Title 50 War and National Defense | U.S. Code

Summary

The Director of National Intelligence must make rules that force every cleared intelligence contractor to quickly tell a part of the intelligence community when a covered network or information system is successfully broken into. The Director must also set the criteria for which contractor systems are covered, after talking with other officials. Each report must say how the break‑in happened, include a sample of any malware the contractor found, and give a short summary of any intelligence program data that might have been compromised. The rules must let intelligence staff, on request, access contractor equipment or records for extra forensic checks, but only to find out whether information created by or for the intelligence community was taken and, if so, what was taken. The rules must protect trade secrets, business and financial records, and most personal data (except the suspected intruder’s name). The intelligence community may not share information from these reports outside the community unless the contractor agrees, or it is shared with the congressional intelligence committees and the defense subcommittees of the appropriations committees for oversight, or with law enforcement. The Director had to put the rules and criteria in place within 90 days after July 7, 2014, and, within 180 days after July 7, 2014, must allow a contractor that is also a cleared defense contractor to file one combined report that meets both sets of rules. A cleared intelligence contractor means a company allowed to handle classified intelligence work. A covered network means a contractor system that stores or processes intelligence community data and needs extra protection. These rules do not change any existing government access to contractor systems that hold government data.

Title 50, §3330

War and National Defense — Source: USLM XML via OLRC

(a)The Director of National Intelligence shall establish procedures that require each cleared intelligence contractor to report to an element of the intelligence community designated by the Director for purposes of such procedures when a network or information system of such contractor that meets the criteria established pursuant to subsection (b) is successfully penetrated.

(b)The Director of National Intelligence shall, in consultation with appropriate officials, establish criteria for covered networks to be subject to the procedures for reporting system penetrations under subsection (a).

(c)(1)The procedures established pursuant to subsection (a) shall require each cleared intelligence contractor to rapidly report to an element of the intelligence community designated pursuant to subsection (a) of each successful penetration of the network or information systems of such contractor that meet the criteria established pursuant to subsection (b). Each such report shall include the following:

(A)A description of the technique or method used in such penetration.

(B)A sample of the malicious software, if discovered and isolated by the contractor, involved in such penetration.

(C)A summary of information created by or for such element in connection with any program of such element that has been potentially compromised due to such penetration.

(2)The procedures established pursuant to subsection (a) shall—

(A)include mechanisms for intelligence community personnel to, upon request, obtain access to equipment or information of a cleared intelligence contractor necessary to conduct forensic analysis in addition to any analysis conducted by such contractor;

(B)provide that a cleared intelligence contractor is only required to provide access to equipment or information as described in subparagraph (A) to determine whether information created by or for an element of the intelligence community in connection with any intelligence community program was successfully exfiltrated from a network or information system of such contractor and, if so, what information was exfiltrated; and

(C)provide for the reasonable protection of trade secrets, commercial or financial information, and information that can be used to identify a specific person (other than the name of the suspected perpetrator of the penetration).

(3)The procedures established pursuant to subsection (a) shall prohibit the dissemination outside the intelligence community of information obtained or derived through such procedures that is not created by or for the intelligence community except—

(A)with the approval of the contractor providing such information;

(B)to the congressional intelligence committees or the Subcommittees on Defense of the Committees on Appropriations of the House of Representatives and the Senate for such committees and such Subcommittees to perform oversight; or

(C)to law enforcement agencies to investigate a penetration reported under this section.

(d)(1)Not later than 90 days after July 7, 2014, the Director of National Intelligence shall establish the procedures required under subsection (a) and the criteria required under subsection (b).

(2)The requirements of this section shall apply on the date on which the Director of National Intelligence establishes the procedures required under this section.

(e)Not later than 180 days after July 7, 2014, the Director of National Intelligence and the Secretary of Defense shall establish procedures to permit a contractor that is a cleared intelligence contractor and a cleared defense contractor under section 941 of the National Defense Authorization Act for Fiscal Year 2013 (Public Law 112–239; 10 U.S.C. 2224 note) to submit a single report that satisfies the requirements of this section and such section 941 for an incident of penetration of network or information system.

(f)In this section:

(1)The term “cleared intelligence contractor” means a private entity granted clearance by the Director of National Intelligence or the head of an element of the intelligence community to access, receive, or store classified information for the purpose of bidding for a contract or conducting activities in support of any program of an element of the intelligence community.

(2)The term “covered network” means a network or information system of a cleared intelligence contractor that contains or processes information created by or for an element of the intelligence community with respect to which such contractor is required to apply enhanced protection.

(g)Nothing in this section shall be construed to alter or limit any otherwise authorized access by government personnel to networks or information systems owned or operated by a contractor that processes or stores government data.

Statutory Notes and Related Subsidiaries

Definitions For definitions of “intelligence community” and “congressional intelligence committees”, referred to in text, see section 2 of Pub. L. 113–126, set out as a note under section 3003 of this title.

§3330 Reports to the Intelligence Community on Penetrations of Networks and Information Systems of Certain Contractors

Summary

Title 50, §3330

Notes & Related Subsidiaries

Statutory Notes and Related Subsidiaries

Citations & Metadata