PRIA Logo
Title 6Domestic SecurityRelease 119-73not60

§661 Cybersecurity Strategy

Title 6 › Chapter 1— HOMELAND SECURITY ORGANIZATION › Subchapter XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY › Part A— Cybersecurity and Infrastructure Security › § 661

Last updated Apr 3, 2026|Official source

Summary

The Secretary must create a department-wide cybersecurity plan no later than 90 days after December 23, 2016. The plan must list the main goals and how to carry them out. It must describe the programs, policies, and activities needed, including work tied to the national cybersecurity and communications integration center (see section 659), cyber investigations, cyber research and development, and working with international cybersecurity partners. When making the plan, the Secretary must consider the November 2011 Homeland Security Enterprise cybersecurity strategy, the Department of Homeland Security Fiscal Years 2014–2018 Strategic Plan, and the most recent Quadrennial Homeland Security Review issued under section 347. The plan should, when practical, say which parts and offices of the Department will do each job. Within 90 days after finishing the plan, the Secretary must issue a plan to put it into action that lists objectives and tasks, shows timelines and costs, and gives measures to check progress. Copies of the plan and the action plan must be sent to Congress when issued, with any related legislative or budget proposals. The public plan must be unclassified but may have a classified annex. The Department is not allowed to monitor, surveil, extract, or collect data to track a person’s personally identifiable information.

Full Legal Text

Title 6, §661

Domestic Security — Source: USLM XML via OLRC

(a)Not later than 90 days after December 23, 2016, the Secretary shall develop a departmental strategy to carry out cybersecurity responsibilities as set forth in law.
(b)The strategy required under subsection (a) shall include the following:
(1)Strategic and operational goals and priorities to successfully execute the full range of the Secretary’s cybersecurity responsibilities.
(2)Information on the programs, policies, and activities that are required to successfully execute the full range of the Secretary’s cybersecurity responsibilities, including programs, policies, and activities in furtherance of the following:
(A)Cybersecurity functions set forth in section 659 of this title (relating to the national cybersecurity and communications integration center).
(B)Cybersecurity investigations capabilities.
(C)Cybersecurity research and development.
(D)Engagement with international cybersecurity partners.
(c)In developing the strategy required under subsection (a), the Secretary shall—
(1)consider—
(A)the cybersecurity strategy for the Homeland Security Enterprise published by the Secretary in November 2011;
(B)the Department of Homeland Security Fiscal Years 2014–2018 Strategic Plan; and
(C)the most recent Quadrennial Homeland Security Review issued pursuant to section 347 of this title; and
(2)include information on the roles and responsibilities of components and offices of the Department, to the extent practicable, to carry out such strategy.
(d)Not later than 90 days after the development of the strategy required under subsection (a), the Secretary shall issue an implementation plan for the strategy that includes the following:
(1)Strategic objectives and corresponding tasks.
(2)Projected timelines and costs for such tasks.
(3)Metrics to evaluate performance of such tasks.
(e)The Secretary shall submit to Congress for assessment the following:
(1)A copy of the strategy required under subsection (a) upon issuance.
(2)A copy of the implementation plan required under subsection (d) upon issuance, together with detailed information on any associated legislative or budgetary proposals.
(f)The strategy required under subsection (a) shall be in an unclassified form but may contain a classified annex.
(g)Nothing in this section may be construed as permitting the Department to engage in monitoring, surveillance, exfiltration, or other collection activities for the purpose of tracking an individual’s personally identifiable information.

Legislative History

Notes & Related Subsidiaries

Editorial Notes

Codification Section was formerly classified to section 149a of this title prior to renumbering by Pub. L. 115–278.

Amendments

2022—Subsec. (h). Pub. L. 117–263 struck out subsec. (h). Text read as follows: “In this section, the term ‘Homeland Security Enterprise’ means relevant governmental and nongovernmental entities involved in homeland security, including Federal, State, local, and tribal government officials, private sector representatives, academics, and other policy experts.” 2018—Subsec. (b)(2)(A). Pub. L. 115–278, § 2(g)(9)(A)(v), substituted “section 659 of this title” for “the section 148 of this title”.

Reference

Citations & Metadata

Citation

6 U.S.C. § 661

Title 6Domestic Security

Last Updated

Apr 3, 2026

Release point: 119-73not60