(a) In generalConsistent with applicable law, Presidential directives, Federal regulations, and strategic guidance from the Secretary, each Sector Risk Management Agency, in coordination with the Director, shall—(1) provide specialized sector-specific expertise to critical infrastructure owners and operators within its designated critical infrastructure sector or subsector of such sector; and
(2) support programs and associated activities of such sector or subsector of such sector.
(b) ImplementationIn carrying out this section, Sector Risk Management Agencies shall—(1) coordinate with the Department and, as appropriate, other relevant Federal departments and agencies;
(2) collaborate with critical infrastructure owners and operators within the designated critical infrastructure sector or subsector of such sector; and
(3) coordinate with independent regulatory agencies, and State, local, Tribal, and territorial entities, as appropriate.
(c) ResponsibilitiesConsistent with applicable law, Presidential directives, Federal regulations, and strategic guidance from the Secretary, each Sector Risk Management Agency shall utilize its specialized expertise regarding its designated critical infrastructure sector or subsector of such sector and authorities under applicable law to—(1) support sector risk management, in coordination with the Director, including—(A) establishing and carrying out programs to assist critical infrastructure owners and operators within the designated sector or subsector of such sector in identifying, understanding, and mitigating threats, vulnerabilities, and risks to their systems or assets, or within a region, sector, or subsector of such sector; and
(B) recommending security measures to mitigate the consequences of destruction, compromise, and disruption of systems and assets;
(2) assess sector risk, in coordination with the Director, including—(A) identifying, assessing, and prioritizing risks within the designated sector or subsector of such sector, considering physical security and cybersecurity threats, vulnerabilities, and consequences; and
(B) supporting national risk assessment efforts led by the Department;
(3) sector coordination, including—(A) serving as a day-to-day Federal interface for the prioritization and coordination of sector-specific activities and responsibilities under this title;
(B) serving as the Federal Government coordinating council chair for the designated sector or subsector of such sector; and
(C) participating in cross-sector coordinating councils, as appropriate;
(4) facilitating, in coordination with the Director, the sharing with the Department and other appropriate Federal department of information regarding physical security and cybersecurity threats within the designated sector or subsector of such sector, including—(A) facilitating, in coordination with the Director, access to, and exchange of, information and intelligence necessary to strengthen the security of critical infrastructure, including through Information Sharing and Analysis Organizations and the national cybersecurity and communications integration center established pursuant to section 659 of this title;
(B) facilitating the identification of intelligence needs and priorities of critical infrastructure owners and operators in the designated sector or subsector of such sector, in coordination with the Director of National Intelligence and the heads of other Federal departments and agencies, as appropriate;
(C) providing the Director, and facilitating awareness within the designated sector or subsector of such sector, of ongoing, and where possible, real-time awareness of identified threats, vulnerabilities, mitigations, and other actions related to the security of such sector or subsector of such sector; and
(D) supporting the reporting requirements of the Department under applicable law by providing, on an annual basis, sector-specific critical infrastructure information;
(5) supporting incident management, including—(A) supporting, in coordination with the Director, incident management and restoration efforts during or following a security incident; and
(B) supporting the Director, upon request, in national cybersecurity asset response activities for critical infrastructure; and
(6) contributing to emergency preparedness efforts, including—(A) coordinating with critical infrastructure owners and operators within the designated sector or subsector of such sector and the Director in the development of planning documents for coordinated action in the event of a natural disaster, act of terrorism, or other man-made disaster or emergency;
(B) participating in and, in coordination with the Director, conducting or facilitating, exercises and simulations of potential natural disasters, acts of terrorism, or other man-made disasters or emergencies within the designated sector or subsector of such sector; and
(C) supporting the Department and other Federal departments or agencies in developing planning documents or conducting exercises or simulations when relevant to the designated sector or subsector or such sector.
Structure US Code
CHAPTER 1— HOMELAND SECURITY ORGANIZATION
SUBCHAPTER XVIII— CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY
Part A— Cybersecurity and Infrastructure Security
§ 652. Cybersecurity and Infrastructure Security Agency
§ 652a. Sector Risk Management Agencies
§ 654. Infrastructure Security Division
§ 655. Enhancement of Federal and non-Federal cybersecurity
§ 657. Cyber Security Enhancement Act of 2002
§ 658. Cybersecurity recruitment and retention
§ 659. National cybersecurity and communications integration center
§ 663. Federal intrusion detection and prevention system
§ 664. National asset database
§ 665. Duties and authorities relating to .gov internet domain
§ 665a. Intelligence and cybersecurity diversity fellowship program
§ 665b. Joint cyber planning office
§ 665c. Cybersecurity State Coordinator
§ 665d. Sector Risk Management Agencies
§ 665e. Cybersecurity Advisory Committee
§ 665f. Cybersecurity education and training programs
§ 665g. State and Local Cybersecurity Grant Program
§ 665h. National Cyber Exercise Program
§ 665j. Ransomware threat mitigation activities
§ 665k. Federal Clearinghouse on School Safety Evidence-based Practices
§ 665l. School and daycare protection
§ 665m. President’s Cup Cybersecurity Competition
§ 665n. Industrial Control Systems Cybersecurity Training Initiative