TITLE II--INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION

Subtitle A--Directorate for Information Analysis and Infrastructure Protection;
Access to Information

SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION.

(a) UNDER SECRETARY OF HOMELAND SECURITY FOR INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION-

(1) IN GENERAL- There shall be in the Department a Directorate for Information Analysis and Infrastructure Protection headed by an Under Secretary for Information Analysis and Infrastructure Protection, who shall be appointed by the President, by and with the advice and consent of the Senate.

(2) RESPONSIBILITIES- The Under Secretary shall assist the Secretary in
discharging the responsibilities assigned by the Secretary.

(b) ASSISTANT SECRETARY FOR INFORMATION ANALYSIS; ASSISTANT SECRETARY FOR INFRASTRUCTURE PROTECTION-

(1) ASSISTANT SECRETARY FOR INFORMATION ANALYSIS- There shall be in the Department an Assistant Secretary for Information Analysis, who shall be appointed by the President.

(2) ASSISTANT SECRETARY FOR INFRASTRUCTURE PROTECTION- There shall be in the Department an Assistant Secretary for Infrastructure Protection, who shall be appointed by the President.

(3) RESPONSIBILITIES- The Assistant Secretary for Information Analysis and the Assistant Secretary for Infrastructure Protection shall assist the Under Secretary for Information Analysis and Infrastructure Protection in discharging the responsibilities of the Under Secretary under this section.

(c) DISCHARGE OF INFORMATION ANALYSIS AND INFRASTRUCTURE PROTECTION- The Secretary shall ensure that the responsibilities of the Department regarding information analysis and infrastructure protection are carried out through the Under Secretary for Information Analysis and Infrastructure Protection.

(d) RESPONSIBILITIES OF UNDER SECRETARY- Subject to the direction and control of the Secretary, the responsibilities of the Under Secretary for Information Analysis and Infrastructure Protection shall be as follows:

(1) To access, receive, and analyze law enforcement information, intelligence information, and other information from agencies of the Federal Government, State and local government agencies (including law enforcement agencies), and private sector entities, and to integrate such information in order to--

(A) identify and assess the nature and scope of terrorist threats to the homeland;

(B) detect and identify threats of terrorism against the United States; and

(C) understand such threats in light of actual and potential vulnerabilities of the homeland.

(2) To carry out comprehensive assessments of the vulnerabilities of the key resources and critical infrastructure of the United States, including the performance of risk assessments to determine the risks posed by particular types of terrorist attacks within the United States (including an assessment of the probability of success of such attacks and the feasibility and potential efficacy of various countermeasures to such attacks).

(3) To integrate relevant information, analyses, and vulnerability assessments (whether such information, analyses, or assessments are provided or produced by the Department or others) in order to identify priorities for protective and support measures by the Department, other agencies of the Federal Government, State and local government agencies and authorities, the private sector, and other entities.

(4) To ensure, pursuant to section 202, the timely and efficient access by the Department to all information necessary to discharge the responsibilities under this section, including obtaining such information from other agencies of the Federal Government.

(5) To develop a comprehensive national plan for securing the key resources and critical infrastructure of the United States, including power production, generation, and distribution systems, information technology and telecommunications systems (including satellites), electronic financial and property record storage and transmission systems, emergency preparedness communications systems, and the physical and technological assets that support such systems.

(6) To recommend measures necessary to protect the key resources and critical infrastructure of the United States in coordination with other agencies of the Federal Government and in cooperation with State and local government agencies and authorities, the private sector, and other entities.

(7) To administer the Homeland Security Advisory System, including--

(A) exercising primary responsibility for public advisories related to threats to homeland security; and

(B) in coordination with other agencies of the Federal Government, providing specific warning information, and advice about appropriate protective measures and countermeasures, to State and local government agencies and authorities, the private sector, other entities, and the public.

(8) To review, analyze, and make recommendations for improvements in the policies and procedures governing the sharing of law enforcement information, intelligence information, intelligence-related information, and other information relating to homeland security within the Federal Government and between the Federal Government and State and local government agencies and authorities.

(9) To disseminate, as appropriate, information analyzed by the Department within the Department, to other agencies of the Federal Government with responsibilities relating to homeland security, and to agencies of State and local governments and private sector entities with such responsibilities in order to assist in the deterrence, prevention, preemption of, or response to, terrorist attacks against the United States.

(10) To consult with the Director of Central Intelligence and other appropriate intelligence, law enforcement, or other elements of the Federal Government to establish collection priorities and strategies for information, including law enforcement-related information, relating to threats of terrorism against the United States through such means as the representation of the Department in discussions regarding requirements and priorities in the collection of such information.

(11) To consult with State and local governments and private sector entities to ensure appropriate exchanges of information, including law enforcement-related information, relating to threats of terrorism against the United States.

(12) To ensure that--

(A) any material received pursuant to this Act is protected from unauthorized disclosure and handled and used only for the performance of official duties; and

(B) any intelligence information under this Act is shared, retained, and disseminated consistent with the authority of the Director of Central Intelligence to protect intelligence sources and methods under the National Security Act of 1947 (50 U.S.C. 401 et seq.) and related procedures and, as appropriate, similar authorities of the Attorney General concerning sensitive law enforcement information.

(13) To request additional information from other agencies of the Federal Government, State and local government agencies, and the private sector relating to threats of terrorism in the United States, or relating to other areas of responsibility assigned by the Secretary, including the entry into cooperative agreements through the Secretary to obtain such information.

(14) To establish and utilize, in conjunction with the chief information officer of the Department, a secure communications and information technology infrastructure, including data-mining and other advanced analytical tools, in order to access, receive, and analyze data and information in furtherance of the responsibilities under this section, and to disseminate information acquired and analyzed by the Department, as appropriate.

(15) To ensure, in conjunction with the chief information officer of the Department, that any information databases and analytical tools developed or utilized by the Department--

(A) are compatible with one another and with relevant information databases of other agencies of the Federal Government; and

(B) treat information in such databases in a manner that complies with applicable Federal law on privacy.

(16) To coordinate training and other support to the elements and personnel of the Department, other agencies of the Federal Government, and State and local governments that provide information to the Department, or are consumers of information provided by the Department, in order to facilitate the identification and sharing of information revealed in their ordinary duties and the optimal utilization of information received from the Department.

(17) To coordinate with elements of the intelligence community and with Federal, State, and local law enforcement agencies, and the private sector, as appropriate.

(18) To provide intelligence and information analysis and support to other elements of the Department.

(19) To perform such other duties relating to such responsibilities as the Secretary may provide.

(e) STAFF-

(1) IN GENERAL- The Secretary shall provide the Directorate with a staff of analysts having appropriate expertise and experience to assist the Directorate in discharging responsibilities under this section.

(2) PRIVATE SECTOR ANALYSTS- Analysts under this subsection may include analysts from the private sector.

(3) SECURITY CLEARANCES- Analysts under this subsection shall possess
security clearances appropriate for their work under this section.
(f) DETAIL OF PERSONNEL-

(1) IN GENERAL- In order to assist the Directorate in discharging responsibilities under this section, personnel of the agencies referred to in paragraph (2) may be detailed to the Department for the performance of analytic functions and related duties.

(2) COVERED AGENCIES- The agencies referred to in this paragraph are as
follows:

(A) The Department of State.

(B) The Central Intelligence Agency.

(C) The Federal Bureau of Investigation.

(D) The National Security Agency.

(E) The National Imagery and Mapping Agency.

(F) The Defense Intelligence Agency.

(G) Any other agency of the Federal Government that the President considers appropriate.

(3) COOPERATIVE AGREEMENTS- The Secretary and the head of the agency concerned may enter into cooperative agreements for the purpose of detailing
personnel under this subsection.

(4) BASIS- The detail of personnel under this subsection may be on a reimbursable or non-reimbursable basis.

(g) FUNCTIONS TRANSFERRED- In accordance with title XV, there shall be transferred to the Secretary, for assignment to the Under Secretary for Information Analysis and Infrastructure Protection under this section, the functions, personnel, assets, and liabilities of the following:

(1) The National Infrastructure Protection Center of the Federal Bureau of Investigation (other than the Computer Investigations and Operations Section), including the functions of the Attorney General relating thereto.

(2) The National Communications System of the Department of Defense, including the functions of the Secretary of Defense relating thereto.

(3) The Critical Infrastructure Assurance Office of the Department of Commerce, including the functions of the Secretary of Commerce relating thereto.

(4) The National Infrastructure Simulation and Analysis Center of the Department of Energy and the energy security and assurance program and activities of the Department, including the functions of the Secretary of Energy relating thereto.

(5) The Federal Computer Incident Response Center of the General Services Administration, including the functions of the Administrator of General Services relating thereto.

(h) INCLUSION OF CERTAIN ELEMENTS OF THE DEPARTMENT AS ELEMENTS OF THE INTELLIGENCE COMMUNITY- Section 3(4) of the National Security Act of 1947 (50
U.S.C. 401(a)) is amended--

(1) by striking `and' at the end of subparagraph (I);

(2) by redesignating subparagraph (J) as subparagraph (K); and

(3) by inserting after subparagraph (I) the following new subparagraph:`(J) the elements of the Department of Homeland Security concerned with the analyses of foreign intelligence information; and'.

SEC. 202. ACCESS TO INFORMATION.

(a) IN GENERAL-

(1) THREAT AND VULNERABILITY INFORMATION- Except as otherwise directed by the President, the Secretary shall have such access as the Secretary considers necessary to all information, including reports, assessments, analyses, and unevaluated intelligence relating to threats of terrorism against the United States and to other areas of responsibility assigned by the Secretary, and to all information concerning infrastructure or other vulnerabilities of the United States to terrorism, whether or not such information has been analyzed, that may be collected, possessed, or prepared by any agency of the Federal Government.

(2) OTHER INFORMATION- The Secretary shall also have access to other information relating to matters under the responsibility of the Secretary that may be collected, possessed, or prepared by an agency of the Federal Government as the President may further provide.

(b) MANNER OF ACCESS- Except as otherwise directed by the President, with respect to information to which the Secretary has access pursuant to this section--

(1) the Secretary may obtain such material upon request, and may enter into cooperative arrangements with other executive agencies to provide such material or provide Department officials with access to it on a regular or routine basis, including requests or arrangements involving broad categories of material, access to electronic databases, or both; and

(2) regardless of whether the Secretary has made any request or entered into any cooperative arrangement pursuant to paragraph (1), all agencies of the Federal Government shall promptly provide to the Secretary--

(A) all reports (including information reports containing intelligence which has not been fully evaluated), assessments, and analytical information relating to threats of terrorism against the United States and to other areas of responsibility assigned by the Secretary;

(B) all information concerning the vulnerability of the infrastructure of the United States, or other vulnerabilities of the United States, to terrorism, whether or not such information has been analyzed;

(C) all other information relating to significant and credible threats of terrorism against the United States, whether or not such information has been analyzed; and

(D) such other information or material as the President may direct.

(c) TREATMENT UNDER CERTAIN LAWS- The Secretary shall be deemed to be a Federal law enforcement, intelligence, protective, national defense, immigration, or national security official, and shall be provided with all information from law enforcement agencies that is required to be given to the Director of Central Intelligence, under any provision of the following:

(1) The USA PATRIOT Act of 2001 (Public Law 107-56).

(2) Section 2517(6) of title 18, United States Code.

(3) Rule 6(e)(3)(C) of the Federal Rules of Criminal Procedure.

(d) ACCESS TO INTELLIGENCE AND OTHER INFORMATION-

(1) ACCESS BY ELEMENTS OF FEDERAL GOVERNMENT- Nothing in this title shall preclude any element of the intelligence community (as that term is defined in section 3(4) of the National Security Act of 1947 (50 U.S.C. 401a(4)), or other any element of the Federal Government with responsibility for analyzing terrorist threat information, from receiving any intelligence or other information relating to terrorism.

(2) SHARING OF INFORMATION- The Secretary, in consultation with the Director of Central Intelligence, shall work to ensure that intelligence or other information relating to terrorism to which the Department has access is appropriately shared with the elements of the Federal Government referred to in paragraph (1), as well as with State and local governments, as appropriate.

Subtitle B--Critical Infrastructure Information

SEC. 211. SHORT TITLE.

This subtitle may be cited as the `Critical Infrastructure Information Act of 2002'.

SEC. 212. DEFINITIONS.

In this subtitle:

(1) AGENCY- The term `agency' has the meaning given it in section 551 of
title 5, United States Code.

(2) COVERED FEDERAL AGENCY- The term `covered Federal agency' means the Department of Homeland Security.

(3) CRITICAL INFRASTRUCTURE INFORMATION- The term `critical infrastructure information' means information not customarily in the public domain and related to the security of critical infrastructure or protected systems--

(A) actual, potential, or threatened interference with, attack on, compromise of, or incapacitation of critical infrastructure or protected systems by either physical or computer-based attack or other similar conduct (including the misuse of or unauthorized access to all types of communications and data transmission systems) that violates Federal, State, or local law, harms interstate commerce of the United States, or threatens public health or safety;

(B) the ability of any critical infrastructure or protected system to resist such interference, compromise, or incapacitation, including any planned or past assessment, projection, or estimate of the vulnerability of critical infrastructure or a protected system, including security testing, risk evaluation thereto, risk management planning, or risk audit; or

(C) any planned or past operational problem or solution regarding critical infrastructure or protected systems, including repair, recovery, reconstruction, insurance, or continuity, to the extent it is related to such interference, compromise, or incapacitation.

(4) CRITICAL INFRASTRUCTURE PROTECTION PROGRAM- The term `critical infrastructure protection program' means any component or bureau of a covered Federal agency that has been designated by the President or any agency head to receive critical infrastructure information