[Page S8272]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 2324. Mr. LEVIN (for himself and Mr. McCain) submitted an 
amendment intended to be proposed by him to the bill S. 1197, to 
authorize appropriations for fiscal year 2014 for military activities 
of the Department of Defense, for military construction, and for 
defense activities of the Department of Energy, to prescribe military 
personnel strengths for such fiscal year, and for other purposes; which 
was ordered to lie on the table; as follows:

       At the end of subtitle D of title IX, add the following:

     SEC. 949. REPORTING ON PENETRATIONS INTO NETWORKS AND 
                   INFORMATION SYSTEMS OF OPERATIONALLY CRITICAL 
                   CONTRACTORS.

       (a) Procedures for Reporting Penetrations.--The Secretary 
     of Defense shall establish procedures that require an 
     operationally critical contractor to report to a component of 
     the Department of Defense designated by the Secretary for 
     purposes of such procedures when a network or information 
     system of such operationally critical contractor is 
     successfully penetrated.
       (b) Procedure Requirements.--
       (1) Rapid reporting.--The procedures established pursuant 
     to subsection (a) shall require each operationally critical 
     contractor to rapidly report to the component of the 
     Department designated pursuant to subsection (a) on each 
     successful penetration of any network or information systems 
     of such contractor. Each such report shall include the 
     following:
       (A) The technique or method used in such penetration.
       (B) A sample of any malicious software, if discovered and 
     isolated by the contractor, involved in such penetration.
       (2) Department assistance and access to equipment and 
     information by department personnel.--The procedures 
     established pursuant to subsection (a) shall include 
     mechanisms for Department personnel to--
       (A) assist operationally critical contractors in detecting 
     and mitigating penetrations; and
       (B) upon request, obtain access to equipment or information 
     of an operationally critical contractor necessary to conduct 
     forensic analysis in addition to any analysis conducted by 
     such contractor.
       (3) Protection of trade secrets and other information.--The 
     procedures established pursuant to subsection (a) shall 
     provide for the reasonable protection of trade secrets, 
     commercial or financial information, and information that can 
     be used to identify a specific person.
       (c) Issuance of Procedures.--The Secretary shall establish 
     the procedures required by subsection (a) by not later than 
     90 days after the date of the enactment of this Act. The 
     procedures shall take effect on the date of establishment.
       (d) Assessment of Department Policies and Systems for 
     Sharing Information on Penetrations.--
       (1) In general.--Not later than 90 days after the date of 
     the enactment of the Act, the Secretary shall conduct an 
     assessment of Department policies and systems for sharing 
     information on successful penetrations into networks or 
     information systems of operationally critical contractors.
       (2) Actions following assessment.--Upon completion of the 
     assessment required by paragraph (1), the Secretary shall 
     issue or revise guidance applicable to Department components 
     to ensure the rapid sharing of information relating to 
     successful penetrations into networks or information systems 
     of operationally critical contractors.
       (e) Definitions.--In this section:
       (1) The term ``operationally critical contractor'' means a 
     contractor designated by the Secretary for purposes of this 
     section as a critical source of supply for a service or 
     capability that is essential to the mobilization, deployment, 
     or sustainment of the Armed Forces in a contingency 
     operation.
       (2) The term ``contingency operation'' has the meaning 
     given that term in section 101(a)(13) of title 10, United 
     States Code.
                                 ______