Page:United States Statutes at Large Volume 124.djvu/2718

 124 STAT. 2692 PUBLIC LAW 111–259—OCT. 7, 2010 a report containing guidelines or legislative recommendations, if appropriate, to improve the capabilities of the intelligence community and law enforcement agencies to protect the cybersecurity of the United States. Such report shall include guidelines or legislative recommendations on— (A) improving the ability of the intelligence community to detect hostile actions and attribute attacks to specific parties; (B) the need for data retention requirements to assist the intelligence community and law enforcement agencies; (C) improving the ability of the intelligence community to anticipate nontraditional targets of foreign intelligence services; and (D) the adequacy of existing criminal statutes to successfully deter cyber attacks, including statutes criminalizing the facilitation of criminal acts, the scope of laws for which a cyber crime constitutes a predicate offense, trespassing statutes, data breach notification requirements, and victim restitution statutes. (2) SUBSEQUENT.—Not later than one year after the date on which the initial report is submitted under paragraph (1), and annually thereafter for two years, the Director of National Intelligence, in consultation with the Attorney General, the Director of the National Security Agency, the White House Cybersecurity Coordinator, and any other officials the Director of National Intelligence considers appropriate, shall submit to Congress an update of the report required under paragraph (1). (g) SUNSET.—The requirements and authorities of subsections (a) through (e) shall terminate on December 31, 2013. (h) DEFINITIONS.—In this section: (1) CYBERSECURITY PROGRAM.—The term ‘‘cybersecurity program’’ means a class or collection of similar cybersecurity operations of a department or agency of the United States that involves personally identifiable data that is— (A) screened by a cybersecurity system outside of the department or agency of the United States that was the intended recipient of the personally identifiable data; (B) transferred, for the purpose of cybersecurity, out- side the department or agency of the United States that was the intended recipient of the personally identifiable data; or (C) transferred, for the purpose of cybersecurity, to an element of the intelligence community. (2) NATIONAL CYBER INVESTIGATIVE JOINT TASK FORCE.— The term ‘‘National Cyber Investigative Joint Task Force’’ means the multiagency cyber investigation coordination organization overseen by the Director of the Federal Bureau of Investigation known as the National Cyber Investigative Joint Task Force that coordinates, integrates, and provides pertinent information related to cybersecurity investigations. (3) CRITICAL INFRASTRUCTURE.—The term ‘‘critical infra- structure’’ has the meaning given that term in section 1016 of the USA PATRIOT Act (42 U.S.C. 5195c). Deadline.