Amendment 20

Amendment ID: S2806-20

Amendment 20

Clarifying the Civil Defense Act Application to Cybersecurity Attacks

Messrs. Moore, Montigny and Tarr move that the proposed new text be amended by inserting after section __ the following two sections:-

SECTION __. Section 1 of Chapter 639 of the Acts of 1950, as amended by Chapter 54 of the Acts of 2014, is hereby amended by inserting after the word “causes” the following:-

“; or by cybersecurity attack or threat thereof that affects the commonwealth’s critical infrastructure, information systems owned or operated by the commonwealth, or other infrastructure or cyber systems deemed necessary and at risk by the governor.”

SECTION __. Said section 1 of Chapter 639 of the Acts of 1950, as amended by Chapter 54 of the Acts of 2014, is hereby further amended by inserting after the definition of “Civil defense” the following definitions:-

“Critical infrastructure”, the assets, systems, and networks, either physical or virtual, within the commonwealth that are so vital to the commonwealth or the United States that the incapacitation or destruction of such a system or asset would have a debilitating impact on cybersecurity, physical security, economic security, the environment, public health or safety or any combination thereof; provided, however, that “critical infrastructure” shall include, but not be limited to, election systems, transportation infrastructure, water, gas and electric utilities, and shall include any critical infrastructure sectors as identified by: (1) Presidential Policy Directive-21 or successor directive; (2) the federal Cybersecurity and Infrastructure Security Agency; or (3) the cybersecurity control board.

“Cybersecurity attack” shall mean an attack, via electronic means, targeting the commonwealth’s use of cyberspace for the purpose of infiltrating, disrupting, disabling, destroying, or maliciously controlling a computing environment or infrastructure; destroying the integrity of the data; or stealing controlled information.

“Cyber System” shall mean the network of hardware, software, procedures, and people put in place by companies, individuals, or governments that can connect to a network, including the Internet."