- § 2651. Prohibition on international inspections of Department of Energy facilities unless protection of Restricted Data is certified
- § 2652. Restrictions on access to national security laboratories by foreign visitors from sensitive countries
- § 2653. Background investigations of certain personnel at Department of Energy facilities
- § 2654. Department of Energy counterintelligence polygraph program
- § 2655. Repealed.
- § 2656. Notice to congressional committees of certain security and counterintelligence failures within atomic energy defense programs
- § 2657. Annual report and certification on status of security of atomic energy defense facilities
- § 2658. Repealed.
- § 2659. Repealed.
- § 2660. Repealed.
- § 2661. Protection of certain nuclear facilities and assets from unmanned aircraft
- § 2662. Reporting on penetrations of networks of contractors and subcontractors
§ 2651. Prohibition on international inspections of Department of Energy facilities unless protection of Restricted Data is certified
(a) Prohibition on inspections
(b) Omitted
(Pub. L. 107–314, div. D, title XLV, § 4501, formerly Pub. L. 104–106, div. C, title XXXI, § 3154, Feb. 10, 1996, 110 Stat. 624; renumbered Pub. L. 107–314, div. D, title XLV, § 4501, and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(2), Nov. 24, 2003, 117 Stat. 1771; Pub. L. 112–239, div. C, title XXXI, § 3131(j), Jan. 2, 2013, 126 Stat. 2182; Pub. L. 113–66, div. C, title XXXI, § 3146(a)(2)(F), Dec. 26, 2013, 127 Stat. 1073; Pub. L. 113–291, div. C, title XXXI, § 3142(j), Dec. 19, 2014, 128 Stat. 3900.)
§ 2652. Restrictions on access to national security laboratories by foreign visitors from sensitive countries
(a) Background review required
(b) Sense of Congress regarding background reviews
(c) Definitions
For purposes of this section:
(1) The term “background review”, commonly known as an indices check, means a review of information provided by the Director of National Intelligence and the Director of the Federal Bureau of Investigation regarding personal background, including information relating to any history of criminal activity or to any evidence of espionage.
(2) The term “sensitive countries list” means the list prescribed by the Secretary of Energy known as the Department of Energy List of Sensitive Countries.
(Pub. L. 107–314, div. D, title XLV, § 4502, formerly Pub. L. 106–65, div. C, title XXXI, § 3146, Oct. 5, 1999, 113 Stat. 935; renumbered Pub. L. 107–314, div. D, title XLV, § 4502, and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(3), Nov. 24, 2003, 117 Stat. 1771; Pub. L. 112–239, div. C, title XXXI, § 3131(k)(1), (bb)(1)(D), Jan. 2, 2013, 126 Stat. 2182, 2185; Pub. L. 113–66, div. C, title XXXI, § 3146(f)(1), Dec. 26, 2013, 127 Stat. 1079.)
§ 2653. Background investigations of certain personnel at Department of Energy facilities
The Secretary of Energy shall ensure that an investigation meeting the requirements of section 2165 of title 42 is made for each Department of Energy employee, or contractor employee, at a national security laboratory or nuclear weapons production facility who—
(1) carries out duties or responsibilities in or around a location where Restricted Data is present; or
(2) has or may have regular access to a location where Restricted Data is present.
(Pub. L. 107–314, div. D, title XLV, § 4503, formerly Pub. L. 106–65, div. C, title XXXI, § 3143, Oct. 5, 1999, 113 Stat. 934; renumbered Pub. L. 107–314, div. D, title XLV, § 4503, and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(4), Nov. 24, 2003, 117 Stat. 1772; Pub. L. 112–239, div. C, title XXXI, § 3131(l), Jan. 2, 2013, 126 Stat. 2182.)
§ 2654. Department of Energy counterintelligence polygraph program
(a) New counterintelligence polygraph program required
(b) Authorities and limitations
(1) The Secretary shall prescribe regulations for the new counterintelligence polygraph program required by subsection (a) in accordance with the provisions of subchapter II of chapter 5 of title 5 (commonly referred to as the Administrative Procedures Act).
(2) In prescribing regulations for the new program, the Secretary shall take into account the results of the Polygraph Review.
(3) Not later than six months after obtaining the results of the Polygraph Review, the Secretary shall issue a notice of proposed rulemaking for the new program.
(4) In the event of a counterintelligence investigation, the regulations prescribed under paragraph (1) may ensure that the persons subject to the counterintelligence polygraph program required by subsection (a) include any person who is—
(A) a national of the United States (as such term is defined in section 1101 of title 8) and also a national of a foreign state; and
(B) an employee or contractor who requires access to classified information.
(c) Omitted
(d) Polygraph Review defined
(Pub. L. 107–314, div. D, title XLV, § 4504, formerly Pub. L. 107–107, div. C, title XXXI, § 3152, Dec. 28, 2001, 115 Stat. 1376; renumbered Pub. L. 107–314, div. D, title XLV, § 4504, and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(5)(A), Nov. 24, 2003, 117 Stat. 1772; Pub. L. 113–66, div. C, title XXXI, § 3146(f)(2), Dec. 26, 2013, 127 Stat. 1079; Pub. L. 115–232, div. C, title XXXI, § 3112, Aug. 13, 2018, 132 Stat. 2290.)
§ 2655. Repealed. Pub. L. 107–314, div. D, title XLV, § 4504(c), formerly Pub. L. 107–107, div. C, title XXXI, § 3152(c), Dec. 28, 2001, 115 Stat. 1377; renumbered Pub. L. 107–314, div. D, title XLV, § 4504(c), and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(5)(A), Nov. 24, 2003, 117 Stat. 1772
§ 2656. Notice to congressional committees of certain security and counterintelligence failures within atomic energy defense programs
(a) Required notification
(b) Significant atomic energy defense intelligence losses
(c) Manner of notification
(d) Procedures
(e) Statutory construction
(1) Nothing in this section shall be construed as authority to withhold any information from the Committees on Armed Services of the Senate and House of Representatives on the grounds that providing the information to those committees would constitute the unauthorized disclosure of classified information, information relating to intelligence sources and methods, or sensitive law enforcement information.
(2) Nothing in this section shall be construed to modify or supersede any other requirement to report information on intelligence activities to Congress, including the requirement under section 3091 of this title for the President to ensure that the congressional intelligence committees are kept fully informed of the intelligence activities of the United States and for those committees to notify promptly other congressional committees of any matter relating to intelligence activities requiring the attention of those committees.
(Pub. L. 107–314, div. D, title XLV, § 4505, formerly Pub. L. 106–65, div. C, title XXXI, § 3150, Oct. 5, 1999, 113 Stat. 939; renumbered Pub. L. 107–314, div. D, title XLV, § 4505, by Pub. L. 108–136, div. C, title XXXI, § 3141(h)(6), Nov. 24, 2003, 117 Stat. 1773; Pub. L. 112–239, div. C, title XXXI, § 3131(m)(1), (bb)(1)(D), Jan. 2, 2013, 126 Stat. 2182, 2185; Pub. L. 113–66, div. C, title XXXI, § 3146(f)(3), Dec. 26, 2013, 127 Stat. 1079; Pub. L. 113–291, div. C, title XXXI, § 3142(k), Dec. 19, 2014, 128 Stat. 3901.)
§ 2657. Annual report and certification on status of security of atomic energy defense facilities
(a) Report and certification on nuclear security enterprise
(1) Not later than September 30 of each even-numbered year, the Administrator shall submit to the Secretary of Energy—
(A) a report detailing the status of security at facilities holding Category I and II quantities of special nuclear material that are administered by the Administration; and
(B) written certification that such facilities are secure and that the security measures at such facilities meet the security standards and requirements of the Administration and the Department of Energy.
(2) If the Administrator is unable to make the certification described in paragraph (1)(B) with respect to a facility, the Administrator shall submit to the Secretary with the matters required by paragraph (1) a corrective action plan for the facility describing—
(A) the deficiency that resulted in the Administrator being unable to make the certification;
(B) the actions to be taken to correct the deficiency; and
(C) timelines for taking such actions.
(3) Not later than December 1 of each even-numbered year, the Secretary shall submit to the congressional defense committees the unaltered report, certification, and any corrective action plans submitted by the Administrator under paragraphs (1) and (2) together with any comments of the Secretary.
(b) Report and certification on atomic energy defense facilities not administered by the Administration
(1) Not later than December 1 of each even-numbered year, the Secretary shall submit to the congressional defense committees—
(A) a report detailing the status of the security of atomic energy defense facilities holding Category I and II quantities of special nuclear material that are not administered by the Administration; and
(B) written certification that such facilities are secure and that the security measures at such facilities meet the security standards and requirements of the Department of Energy.
(2) If the Secretary is unable to make the certification described in paragraph (1)(B) with respect to a facility, the Secretary shall submit to the congressional defense committees, together with the matters required by paragraph (1), a corrective action plan describing—
(A) the deficiency that resulted in the Secretary being unable to make the certification;
(B) the actions to be taken to correct the deficiency; and
(C) timelines for taking such actions.
(Pub. L. 107–314, div. D, title XLV, § 4506, formerly Pub. L. 105–85, div. C, title XXXI, § 3162, Nov. 18, 1997, 111 Stat. 2049; Pub. L. 106–65, div. C, title XXXI, § 3142(h)(2), Oct. 5, 1999, 113 Stat. 934; renumbered Pub. L. 107–314, div. D, title XLV, § 4506, and amended Pub. L. 108–136, div. C, title XXXI, § 3141(h)(7), Nov. 24, 2003, 117 Stat. 1773; Pub. L. 113–66, div. C, title XXXI, § 3121(a), Dec. 26, 2013, 127 Stat. 1060; Pub. L. 114–328, div. C, title XXXI, § 3135, Dec. 23, 2016, 130 Stat. 2771; Pub. L. 115–91, div. C, title XXXI, § 3133(b), Dec. 12, 2017, 131 Stat. 1896.)
§ 2658. Repealed. Pub. L. 113–66, div. C, title XXXI, § 3132(a)(1), Dec. 26, 2013, 127 Stat. 1068
§ 2659. Repealed. Pub. L. 114–113, div. M, title VII, § 701(f), Dec. 18, 2015, 129 Stat. 2930
§ 2660. Repealed. Pub. L. 115–91, div. C, title XXXI, § 3135(c)(1), Dec. 12, 2017, 131 Stat. 1899
§ 2661. Protection of certain nuclear facilities and assets from unmanned aircraft
(a) Authority
(b) Actions described
(1) The actions described in this paragraph are the following:
(A) Detect, identify, monitor, and track the unmanned aircraft system or unmanned aircraft, without prior consent, including by means of intercept or other access of a wire, oral, or electronic communication used to control the unmanned aircraft system or unmanned aircraft.
(B) Warn the operator of the unmanned aircraft system or unmanned aircraft, including by passive or active, and direct or indirect physical, electronic, radio, and electromagnetic means.
(C) Disrupt control of the unmanned aircraft system or unmanned aircraft, without prior consent, including by disabling the unmanned aircraft system or unmanned aircraft by intercepting, interfering, or causing interference with wire, oral, electronic, or radio communications used to control the unmanned aircraft system or unmanned aircraft.
(D) Seize or exercise control of the unmanned aircraft system or unmanned aircraft.
(E) Seize or otherwise confiscate the unmanned aircraft system or unmanned aircraft.
(F) Use reasonable force to disable, damage, or destroy the unmanned aircraft system or unmanned aircraft.
(2) The Secretary of Energy shall develop the actions described in paragraph (1) in coordination with the Secretary of Transportation.
(c) Forfeiture
(d) Regulations
(e) DefinitionsIn this section:
(1) The term “covered facility or asset” means any facility or asset that is—
(A) identified by the Secretary of Energy for purposes of this section;
(B) located in the United States (including the territories and possessions of the United States); and
(C) owned by the United States or contracted to the United States, to store or use special nuclear material.
(2) The terms “unmanned aircraft” and “unmanned aircraft system” have the meanings given those terms in section 331 of the FAA Modernization and Reform Act of 2012 (Public Law 112–95; 49 U.S.C. 40101 1
1 See References in Text note below.
note).(Pub. L. 107–314, div. D, title XLV, § 4510, as added Pub. L. 114–328, div. C, title XXXI, § 3112(a), Dec. 23, 2016, 130 Stat. 2756.)
§ 2662. Reporting on penetrations of networks of contractors and subcontractors
(a) Procedures for reporting penetrations
(b) Establishment of criteria for covered networks
(1) In general
(2) Officials specifiedThe officials specified in this paragraph are the following officials of the Administration:
(A) The Deputy Administrator for Defense Programs.
(B) The Associate Administrator for Acquisition and Project Management.
(C) The Chief Information Officer.
(D) Any other official of the Administration the Administrator considers necessary.
(c) Procedure requirements
(1) Rapid reporting
(A) In general
(B) ElementsSubject to subparagraph (C), each report required by subparagraph (A) with respect to a successful penetration of a covered network of a contractor or subcontractor shall include the following:
(i) A description of the technique or method used in such penetration.
(ii) A sample of the malicious software, if discovered and isolated by the contractor or subcontractor, involved in such penetration.
(iii) A summary of information created by or for the Administration in connection with any program of the Administration that has been potentially compromised as a result of such penetration.
(C) Avoidance of delays in reportingIf a contractor or subcontractor is not able to obtain all of the information required by subparagraph (B) to be included in a report required by subparagraph (A) by the date that is 60 days after the discovery of a successful penetration of a covered network of the contractor or subcontractor, the contractor or subcontractor shall—
(i) include in the report all information available as of that date; and
(ii) provide to the Chief Information Officer the additional information required by subparagraph (B) as the information becomes available.
(2) Access to equipment and information by Administration personnelConcurrent with the establishment of the procedures pursuant to subsection (a), the Administrator shall establish procedures to be used if information owned by the Administration was in use during or at risk as a result of the successful penetration of a covered network—
(A) in order to—
(i) in the case of a penetration of a covered network of a management and operating contractor, enhance the access of personnel of the Administration to Government-owned equipment and information; and
(ii) in the case of a penetration of a covered network of a contractor or subcontractor that is not a management and operating contractor, facilitate the access of personnel of the Administration to the equipment and information of the contractor or subcontractor; and
(B) which shall—
(i) include mechanisms for personnel of the Administration to, upon request, obtain access to equipment or information of a contractor or subcontractor necessary to conduct forensic analysis in addition to any analysis conducted by the contractor or subcontractor;
(ii) provide that a contractor or subcontractor is only required to provide access to equipment or information as described in clause (i) to determine whether information created by or for the Administration in connection with any program of the Administration was successfully exfiltrated from a network of the contractor or subcontractor and, if so, what information was exfiltrated; and
(iii) provide for the reasonable protection of trade secrets, commercial or financial information, and information that can be used to identify a specific person.
(3) Dissemination of informationThe procedures established pursuant to subsection (a) shall allow for limiting the dissemination of information obtained or derived through such procedures so that such information may be disseminated only to entities—
(A) with missions that may be affected by such information;
(B) that may be called upon to assist in the diagnosis, detection, or mitigation of cyber incidents;
(C) that conduct counterintelligence or law enforcement investigations; or
(D) for national security purposes, including cyber situational awareness and defense purposes.
(d) DefinitionsIn this section:
(1) Chief Information Officer
(2) Contractor
(3) Covered networkThe term “covered network” includes any network or information system that accesses, receives, or stores—
(A) classified information; or
(B) sensitive unclassified information germane to any program of the Administration, as determined by the Administrator.
(4) Subcontractor
(Pub. L. 107–314, div. D, title XLV, § 4511, as added Pub. L. 116–283, div. C, title XXXI, § 3131(a), Jan. 1, 2021, 134 Stat. 4383.)