View all text of Subchapter II [§ 3321 - § 3334t]

§ 3334d. Cyber protection support for the personnel of the intelligence community in positions highly vulnerable to cyber attack
(a) Definitions
In this section:
(1) Personal accounts

The term “personal accounts” means accounts for online and telecommunications services, including telephone, residential internet access, email, text and multimedia messaging, cloud computing, social media, health care, and financial services, used by personnel of the intelligence community outside of the scope of their employment with elements of the intelligence community.

(2) Personal technology devices

The term “personal technology devices” means technology devices used by personnel of the intelligence community outside of the scope of their employment with elements of the intelligence community, including networks to which such devices connect.

(b) Requirement to provide cyber protection support
(1) In general

Subject to a determination by the Director of National Intelligence, the Director shall offer cyber protection support for the personal technology devices and personal accounts of the personnel described in paragraph (2) and shall provide such support to any such personnel who request.

(2) At-risk personnel
The personnel described in this paragraph are personnel of the intelligence community—
(A) who the Director determines to be highly vulnerable to cyber attacks and hostile information collection activities because of the positions occupied by such personnel in the intelligence community; and
(B) whose personal technology devices or personal accounts are highly vulnerable to cyber attacks and hostile information collection activities.
(c) Nature of cyber protection support

Subject to the availability of resources, the cyber protection support provided to personnel under subsection (b) may include training, advice, assistance, and other services relating to cyber attacks and hostile information collection activities.

(d) Limitation on support
Nothing in this section shall be construed—
(1) to encourage personnel of the intelligence community to use personal technology devices for official business; or
(2) to authorize cyber protection support for senior intelligence community personnel using personal devices, networks, and personal accounts in an official capacity.
(e) Report
Not later than 180 days after December 20, 2019, the Director shall submit to the congressional intelligence committees a report on the provision of cyber protection support under subsection (b). The report shall include—
(1) a description of the methodology used to make the determination under subsection (b)(2); and
(2) guidance for the use of cyber protection support and tracking of support requests for personnel receiving cyber protection support under subsection (b).
(Pub. L. 116–92, div. E, title LXIII, § 6308, Dec. 20, 2019, 133 Stat. 2189; Pub. L. 117–263, div. F, title LXIII, § 6308(a), Dec. 23, 2022, 136 Stat. 3506.)