§ 1532

((a)) ** Collection of data** Not later than 90 days after , the Secretary of Homeland Security, acting through the center established under , in coordination with appropriate Federal entities and the Assistant Director for Emergency Communications, shall establish a process by which a Statewide Interoperability Coordinator may report data on any cybersecurity risk or incident involving any information system or network used by emergency response providers (as defined in ) within the State.section 659 of this titlesection 101 of this titleDecember 18, 20152015-12-18 ((b)) ** Analysis of data** Not later than 1 year after , the Secretary of Homeland Security, acting through the Director of the National Cybersecurity and Communications Integration Center, in coordination with appropriate entities and the Assistant Director for Emergency Communications, and in consultation with the Secretary of Commerce, acting through the Director of the National Institute of Standards and Technology, shall conduct integration and analysis of the data reported under subsection (a) to develop information and recommendations on security and resilience measures for any information system or network used by State emergency response providers.December 18, 20152015-12-18 ((c)) ** Best practices** ((1)) ** In general** Using the results of the integration and analysis conducted under subsection (b), and any other relevant information, the Director of the National Institute of Standards and Technology shall, on an ongoing basis, facilitate and support the development of methods for reducing cybersecurity risks to emergency response providers using the process described in .section 272(e) of title 15 ((2)) ** Report** The Director of the National Institute of Standards and Technology shall submit to Congress a report on the result of the activities of the Director under paragraph (1), including any methods developed by the Director under such paragraph, and shall make such report publicly available on the website of the National Institute of Standards and Technology. ((d)) ** Rule of construction** Nothing in this section shall be construed to— ((1)) require a State to report data under subsection (a); or ((2)) require a non-Federal entity (as defined in ) to— ((A)) adopt a recommended measure developed under subsection (b); or ((B)) follow the result of the activities carried out under subsection (c), including any methods developed under such subsection.