Cyber Defense of Federal Networks Act of 2015

Cyber Defense of Federal Networks Act of 2015

Amends the Homeland Security Act of 2002 to require the Department of Homeland Security (DHS), in coordination with the Office of Management and Budget (OMB), to implement plans to: (1) detect, identify, and remove intruders in federal agencies' information systems; and (2) make advanced network security tools available for agencies to improve visibility of network activity to detect and mitigate intrusions and anomalous activity.

Directs DHS to coordinate with the OMB to: (1) update government information security metrics to include measures of intrusion and incident detection and response times, and (2) display additional metrics about agency cybersecurity postures on federal government performance websites.

Authorizes DHS, upon an agency's request, to operate and maintain technology that is deployed to agencies to diagnose and mitigate cyber threats and vulnerabilities.

Requires DHS to regularly assess and require implementation of best practices for securing agency information systems and preventing data exfiltration.

Redefines for purposes of DHS's national cybersecurity and communications integration center: (1) "cybersecurity risk" to exclude actions that solely involve a violation of a consumer term of service or a consumer licensing agreement; and (2) "incident" to include occurrences that actually or imminently jeopardize, without lawful authority, an information system, thereby replacing a standard that currently includes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.

Requires DHS to assist agencies in implementing information security practices by: (1) providing incident detection, analysis, mitigation, and response information, disseminating related homeland security information, and providing remote or onsite technical assistance; (2) developing and conducting impact assessments in consultation with other governmental and private entities; (3) assessing and fostering technologies for use across multiple agencies; and (4) ensuring that policies are coordinated with standards for national security systems and policies of the Department of Defense (DOD) and the Director of National Intelligence.

Authorizes the DHS Secretary to: (1) issue a directive to an agency to take any lawful action with respect to the operation of an agency's information system in response to a known or reasonably suspected information security threat, vulnerability, risk, or incident, including an act of terrorism, that represents a substantial threat to information security; or (2) authorize, without prior consultation with the affected agency, the use of protective capabilities under the Secretary's control for communications or system traffic transiting to or from or stored on an agency information system if there is an imminent threat and a directive is unlikely to be timely.

Exempts DOD and the intelligence community from such procedures.