New Federal Law Would Create Agency-Level DHS Cybersecurity Unit
[Image via niccs.us-cert]
With everything else happening in the last week, you would be forgiven if you missed a major story that will likely have a significant impact on American elections: passage of a bill that would elevate the Department of Homeland Security’s cybersecurity division to the agency level. The Hill has more:
A bill that will solidify the Department of Homeland Security’s (DHS) role as the main federal agency overseeing civilian cybersecurity is heading to President Trump‘s desk.
The House on Tuesday unanimously passed a bill [H.R. 3359] to establish a new cybersecurity agency, known as the Cybersecurity and Infrastructure Security Agency (CISA), that is the same stature as other units within DHS, such as Secret Service or FEMA.
The bill will also rebrand DHS’ main cybersecurity unit, known as National Protection and Programs Directorate (NPPD), as the Cybersecurity and Infrastructure Protection Agency. That means that the headquarters will be a full-fledged operational component of DHS.
The legislation passed the Senate in a unanimous consent vote last month. The Senate had made some changes to an earlier version of the House-passed bill, which required it to be sent back to the lower chamber for final approval.
Members in the House passed the bill Tuesday in the first series of votes following last week’s midterm elections.
Top DHS officials have been pushing for the bill to pass, arguing it would better communicate their mission to the private sector and help DHS recruit top cyber talent.
“Today’s vote is a significant step to stand up a federal government cybersecurity agency,” said DHS Secretary Kirstjen Nielsen said in a statement. “The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical. It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.”
NPPD’s top cyber official, Christopher Krebs — who would become the cyber agency’s director under this bill — echoed Nielsen.
“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” Krebs said in a statement. “The changes will also improve the Department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”
The bill, which stalled during the Senate earlier this year, is responsible for securing federal networks and protecting critical infrastructure from cyber and physical threats.
NPPD has seen its responsibilities rapidly expand in the decade since its inception, most recently taking the lead on engaging with states to protect digital election infrastructure from sabotage following Russian interference in the 2016 election.
Once the bill receives the President’s signature, it will allow the new CISA to step up its presence in many sectors, including elections, where the need for information-sharing and coordination between election officials and players in the public and private sector grows every day. This effort also allows the new agency to stop assembling parts from disparate units within DHS and instead fashion an agency-level approach to problems facing American cybersecurity. [It likely also means a larger role for advisor Matt Masterson, who has been a key player in DHS’ efforts to make progress – and friends – in the election community.]
Congratulations to everyone involved – visible changes may take time but I wouldn’t be surprised to see the new CISA move quickly to find its new, sturdier feet on elections and other issues. Stay tuned …