Rep. John Ratcliffe (R-Texas) on Wednesday introduced legislation that codifies an existing federal cyber security program and ensures that it is continues to evolve to changing threats.
The bill is focused on the Continuous Diagnostics and Mitigation (CDM) program, under which the Department of Homeland Security and federal civilian agencies can purchase an array of software tools to help protect their computer networks from cyber threats. DHS manages the program while the General Services Administration runs the multi-vendor procurement vehicle used by the government to acquire the cyber security tools.
In addition to codifying the program at DHS, the six-page Advancing Cybersecurity Diagnostics and Mitigation Act requires DHS “to make CDM capabilities available to any agency (with our without reimbursement),” according to one provision. It also requires the DHS Secretary to regularly deploy new CDM technologies, and modify existing CDM capabilities to continuously improve the program.”
The bill also bill requires DHS to develop a strategy to ensure the program continues to evolve and adjust to the changing cyber threat landscape and requires the strategy to be shared with Congress. Data and analyses generated under CDM must be shared with the DHS cyber security watch center, which is the National Cybersecurity and Communications Integration Center.
Ratcliffe, chairman of the House Homeland Security Committee’s panel that oversees cyber security issues, in a statement said the bill will “help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting edge capabilities in the private sector. We’re also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors.”
The proposed bill is expected to be considered by the House Homeland Security Committee soon. There is no companion legislation in the Senate currently.