The Senate Wednesday evening passed a bill to operationalize the Department of Homeland Security’s main cyber security unit as the agency looks to continue improving election security and critical infrastructure protection efforts against growing cyber threats.
The bill renames DHS’ National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA) and would elevate the office to the same level the department's other operational components such as the Coast Guard, Customs and Border Protection and the Transportation Security Administration.
Christopher Krebs, who leads NPPD, said the bill takes a critical step to better communicating to private sector critical infrastructure stakeholders how DHS is able to provide resources needed to share threat detection information and defend against cyber threats.
"First and foremost, this means only about four more weeks do I have to go by the incomprehensible and unpronounceable National Protection and Programs Directorate. We don’t have to explain what a protection and programs directorate is. Instead it’s we’re DHS, we’re the national cyber security agency effectively,” Krebs told attendees at a GovernmentCIO Media event Thursday. “It became clear that the department needed a single voice, a single agency or organization that was able to carry out the secretary’s critical infrastructure protection and cyber security authorities”
The new CISA will work on partnering with sector specific agencies to coordinate infrastructure protection efforts and assisting private sector partners with cyber security initiatives.
Krebs, who would lead CISA, said the change positions DHS to better project its election security mission with state officials and private sector partners as the agency’s role has continued to expand following the Russian interference campaign in the 2016 elections.
“This communicates to stakeholders that this is not a headquarters that’s just sort of hanging onto the secretary’s office. Congress recognizes this organization’s role as a central coordinator for cyber security and infrastructure security issues. It is a very clear signal,” Krebs told Defense Daily following his discussion at Thursday’s event.
Sen. Claire McCaskill (D-Mo.), ranking member on the Homeland Security & Governmental Affairs committee, said the bill solidifies DHS as the central agency for coordinating cyber protection for civil infrastructure.
“This much needed measure breaks down another barrier to cyber security coordination by renaming and reorganizing the cyber division in the Department of Homeland Security so it can operate efficiently and effectively to secure our systems,” McCaskill said in a statement.
The bill (H.R.3359) passed the House in December 2017 and now heads back the lower chamber after the Senate included a few slight changes in its version. Most of the changes are technical in nature and aren't expected to be an issue in the House.
"I am thrilled that the Senate passed this critical, bipartisan legislation and I look forward to championing CISA through its final step in Congress before heading to the President's desk," Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, said in a statement.
DHS Secretary Kirstjen Nielsen said Tuesday she felt the move to CISA would be critical to ensuring full election security efforts moving forward (Defense Daily, Oct. 2). Nielsen said she expects the president to sign the bill before the end of the year.
Dating back to late in the Obama administration, when the CISA bill was first proposed, DHS officials have maintained that renaming NPPD to account for its roles in securing cyber and critical infrastructures would help with its brand recognition, including with hiring. Once the bill is signed into law, Krebs will over see offices focused on cyber security and infrastructure protection.
The Senate picked up the legislation amid continuing action on cyber attacks including the Department of Justice announcing charges against several Russian intelligence officers for hacking operations and a new report from Bloomberg detailing Chinese hackers' attempts to infiltrate the networks of major American technology companies.