The Department of Homeland Security (DHS) is one step closer to having a consolidated agency to direct cyber and critical infrastructure protection efforts under one operation after a House panel voted unanimously Wednesday to move forward with a bill to authorize and re-designate the National Protection Programs and Directorate (NPPD) as the Cybersecurity and Infrastructure Security Agency (CISA).
The House Homeland Security Committee passed by voice vote the Cybersecurity and Infrastructure Security Agency Act of 2017, which was introduced by Committee Chair Rep. Michael McCaul (R-Texas) on July 24. The bill received bipartisan support and was passed to the House floor with no amendments added.
Under the CISA Act, the NPPD would be restructured as CISA and be comprised of three divisions focused on cyber security, infrastructure security, and emergency communications. The policy, which was first proposed under the Obama administration, is meant to consolidate DHS oversight of network and critical infrastructure systems by creating a single operational organization.
“In recent years we have seen hackers attack private companies like Sony, Target, and Yahoo, as well as government institutions which include our Office of Personnel Management and Great Britain’s National Health Service. With each passing day nation states and cyber criminals are continually looking to expose new vulnerabilities and because America has become so dependent on computer networks and information technology, everyone is a potential victim,” said McCaul in a prepared statement on the legislation. “Today the committee takes a major step forward with this legislation. We worked closely with the Department of Homeland Security and my colleagues across the aisle to ensure our homeland remains ready to protect Americans from dangerous cyber attacks.”
The new agency would establish a director for CISA who would report directly to the DHS secretary. At the present, the NPPD is headed by an undersecretary who is responsible for overseeing he department’s cyber and infrastructure protection efforts.
McCaul had initially pushed for such legislation last year, when it was known as the Cybersecurity and Infrastructure Protection Agency Act, but the bill went nowhere after his committee unanimously approved it. Both bills call for increased information sharing between the public and private sector on cyber security issues, and carrying out a greater number of risk assessments for critical infrastructure systems.
The committee also unanimously voted on Wednesday to move the Cyber Vulnerability Disclosure Reporting Act to the House for consideration. The bill, introduced by Rep. Sheila Jackson (R-Texas), requires the DHS secretary to submit a report to both the House Homeland Security Committee and the Senate Homeland Security & Governmental Affairs Committee, no later than 240 days after legislation passes, detailing the department’s cyber vulnerability procedures and policies.