The Senate unanimously passed legislation Oct. 3 that would redesignate the Department of Homeland Security’s National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency.
Rather than cybersecurity being merely an office within NPPD, the new agency would be centrally responsible for leading cybersecurity and critical infrastructure security programs, operations and associated policy, while coordinating with other federal and non-federal entities on cyber issues.
The Cybersecurity and Infrastructure Security Agency Act of 2017 was passed unanimously in the House, Dec. 11, 2017, and a hearing was held in the Senate Homeland Security and Government Affairs Committee approximately two months later, but the bill did not make it to the Senate floor until Oct. 3.
“With the advancement of technology and our increased dependence on computer networks, nation states, hackers and cybercriminals are finding new ways to attack our cyber infrastructure and expose vulnerabilities,” Rep. Michael McCaul, R-Texas, the bill’s sponsor, said in a news release after the bill’s initial House passage.
“This realignment will achieve DHS’s goal of creating a standalone operational organization, focusing on and elevating its vital cybersecurity and infrastructure security missions to strengthen the security of digital America and our nation’s critical infrastructure.”
The bill would place the current under secretary for NPPD, Christoper Krebs, at the head of the agency as the director of National Cybersecurity and Infrastructure Security, reporting directly to the DHS secretary.
Thank you to @SenRonJohnson, @clairecmcand the rest of the Senate for voting to create the first cybersecurity agency in the fed gov’t. Perfect timing as Oct. is #CyberMonth2018. This will go a long way in our ability to defend the nation against #cyberthreats.— Chris Krebs (@nppd_krebs) October 3, 2018
The CISA would then be made up of three divisions, which would be reorganized into the Cybersecurity Division, the Infrastructure Security Division and the Emergency Communications Division (previously the Office for Emergency Communications).
“There are some companies who are not aware of the role that the Department of Homeland Security plays with cybersecurity, and any type of branding that makes it important how significant a function it is for them is a good thing,” Stephen Lilley, a partner at the law firm Mayer Brown, told Fifth Domain.
Sens. Lisa Murkowski, R-Alaska, and Ron Johnson, R-Wis., both made amendments to the bill, meaning that it will require a second round of approval in the House before it can be placed on President Donald Trump’s desk for signature.
DHS Secretary Kirstjen Nielsen encouraged the House to quickly approve the bill in a series of Wednesday night tweets:
I urge the House to take this bill up as soon as they return to Washington, and to establish the agency we need to protect our homeland against @cyberthreats. Our digital enemies aren’t waiting on the sidelines and neither can we. #CyberAware— Sec. Kirstjen Nielsen (@SecNielsen) October 4, 2018
Fifth Domain Associate Editor Justin Lynch contributed to this report.