Changing the name of the National Protection and Programs Directorate will help the agency become more narrowly focused on cyber and infrastructure security, according to Richard Driggers, deputy assistant secretary for Cybersecurity and Communications at the Department of Homeland Security.
NPPD was created in 2007 to work with the government and private sector to promote information sharing and the resilience of the nation’s cyber and physical infrastructure.
In July 2017, a House bill was proposed to change the name of the directorate to the Cybersecurity and Infrastructure Security Agency and reorganize the agency’s responsibilities. That legislation passed the Senate with amendments Oct. 3, 2018, and currently awaits a resolving of differences between the two versions.
The National Risk Management Center is supposed to provide a centralized home where companies and local agencies can go to for cybersecurity issues.
But the change would be more than nominal, according to Driggers.
“It really is going to allow us and give us the authority to reorganize so that we can more effectively focus on what our mission is. It’s going to put us on par with [the Federal Emergency Management Agency] and with the Transportation Security Agency as our own organization,” said Driggers.
“In tandem with what Congress is doing, our undersecretary, Chris Krebs, is really scoping out a vision for what our future organization is going to look like and how we are going to be better prepared to collectively address the cyber and physical security challenges that are facing our nation’s infrastructure.”
NPPD currently has authority over five offices: the Federal Protective Service, which protects federal buildings; the Office of Biometric Identity Management, which provides the government with biometric information while protecting the privacy of individuals; the Office of Cyber and Infrastructure Analysis, which assists federal, state and local partners in understanding the hazards to critical infrastructure; the Office of Cybersecurity and Communications, which coordinates national cybersecurity and emergency communication; and the Office of Infrastructure Protection, which coordinates the effort to reduce risks to the nation’s critical infrastructure.
The Cybersecurity and Infrastructure Security Agency Act of 2018 would enable NPPD to transfer the first two offices to other parts of DHS.
“You can imagine with those two huge missions — biometric identity management and protecting every federal government building — not only does it take focus away from the very sharp focus of dealing with cybersecurity or infrastructure security issues, but it also kind of makes our mission very expansive,” said Driggers.
And since NPPD has not been able to reorganize in nearly a decade, according to Driggers, the legislation would give the organization the opportunity to more accurately align with the modern threat landscape.