The House Homeland Security Committee’s focus this year in the area of cyber security will be on organizing the Department of Homeland Security (DHS) to become more operational around the cyber mission, strengthen its cyber workforce and ensure the department is buying the technology it needs to defend federal networks, a committee aide said on Wednesday.
Congress the past few years has provided the appropriate authorities in clarifying the roles and responsibilities for different departments in the area of cyber security but in the case of DHS it needs to be underpinned with an organization structure that is streamlined to recognize the operational component of its cyber mission, Brett DeWitt, staff director for the panel’s Cybersecurity Subcommittee, said at a forum hosted by the Hoover Institution. The forum examined what to expect for cyber security in the Trump administration.
Rep. Michael McCaul (R-Texas), chairman of the full committee, said in January that early this year he plans to resurrect legislation to reorganize the current National Protection and Programs Directorate in DHS into a cyber security agency. That is his higher priority in the area of cyber security, he said then.
The former Obama administration proposed restructuring NPPD into the Cybersecurity and Infrastructure Protection Agency to recognize the operational nature of its cyber mission. DeWitt said that the legislation would “elevate” the cyber security mission within DHS and “prioritize it in the leadership structure” as well as “streamline the bureaucratic issues that have basically tied its hands and feet from being fully operational.”
The committee currently is doing a “deep dive” into DHS’ two major cyber operations programs, EINSTEIN and the Continuous Diagnostics and Mitigation (CDM) program, DeWitt said. EINSTEN is an intrusion detection and prevention platform that sits on the periphery of federal networks while CDM provides departments and agencies with a basket of software tools to monitor and protect inside their networks.
The program assessment is looking at how the programs are doing and if they are on the “right track,” and how “do we ensure that these large acquisition programs continue to bring in new innovative, cutting edge technologies…to secure federal networks,” DeWitt said. He said the review is looking across the federal government to make sure there is “coordination” on this.
Another important area the committee is focusing on is seeing to it that DHS implements the authorities Congress have it in 2014 to expedite hiring for its cyber workforce. DeWitt said “those authorities haven’t been implemented yet,” and this is hindering the department’s ability to recruit and hire “cyber talent” and create the workforce “to carry out the civilian cyber defense mission.”
The committee is also eyeing a pending executive order from President Trump on cyber security, DeWitt said. The committee’s message to the White House is that the cyber directive needs to be consistent with previous cyber security legislation passed by Congress, he said.