The chairman of the House Homeland Security Committee shortly plans to introduce legislation that aims to better focus the Department of Homeland Security (DHS) directorate responsible for conducting cyber security missions required of the department.
Rep. Michael McCaul (R-Texas) on Wednesday said in “about a week” he will introduce his bipartisan bill “to reorganize the Department of Homeland Security’s efforts into a single cyber security agency that will have a mission and a priority that they never really seen before.”
“We have worked with the department in a very positive way to get this done,” McCaul said at a conference hosted by Defense Daily and sponsored by Battelle.
Nearly a year ago McCaul introduced similar legislation, the Cybersecurity and Infrastructure Protection Agency Act of 2016 (H.R. 5390), which would restructure the National Protection and Programs Directorate (NPPD) to recognize that the operational nature of its work around cyber security. The directorate helps monitor cyber threats globally, shares cyber threat information with the public and private sectors, and helps respond to cyber attacks against the private sector and federal civilian networks.
McCaul said that he’s “very optimistic” this time around that the bill gets to the House floor, believing the jurisdictional hurdles will be overcome and because of support from the Trump administration. He said he also has counterpart legislation ready to be introduced in the Senate.
But Sen. Sheldon Whitehouse (D-R.I.), who participated with McCaul on a panel at the conference, cautioned that “It’s going to take some work” to get the bill through the Senate.
Whitehouse said that when he was the Democrat in large of the last major cyber security bill in the Senate, it was difficult to manage.
“And there is, I’ll be perfectly candid here, a very strong lingering distaste for, and lack of confidence in, the Department of Homeland Security,” Whitehouse said. “That it’s just a big unruly beast that shouldn’t be trusted with stuff, can’t be trusted with stuff, gets in its own way, and so forth.”
Whitehouse said that since then DHS “has upped its game,” pointing to the department’s work with the National Institute of Standards and Technology (NIST) several years ago on a public-private partnership that resulted in a voluntary cyber security framework to promulgate best practices and standards across the public and private sectors.
The NIST effort and other things have improved the “credibility” of DHS, “but I still think there are some credibility issues on the Senate side,” Whitehouse said. There are some senators that are “mad” at DHS due to “the way they got treated by TSA,” he said, noting “It’s a little remote but those are some of the issues we have to work with.”
McCaul said he is already beginning to educate senators about his legislation and will continue to do so.
DHS first discussed reorganizing NPPD in 2015 to bring a greater unity of effort and more holistic approach to cyber and physical threats, vulnerabilities, consequences and mitigation. The department at the time hoped to give it’s around-the clock cyber watch center, the National Cybersecurity and Communications Center, or NCCIC, a greater role.
McCaul said his bill essentially acknowledges the cyber mission that DHS already does.
“This is just simply a bill to make the department more effective in a very important mission that it has, but a lot of people don’t even realize it sometimes,” he said.