DHS to overhaul cybersecurity ops through creation of CISA

New security agency is one presidential signature away from becoming a reality

UPDATE (Nov 16; 17:50 UTC) NPPD Under Secretary Chris Krebs announced that President Trump has signed the legislation to create the Cybersecurity and Infrastructure Agency within the Department of Homeland Security. 

The US House of Representatives has voted unanimously to pass legislation designed to reorganize the Department of Homeland Security’s National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the federal lead for cybersecurity.

The bipartisan CISA Act, which passed the Senate in October and now heads to the President’s desk to be signed into law, will herald the creation of the Cybersecurity and Infrastructure Security Agency (CISA).

The agency will be tasked with leading the country’s cybersecurity and critical infrastructure security programs, operations, and associated policy, along with carrying out DHS’ responsibilities concerning chemical facility antiterrorism standards.

Front and center

As it stands currently, the NPPD tackles cybersecurity and critical infrastructure issues through the Office of Cybersecurity and Communications (CS&C), the National Risk Management Center, and the Office of Infrastructure Protection.

Also housed within the directorate is the Federal Protective Service and the Office of Biometric Identity Management.

CISA – which aims to streamline the US government’s digital security operations and place cybersecurity front and center on its list of priorities – has been championed by Congressman Michael McCaul, who also serves as chairman of the House Committee on Homeland Security.

The Texas Representative previously said the re-alignment would help the government achieve its goal of creating a standalone organization that focuses on cybersecurity and infrastructure security.

Issuing a statement earlier this week, Congressman McCaul said: “CISA elevates [the] NPPD to be the lead cybersecurity agency to combat an ever-evolving threat landscape and keep America’s cyber and critical infrastructure secure.”

DHS Secretary Kirstjen Nielsen said the vote was a “significant step” to stand up a federal government cybersecurity agency.

“The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical,” she stated.

NPPD Under Secretary Chris Krebs added: “The CISA Act passing Congress represents real progress in the national effort to improve our collective efforts in cybersecurity.

“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms.”

Sean Sullivan, security advisor at F-Secure said the reorganization is “long overdue”.

“Things have changed since 2002, and it doesn’t make sense for there to be separate cyber and infrastructure divisions within DHS,” Sullivan told The Daily Swig.

“Everything is ‘cyber’ one way or the other now. And in particular, the connectedness of critical infrastructure is a growing concern that DHS needs to address.

“The unanimous passage in the House reflects the seriousness involved – it’s beyond partisan politics.”

Funding and feuds

This latest announcement tops off a year that’s seen the US government continue to ramp up its cyber and critical infrastructure security efforts.

In July, the Federal Energy Regulatory Commission (FERC) said it would introduce new reporting standards that will require utility companies to report any attempt by cybercriminals to attack their systems.

This was followed in October by the Department of Energy’s announcement that it would invest a further $28 million in cybersecurity measures to protect critical infrastructure.

While the passing of the CISA Act through Congress has been roundly welcomed by senior US government officials, reports suggest that things might not be running as smoothly as they could behind the scenes at the Department of Homeland Security.

Over recent days the department has been beset by rumors that President Trump is preparing to remove Secretary Nielsen from office, due to her perceived failures surrounding the key issues of immigration and border security.

Elsewhere, Louisiana Congressman Cedric Richmond said government in-fighting continues to hinder US cybersecurity efforts.

Speaking at the ISC2 Security Congress in New Orleans last month, Congressman Richmond said the White House is not providing adequate leadership to help tackle the increasingly sophisticated array of cyber-threats, which last year wiped billions from the global economy.

“While issuing the [National Cyber Strategy] was a positive development, it is largely a continuation of previous policies,” he stated.

“Moreover, it fails to address one of the major obstacles to cybersecurity – the settling of intra-agency turf wars that have hamstrung cybersecurity for well over a decade.”