House passes bill mandating DHS cybersecurity strategy

The House on Tuesday passed a bill requiring the Department of Homeland Security to develop a formal cybersecurity strategy.

"This legislation is proof that there is bipartisan support for finding effective solutions to this issue, and that we are not content to leave security to improvisation,” bill sponsor Rep. Cedric Richmond (D-La.) said in a statement.

ADVERTISEMENT
The legislation lays out mandated responsibilities for the DHS strategy, including acting as a cross-sector hub for federal and civilian cyberthreat information sharing.

The bill would also require the agency to provide technical assistance — such as help attributing hacks and mitigating damage — to organizations that suffer a breach.

The bill is part of a broader push to codify DHS’s cybersecurity responsibilities.

The DHS, which is widely considered to have the federal government’s best data protection capabilities, has also been put forward as a hub for threat-sharing information in an amendment to the stalled cybersecurity legislation in the Senate.

Other bills seek to drastically expand DHS’s oversight over other agencies.

In the House, Homeland Security Chairman Michael McCaul (R-Texas) has put forward a bill giving DHS the authority to investigate other agencies’ networks and kick out digital intruders.

Currently, the agency has to request permission to either monitor or search other agencies’ networks.

A similar piece of legislation in the Senate would also give DHS the authority to search for intruders on any government network without a formal request.

Still, the agency has taken a few recent hits for its cyber practices.

In September, a watchdog audit revealed that the agency has fallen behind in coordinating and training its cybersecurity staff, potentially exposing networks at two DHS agencies.

“While our audit showed improved coordination between DHS components in carrying out their cybersecurity functions, we have identified duplication of effort and lack of effective policies and controls,” said DHS Inspector General John Roth in a statement.

Richmond joined other lawmakers in using mounting cyberattacks on U.S. interests to push the needle forward on cyber legislation.

"An important part of improving our nation's cybersecurity is making sure that the Department of Homeland Security is able to defend our nation and its people from cyber-attacks,” Richmond said. “We must be sure that the DHS has a ample strategy to carry out its mission in the face of ever-changing threats."