DHS bills wrapped into major cyber legislation

DHS bills wrapped into major cyber legislation
© Greg Nash

Language from two hefty bills that would bolster the Department of Homeland Security’s cybersecurity role were quietly tacked onto a major cyber bill that passed the Senate late Tuesday.

The first, from Sens. Susan CollinsSusan Margaret CollinsSenate votes to repeal OCC 'true lender' rule Top female GOP senator compares Cheney ousting to 'cancel culture' Utah county GOP censures Romney over Trump impeachment vote MORE (R-Maine) and Mark WarnerMark Robert WarnerOvernight Defense: Former Pentagon chief to testify about Capitol riot Wednesday | Senate Intelligence chairman wants Biden to review US Space Command move Wyden: Funding infrastructure with gas tax hike a 'big mistake' Senate Intelligence chairman wants Biden to review US Space Command move MORE (D-Va.), would give the DHS more powers to repel cyberattacks on federal agency networks. The language would update the 12-year-old Federal Information Security Management Act (FISMA) and formalize the DHS role in protecting government networks and websites.


“It is past time to make sure our critically important government systems, and the information they hold, are properly protected and secured,” Collins said after the Senate approved the broader bill, known as the Cybersecurity Information Sharing Act (CISA), which encourages businesses to share cyber threat data with the government.

The second measure, from Sens. Ron JohnsonRonald (Ron) Harold JohnsonRand Paul clashes with Fauci over coronavirus origins Sunday shows preview: Coronavirus dominates as White House continues to push vaccination effort Overnight Health Care: WHO-backed Covax gets a boost from Moderna MORE (R-Wis.) and Tom CarperThomas (Tom) Richard Carper Biden to host Sinema for meeting on infrastructure proposal The Hill's Morning Report - Presented by Facebook - Biden, Congress drawn into pipeline cyberattack, violence in Israel Biden to go one-on-one with Manchin MORE (D-Del.), would require all agencies to adopt several cybersecurity best practices. It would also accelerate the rollout of the government’s anti-hacking shield, dubbed “Einstein,” that detects and repels known cyber threats.

Johnson called the proposal, originally known as the Federal Cybersecurity Enhancement Act, “a critical part” of CISA.

The lawmakers were able to get their DHS-centric language in as part of a manager’s package from CISA co-sponsors Sens. Richard BurrRichard Mauze BurrGOP senator urges Biden to withdraw support for COVID vaccine patent waiver Utah county GOP censures Romney over Trump impeachment vote Battle lines drawn over Biden's support for vaccine waivers MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinIf you want Julie Su at the DOL, don't point to her resume Senate Democrats push Biden over raising refugee cap Lawmakers react to guilty verdict in Chauvin murder trial: 'Our work is far from done' MORE (D-Calif.).

The package, which passed late Tuesday by voice vote, pulled in nearly two dozen edits and offerings from various senators.

While the DHS sections were not heavily debated on the floor, they do make up large chunks of the overall manager’s package.

If the two sections make it through a conference report with the House and into the final bill, they will serve as the next step in Congress’s ongoing bid to bolster the DHS's cybersecurity role in protecting the federal government.

During last year’s lame-duck session, Congress approved a number of small-bore bills that codified the DHS’s long-standing cyber role and delineated an authorized mission for the agency’s cyber information hub, known as the National Cybersecurity and Communications Integration Center (NCCIC).

The center is a repository for cyber information from myriad government and industry sources. It also disseminates cyber threat information to its partners. Under CISA, the NCCIC would receive a new influx of private sector data.

Both DHS measures included in CISA would further strengthen the agency's hand in defending federal networks from hackers.

The Collins-Warner language, which was originally co-sponsored by four other lawmakers on both sides of the aisle, would lower some of the barriers preventing the DHS from inspecting other agencies’ networks and kicking out hackers. Currently, it needs permission to investigate or monitor networks.

“If we want to be better prepared to meet this threat in the future, we have to make sure that the Department of Homeland Security has the tools it needs to adequately secure our federal civilian networks,” Warner said Tuesday.

The proposal from Johnson and Carper, the top two lawmakers on the Senate Homeland Security and Governmental Affairs Committee, would widen the availability the government’s Einstein cyber defense program. In the wake of the major hacks at the Office of Personnel Management (OPM), Einstein was maligned as outdated, over budget and not fully available to all agencies.

By including his offering, Carper said on the floor this week, “We are going to make sure [Einstein] is not just something that is positive work on a piece of paper but that 100 percent of the federal agencies are able to use these new tools.”