Lawmakers are taking a second stab at legislation that would reorganize the Department of Homeland Security’s cybersecurity efforts with the goal of bolstering its cyber operations in the face of evolving threats.
A House panel with oversight of DHS is getting ready to again consider legislation that would consolidate the department’s cyber efforts under one operational agency.
Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, has pushed to replace the National Protection and Programs Directorate (NPPD) with a new agency at DHS to handle cyber. While legislation that would have accomplished that advanced out of the committee last year, it never received a floor vote.
McCaul’s committee recently submitted new draft legislation to DHS that would reorganize the NPPD, an aide told The Hill this week. The committee expects to hear back from the Trump administration soon on the proposed language and plans to move on the bill in the coming weeks, the aide said.
McCaul has repeatedly emphasized his intention to pursue the legislation in recent weeks, describing it as necessary to bolster DHS’s cybersecurity defenses.
“This committee will be moving legislation soon to create a stronger, consolidated cybersecurity agency at the Department of Homeland Security. This proposal will elevate the cybersecurity mission at DHS and further enhance cyber operations, including those to more effectively secure federal networks,” McCaul said at a Tuesday subcommittee hearing on the department’s work to secure federal networks.
“This will help us step up our cyber defense efforts and attract top talent, and we have already begun to work with DHS and others to make that a reality,” he said.
DHS would not comment on the pending legislation when contacted by The Hill.
It is unclear whether the new draft legislation is different from the bill introduced by McCaul last year.
The previous legislation would have renamed NPPD the Cybersecurity and Infrastructure Protection Agency, making the new organization the department’s lead on national efforts to “protect and enhance the security and resilience” of the country’s cyber and critical infrastructure.
The legislation also would have established a director of national cybersecurity to spearhead DHS’s cyber and critical infrastructure protection efforts.
The reorganization efforts were a source of tension between Congress and the department under the Obama administration. A 2015 internal restructuring proposal leaked to the media prompted criticism from lawmakers, who charged that the agency was moving forward on reorganization without first informing Congress.
There has been plenty of focus on DHS’s cyber operations on Capitol Hill in recent weeks, as lawmakers have looked to plot a way forward for the agency to improve the nation’s defenses against cyber threats.
The Trump’ administration has signaled that it wants to invest in DHS to defend the federal government’s networks and protect critical infrastructure, roughly 85 percent of which is operated by the private sector.
The fiscal year 2018 federal budget blueprint released by the White House in March allocates $1.5 billion for DHS to safeguard federal networks and critical infrastructure from cyberattacks.
While Congress often ignores presidential budget requests, the proposal signals the White House’s desire to prioritize funding for DHS on cyber and deepen information sharing between the public and private sector on cybersecurity.
“This is actually a pretty big year in terms of planning and spending and the future of cyber at DHS,” James Norton, former deputy assistant undersecretary at DHS during the George W. Bush administration, told The Hill. “Finally, you’re going to have some decisions on the Hill and within the administration to move the ball forward and for DHS to grow up and be an adult at the table on cyber.”
Norton said of a prospective DHS reorganization, “Realistically, you’re probably looking at a 24-month process.”
At the same time, the new administration has also signaled that it will ramp up the U.S. military’s defensive and offensive cyber capabilities. Lawmakers including McCaul, however, have stressed the need for DHS to take the civilian lead on cyber.
DHS, headed by Secretary John Kelly under the new administration, has been off to a slow start on cyber. A department official acknowledged on Tuesday that it missed a deadline for submitting a new cybersecurity strategy to Congress, as mandated by defense policy legislation signed by former President Obama in December.
“We are working very hard on it, and this is something that we recognize as critical to our success and the next evolution for DHS cybersecurity,” Jeanette Manfra, the DHS cybersecurity official, told members of McCaul’s committee.