House Dem wants more oversight of Homeland Security’s cyber mission

House Dem wants more oversight of Homeland Security’s cyber mission
© Greg Nash

A Democrat on the House Appropriations Committee wants members to take more of an interest in the Department of Homeland Security’s (DHS) mission to secure federal networks and critical infrastructure from hackers.

Rep. Dutch RuppersbergerCharles (Dutch) Albert RuppersbergerLawmakers toast Greta Van Susteren's new show Hillicon Valley: Senate passes bill to boost cyber help for agencies, businesses | Watchdog warns Energy Department failing to protect grid | FTC sues Match for allegedly conning users Senate approves bill to boost cyber assistance for federal agencies, private sector MORE (D-Md.) issued a report Monday calling on the panel’s Homeland Security subcommittee to hold budget hearings on the department's cyber mission and consider boosting resources to specific efforts, such as the protection of control systems used to power the energy grid and other critical services in the United States.


“Long-term issues about the Department’s capacity to execute this critical mission for the nation continue to be of concern. We should continue to ensure that the government is making the best, most effective issue of its capabilities and assets to help defend both the .gov domain as well as, perhaps even more importantly, the American private sector,” Ruppersberger, a member of the subcommittee, wrote.

“In the long-run, this may require a fundamental restructuring of how the government addresses these issues, both functionally and structurally.”

Homeland Security’s cyber mission is concentrated at the National Protection and Programs Directorate (NPPD), a headquarters component that President TrumpDonald John TrumpCNN's Don Lemon explains handling of segment after Trump criticism NPR reporter after Pompeo clash: Journalists don't interview government officials to score 'political points' Lawyer says Parnas can't attend Senate trial due to ankle bracelet MORE has proposed funding with $3.3 billion in the next fiscal year — on par with prior funding requests.

Trump’s blueprint would also shift research funding from DHS's science and technology directorate to NPPD — a proposal that Ruppersberger wants lawmakers to evaluate.

Broadly, Ruppersberger is calling on lawmakers to examine whether more resources, authorities or direction are necessary to help the department improve its cybersecurity efforts.

In particular, he wants the subcommittee to review Homeland Security’s critical infrastructure protection efforts, which involve federal officials engaging with private companies and state and local officials to protect everything from energy infrastructure to financial organizations to election systems from cyber sabotage.

Concerns about cyber threats to critical infrastructure have run high after Homeland Security and the FBI revealed last month that Russian hackers tried to break into networks used by energy grid operators. In some instances, hackers succeeded in breaching energy sector networks and moved laterally to collect data on industrial control systems.

“The Subcommittee should consider funding additional Department work on protecting industrial control systems (ICS) and other operational technology (OP), particularly given the extensive use of such systems in critical infrastructure facilities,” Ruppersberger wrote. 

The Democrat also wants the panel to review proposals to reorganize NPPD into a fully operational agency at Homeland Security, a move that requires congressional authorization. The House has passed legislation that would greenlight the reorganization and also change the directorate’s name to the Cybersecurity and Infrastructure Security Agency, but the bill has encountered some hurdles in the Senate.

“Evaluating the proper role and allocation of cyber responsibilities across the federal government is a critical, long-term need of our nation,” Ruppersberger wrote.

“The Subcommittee can begin by undertaking a detailed review of the Department’s proposed restructure under the NPPD, which, hopefully, will enable the Department to rapidly scale and improve its capabilities. Achieving this goal may require a new set of authorities and responsibilities, including potential new government structures,” he wrote.

The report, which was drawn from the congressman’s meetings with roughly 50 current and former officials and industry stakeholders, lays out six recommendations for the subcommittee to analyze the department’s cybersecurity mission.

Report - Cadr Fy19 Dhs Cyber Priorities - Final (1) by blc88 on Scribd