House panel approves bill to codify key cybersecurity program at DHS

House panel approves bill to codify key cybersecurity program at DHS
© Greg Nash

The House Homeland Security Committee on Tuesday approved a bill that will codify a key cybersecurity program at the Department of Homeland Security (DHS).

The bill, introduced by Rep. John RatcliffeJohn Lee RatcliffeCongress should take action to stop unfair taxation of the digital economy House panel approves controversial changes to Violence Against Women Act Former Texas GOP Rep. Ralph Hall dead at 95 MORE (R-Texas), would give the Secretary of DHS the authority to establish the Continuous Diagnostics Mitigation (CDM) program at DHS, which aims to protect federal networks from cyberattacks. 

ADVERTISEMENT

“The Continuous Diagnostic and Mitigation has been one of the DHS’s top priorities because it has the potential to dramatically increase our visibility across federal networks,” Ratcliffe said during the Homeland committee's markup of DHS-related bills.

"Many of us believe the program has the ability to provide the information necessary to make better decisions, not only to combat our enemies in cyberspace, but also to help federal [Chief Information Officers] manage information technology."

The approval of Ratcliffe's bill, known as the Advancing Cybersecurity Diagnostics and Mitigation Act, comes a few weeks after the Office of Management and Budget (OMB) found a majority of cyber agencies are vulnerable to cyber attacks. 

"OMB found that almost 75 percent of federal agencies are vulnerable to cyber threats in large part due to their inability to understand cyber risks, and therefore their inability to prioritize their resources," the Texas lawmaker said.

Ratcliffe said the DHS CDM program is the “best” solution to this problem because it would help federal agencies understand the threats they face and the risks they face and the vulnerabilities posed in real time.

“Codifying the CDM program will further DHS’ role in the cybersecurity mission throughout the government and give the newly confirmed Undersecretary of NPPD — [Christopher] Krebs — the kind of ammunition he needs to keep growing this important program,” he added.

DHS first launched the CDM program back in 2012 in order to better protect the federal .gov networks against cyber threats.

The department decided to implement the program in four phases, the first of which would focus on examining what software is on federal networks and identifying vulnerabilities. 

Earlier this year, the federal government awarded a $621 million, six-year contract to Booz Allen Hamilton to begin implementing the next three CDM phases.

The bill would require DHS to report to Congress whether the four-phase plan would still be the best approach to implement CDM — a measure added in an amendment proposed by Rep. Jim LangevinJames (Jim) R. LangevinHillicon Valley: Tech tries to stop spread of New Zealand shooting video | Booker says big tech must do more to combat online hate | US allies drawn into Huawei fight | O'Rourke not 'proud' of being in hacking group as teenager Escalating battle with Huawei ensnares US allies Papering over climate change impacts is indefensible MORE (D-R.I.) during the markup.