- The House of Representatives unanimously passed legislation on Monday, establishing the Cybersecurity and Infrastructure Security Agency with the Department of Homeland Security. The Senate passed the bill in October, and it now heads to the President’s desk to be signed into law.
The Cybersecurity and Infrastructure Security Agency Act of 2018, introduced by Rep. Michael McCaul, R-Texas, will reorganize the agency’s National Protection and Programs Directorate (NPPD) into a new agency, to lead federal efforts around physical security and cybersecurity.
“The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical,” DHS Secretary Kirstjen Nielsen said in a statement.
“The CISA Act passing Congress represents real progress in the national effort to improve our collective efforts in cybersecurity,” NPPD Under Secretary Christopher Krebs said in a statement. “Elevating the cybersecurity mission within DHS, streamlining our operations and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms.”
To Krebs, these changes will also help DHS to better engage across the government and recruit more cybersecurity talent.
NPPD is responsible for coordinating with local, state, tribal and territorial governments on security initiatives, while working to reduce and eliminate threats to critical infrastructure. With the bill’s passing, those federal security efforts will be unified under one agency.
The goal, officials said, is to address and close security gaps. Currently, each federal agency is responsible for managing risks within their infrastructure. And while there are other government agencies tasked with cybersecurity, the bill gives NPPD the authority to lead the charge.
As DHS recently partnered with the Food and Drug Administration around medical device security efforts and will coordinate with the Department of Health and Human Services on its cybersecurity program, the bill should bolster federal cybersecurity programs and serve as a model for the private sector.
In October, the FDA announced an agreement with DHS meant to fuel cooperation between the agencies around medical device security and alerts, while ramping up coordination around threat sharing.
In the same month, HHS announced it killed its former Healthcare Cybersecurity Communications and Integration Center after a year of turmoil and rebranded to the Health Cybersecurity Coordination Center. HC3 will work directly with DHS, and now presumably the NPDD, to advise on cybersecurity information sharing within the healthcare sector.