On November 13, the U.S. House of Representatives voted unanimously to pass bipartisan legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS). The CISA Act (H.R. 3359), first introduced in July, 2017, passed the Senate in October. It will “reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security,” according to a statement released by DHS.
The new agency would be on the same level as FEMA,Customs and Border Protection, and the Transportation Security Administration. The agency will “lead cybersecurity and critical infrastructure security programs, operations, and associated policy for the Agency, including national cybersecurity asset response activities.” NPPD’s top cyber official, Christopher Krebs, would become the cyber agency’s director under this bill.
Legislators, officials, and private sector experts have been pushing for the creation of a single cybersecurity agency for years. Vice President Pence urged the Senate to pass the bill in his remarks at the DHS Cybersecurity Summit in July, citing America’s need for a “central hub for cybersecurity.” The NPPD’s rapidly expanding responsibilities recently included taking the lead on engaging with states to protect digital election infrastructure from sabotage following Russian interference in the 2016 election.
The reorganization plan was unveiled back in October 2015 by NPPD chief Suzanne Spaulding. Christopher Krebs and other DHS cybersecurity officials were concerned that the NPPD name did not effectively explain the Directorate’s important cybersecurity duties. “Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” said Krebs in a statement. “The changes will also improve the department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”
The bill is now heading to President Trump’s desk for his expected signature.