The Cybersecurity and Infrastructure Security Agency Act has been passed by unanimously by Congress on November 13, 2018.
The new legislation will allow the U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity. The Cybersecurity and Infrastructure Security Agency (CISA) Act amends the Homeland Security Act of 2002 and is seen as an important update to the US’s cybersecurity infrastructure.
The CISA Act was unanimously passed by the House of Representatives. It is expected to the presented to the president to obtain his signature in the coming days.
The new agency will be formed through the reorganization of the National Protection and Programs Directorate (NPPD). The new agency will be granted the same status as other DHS agencies such as the U.S. Secret Service.
The NPPD was established in 2007 with the intent of reducing and eliminating threats to U.S. critical physical and cyber infrastructure. They have four main program activities; Cyber Security and Communications, Infrastructure Protection, Federal Protective Services, and Biometric Identity Management.
The NPPD’s cybersecurity programs are managed by their Office of Cybersecurity and Communications and the National Risk Management Center.
NPPD currently coordinates IT security initiatives with other entities, local, state, tribal and territorial governments and the private sector and oversees cybersecurity at federal government civilian agencies.
The reorganisation and rebranding better reflects the work NPPD does and emphasizes the importance of cybersecurity in securing the nation’s critical infrastructure. The new agency will consolidate information security and physical infrastructure security in a unified agency.
“The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical,” said DHS Secretary Kirstjen M. Nielsen. “It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.”
It is hoped that by creating a single agency in charge of the nation’s cybersecurity, the U.S. government can better address current security gaps and overall improve efficiency. At present, each federal agency is responsible for its own IT systems and managing cyber risks. Currently, each government entity must ensure cyber risks are managed and reduced to a minimal level. Some government departments are much smaller and less well-funded than others, and therefore may be more susceptible to cybersecurity threats due to lack of resources. There are also several government agencies that cover various cybersecurity functions, which is inefficient and results in security gaps.
“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” said Christopher Krebs, current undersecretary of the NPPD. “The changes will also improve the Department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”
According to its supported, CISA’s vision and mission will include a cybersecurity division, an emergency communications division, an infrastructure security division, a national risk management center, and a federal protective service.