The point office on cybersecurity in the Department of Homeland Security is on track for a rebrand. The Senate on Wednesday passed the Cybersecurity and Infrastructure Security Agency Act, which would both codify the office into law and give it a more relevant name.
Under the bill, DHS’s National Protection and Programs Directorate (NPPD) would become the Cybersecurity and Infrastructure Security Agency (CISA). DHS established the NPPD in 2007; the legislation is essentially Congress’ official seal of approval. The House is expected to hold a final vote soon, sending the bill to President Donald Trump.
NPPD leads the U.S. government’s efforts to secure federal networks and critical infrastructure. The office has also been spearheading the federal government’s election security efforts since the threats that became apparent in 2016. The office coordinates with state and local election offices on information sharing and cybersecurity best practices.
“It is ridiculous that DHS needs an act of Congress to rename and reorganize an agency wholly within its jurisdiction. Nevertheless, I am glad the Senate passed the CISA bill to help the agency recruit talent and focus its efforts on protecting the homeland from cyber-attacks,” said Ron Johnson, R-Wis., who chairs the Senate Homeland Security Committee, in a statement.
The CISA Act, sponsored by House Homeland Security Committee Chairman Mike McCaul, R-Texas, passed in that chamber late in 2017. This week’s action in the Senate requires one more pass through the House because senators made some minor amendments.
“This much needed measure breaks down another barrier to cybersecurity coordination by renaming and reorganizing the cyber division in the Department of Homeland Security so it can operate efficiently and effectively to secure our systems,” said Claire McCaskill, D-Mo., ranking member of Senate Homeland Security.
NPPD is currently headed by Undersecretary Chris Krebs. If the office becomes CISA, he will be its director.
Krebs, along with DHS Secretary Kirstjen Nielsen, have voiced support for the the CISA Act in hopes that it will cement the office’s role, which is increasingly seen as critical.
“The opportunity to finally enact CISA into law could not come at a more critical moment for our country’s cybersecurity posture. Heightened aggression from cyber adversaries—including hostile nation states—is only accelerating in volume and sophistication,” Nielsen said at a September DHS summit. “Let me be clear: we need CISA urgently.”