House panel approves bill to codify key cybersecurity program at DHS

The House Homeland Security Committee on Tuesday approved a bill that will codify a key cybersecurity program at the Department of Homeland Security (DHS).

The bill, introduced by Rep. John Ratcliffe (R-Texas), would give the Secretary of DHS the authority to establish the Continuous Diagnostics Mitigation (CDM) program at DHS, which aims to protect federal networks from cyberattacks. 

{mosads}

“The Continuous Diagnostic and Mitigation has been one of the DHS’s top priorities because it has the potential to dramatically increase our visibility across federal networks,” Ratcliffe said during the Homeland committee’s markup of DHS-related bills.

“Many of us believe the program has the ability to provide the information necessary to make better decisions, not only to combat our enemies in cyberspace, but also to help federal [Chief Information Officers] manage information technology.”

The approval of Ratcliffe’s bill, known as the Advancing Cybersecurity Diagnostics and Mitigation Act, comes a few weeks after the Office of Management and Budget (OMB) found a majority of cyber agencies are vulnerable to cyber attacks. 

“OMB found that almost 75 percent of federal agencies are vulnerable to cyber threats in large part due to their inability to understand cyber risks, and therefore their inability to prioritize their resources,” the Texas lawmaker said.

Ratcliffe said the DHS CDM program is the “best” solution to this problem because it would help federal agencies understand the threats they face and the risks they face and the vulnerabilities posed in real time.

“Codifying the CDM program will further DHS’ role in the cybersecurity mission throughout the government and give the newly confirmed Undersecretary of NPPD — [Christopher] Krebs — the kind of ammunition he needs to keep growing this important program,” he added.

DHS first launched the CDM program back in 2012 in order to better protect the federal .gov networks against cyber threats.

The department decided to implement the program in four phases, the first of which would focus on examining what software is on federal networks and identifying vulnerabilities. 

Earlier this year, the federal government awarded a $621 million, six-year contract to Booz Allen Hamilton to begin implementing the next three CDM phases.

The bill would require DHS to report to Congress whether the four-phase plan would still be the best approach to implement CDM — a measure added in an amendment proposed by Rep. Jim Langevin (D-R.I.) during the markup.