Senate passes key cyber bill cementing cybersecurity agency at DHS

The Senate on Wednesday passed a key cyber bill that solidifies the Department of Homeland Security’s role as the main federal agency overseeing civilian cybersecurity.

Sen. Dan Sullivan (R-Alaska) asked for “unanimous consent” to pass the Cybersecurity and Infrastructure Security Agency Act, a bipartisan bill that will establish a cybersecurity agency that is the same stature as other units within DHS.

The legislation, which has not been viewed as particularly contentious, passed the House easily last year, but stalled for several months in the Senate. Sens. Ron Johnson (R-Wis.) and Claire McCaskill (D-Mo.), the leaders of the Senate Homeland Security Committee, successfully moved it through the upper chamber on Wednesday.

The bill will rebrand DHS’s main cybersecurity unit known as National Protection and Programs Directorate (NPPD) as the Cybersecurity and Infrastructure Protection Agency, spinning the headquarters office out into a full-fledged operational component of DHS on the same level as Secret Service or FEMA. {mosads}

NPPD’s top cyber official, Christopher Krebs, would become the cyber agency’s director under this bill.

NPPD is responsible for securing federal networks and protecting critical infrastructure from cyber and physical threats.

NPPD has seen its responsibilities rapidly expand in the decade since its inception, most recently taking the lead on engaging with states to protect digital election infrastructure from sabotage following Russian interference in the 2016 election.

The Senate made some differences in the House-passed bill, including amendments from Sen. Lisa Murkowski (R-Alaska) and a substitute amendment from Sen. Ron Johnson (R-Wis.). This means the legislation will have to be sent back to the lower chamber for approval before it arrives at the president’s desk.

Top DHS officials have been pushing for the bill to pass, arguing it would better communicate their mission to the private sector and help DHS recruit top cyber talent.

DHS Secretary Kirstjen Nielsen recently said the Cybersecurity and Infrastructure Security Agency Act would recognize the “importance” of the agency’s mission.

“We are responsible for federal efforts when it comes to both protecting critical infrastructure, working with the owner-operators in private sector, and protecting all those civilian dot govs,” Nielsen told The Washington Post on Tuesday during a livestreamed interview.

“To do that, we have to have both a name that indicates that is what we do, and we have to be able to streamline the organization so that we can become more operational.”

Rep. Michael McCaul (R-Texas), head of the House Homeland Security Committee Chairman, introduced the bill, which has bipartisan support.

“I am thrilled that the Senate passed this critical, bipartisan legislation and I look forward to championing CISA through its final step in Congress before heading to the President’s desk,” McCaul said in a statement to The Hill.

McCaul said this will help the agency combat hackers and hostile nation states that are “finding new ways to attack our cyber infrastructure and expose vulnerabilities.”

Rep. John Ratcliffe (R-Texas), head of the House Homeland’s Cybersecurity and Infrastructure Protection subcommittee, also praised the bill’s passage. 

“As the culmination of years of rigorous oversight by the House Homeland Security’s cybersecurity subcommittee, CISA will define our nation’s leading cybersecurity agency as a standalone operational organization clearly tasked with deploying DHS’ cybersecurity and infrastructure security missions,” Ratcliffe wrote in a statement.

— Morgan Chalfant contributed. Updated 10:13 p.m.