Congress Passes Long-Sought Bill to Rename DHS Cyber Agency
The National Protection and Programs Directorate will soon be called the Cybersecurity and Infrastructure Security Agency.
The Homeland Security Department’s long-sought plan to have a cyber division with the word “cybersecurity” in its name was nearly fulfilled Tuesday evening when the House passed a bill approving the re-naming.
The Senate passed the bill in October, so now it only awaits President Donald Trump’s signature. The House passed a Senate version of the bill by unanimous consent.
The bill would take the clunkily-titled National Protection and Programs Directorate, or NPPD, and dub it the Cybersecurity and Information Security Agency, or CISA.
Homeland Security is the lead cyber agency for the civilian government, but the department’s cyber officials have struggled under a name that doesn’t give a clear indication of what they do.
Chris Krebs, the undersecretary who leads NPPD, has frequently joked that the current name sounds like a “Soviet-era intelligence agency.”
Krebs also described a 2017 meeting with top Puerto Rican officials after the island was devastated by Hurricane Maria during which officials were confused about who he was or why he was there. They later struggled to explain who he was in a press conference following the meeting, he said.
By contrast, Homeland Security divisions such as the Transportation Security Administration and the Coast Guard, make clear in their names precisely what they do, he said.
“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” Krebs said in a statement after Tuesday’s House vote.
Homeland Security Sec. Kisrtjen Nielsen also praised passage of the bill, saying “we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical.”
The renamed Cybersecurity and Infrastructure Security Agency will be responsible for overseeing the cybersecurity of federal computer systems and will be a government liaison on cybersecurity issues with critical infrastructure providers, such as banks, hospitals and airports
The bill that passed Tuesday also authorizes Homeland Security to transfer the Federal Protective Service, which is currently part of NPPD, to another location inside the department. The protective service is in charge of guarding federal facilities, devising security plans for those facilities and responding to threats or suspicious activities.
DHS cyber re-org clears Congress
By Mark Rockwell – Nov 14, 2018
Cybersecurity gets its own agency under a reorganization bill that is headed to the White House for the president’s signature.
The House agreed to a Senate version of the Cybersecurity and Infrastructure Security Agency Act on Nov. 12. The House agreed to the Senate amendment without opposition.
The bill, which the president is expected to sign, will replace the National Protection and Programs Directorate with the new Cybersecurity and Infrastructure Security Agency. CISA will be an operational component with the Department of Homeland Security on the same level as Customs and Border Protection and the Transportation Security Administration. The agency’s leader Chris Krebs will report directly to the DHS Secretary.
Krebs and other DHS cybersecurity officials have long complained the NPPD name didn’t explain the directorate’s important public-facing cybersecurity duties, which include the federal government’s cyber incident response teams, a 24/7 watch floor and information-sharing hub and other resources.
“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” Krebs said in a statement. “The changes will also improve the department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”
NPPD and top DHS officials have been pushing for the change for a couple of years. In October 2015, NPPD chief Suzanne Spaulding unveiled the reorganization plan, which she said was needed to unify responses to possible combined cyber and physical attacks on critical infrastructure and computer networks.