On December 11, 2017, the House of Representatives passed the Cybersecurity and Infrastructure Security Agency Act, intended to centralize authority and responsibility for cybersecurity at the U.S. Department of Homeland Security (“DHS”). The legislation was subsequently sent to the Senate for consideration.

Principally, the bill intends to reorganize DHS’s cybersecurity efforts.  It amends the Homeland Security Act of 2002 and would redesignate DHS’s National Protection and Programs Directorate (“NPPD”) as the Cybersecurity and Infrastructure Security Agency (“CISA”). If passed, CISA would be its own operational agency (whereas NPPD is merely a component of DHS’s headquarters), and would be comprised of the following DHS components: (1) the Cybersecurity Division; (2) the Infrastructure Security Division; and (3) the Emergency Communications Division (previously the Office for Emergency Communications). CISA would also be staffed with a new director to ensure compliance with relevant federal laws and to report back to Congress.

Through the structural reorganization, the bill centralizes DHS’s existing responsibilities for cybersecurity.  CISA would serve as the hub for cybersecurity-related intelligence, risk assessment, and other security measures, and would be responsible for outreach and emergency communications to coordinate the government’s response to a cyberattack. Multiple government agencies would also coordinate their non-emergency communications through the new cybersecurity unit. In addition, CISA would be tasked with developing a new national plan for protecting government systems and critical infrastructure.

Representative Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, sponsored the bill.