In light of recent reports exposing cyberattacks by Russian hackers on U.S. energy infrastructure, Homeland Security Committee Chairman Michael McCaul (R-TX) is advocating for the expedited passage of legislation that would reorganize a portion of the Department of Homeland Security (DHS) to create a stand-alone agency. The new agency would work with critical infrastructure providers in the financial, energy, and manufacturing sectors to guard against cyberattacks.
On December 11, 2017, the House passed by voice vote H.R. 3359, the Cybersecurity and Infrastructure Security Agency Act of 2017, championed by Rep. McCaul. The official summary accompanying the bill states that it “amends the Homeland Security Act of 2002 to redesignate the DHS’s National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency (CISA) to be headed by a Director of National Cybersecurity and Infrastructure Security to lead national efforts to protect and enhance the security and resilience of U.S. cybersecurity, emergency communications, and critical infrastructure.”
The legislation was crafted after extensive discussions between lawmakers and U.S. government officials, and received the support of Homeland Security Secretary Kirstjen Nielsen. After passage of H.R. 3359, Secretary Nielsen stated, “Our nation’s critical infrastructure can often be prime targets for adversaries of all types, including terrorists, nation state and other non-state actors, hackers, and ordinary criminals. . . . As the threat landscape shifts and becomes more complex, our approach to security must evolve.”
H.R. 3359 has not yet been taken up by the Senate. Instead, the Senate Homeland Security and Governmental Affairs Committee voted favorably on March 7, 2018 to advance H.R. 2825, the Department of Homeland Security Authorization Act, with amendments. According to a press release by Sen. Ron Johnson (R-WI), after being amended, the language of H.R. 2825 “now includes a key reorganization for DHS, transforming the National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency.”
After amending H.R. 2825, the Senate version now includes many components of H.R. 3359, with the exception of language addressing election cybersecurity which received pushback from concerned secretaries of state in a number of states. The Senate reconvenes on April 9, 2018, but the measure has not been placed on the Senate legislative calendar for floor time at the time of this publication.