CISA Act Calls for New Cybersecurity Agency Inside DHS

The U.S. Department of Homeland Security will be forming a new agency exclusively focused on cybersecurity following the passing of the Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) by Congress. The new Act amends the Homeland Security Act of 2002 and requires DHS to create a new Cybersecurity and Infrastructure Security Agency. The House of Representatives unanimously passed the CISA Act and will be signed into law when signed by President Trump.

The new agency is going to be created by means of reorganizing the National Protection and Programs Directorate (NPPD). The new agency will have the same status as other DHS agencies, for example the U.S. Secret Service.

The NPPD is currently in charge of reducing risks to critical infrastructure, although many different agencies have some cybersecurity functions. NPPD presently directs IT security campaigns with other entities, including local, state, tribal, and territorial governing bodies and the private sector, and is also responsible for overseeing federal government civilian agencies’ cybesecurity efforts.

The new name for the NPPD is a better reflection of the work the agency performs and highlights the value of cybersecurity in protecting the critical infrastructure of the nation. Data security and physical infrastructure security roles will now be merged and handled by a single agency.

The cyber threat landscape is continually changing, and DHS must be effectively positioned to shield America’s infrastructure against digital and physical threats. It’s indeed the right time for NPPD to reorganize and operate as the Cybersecurity and Infrastructure Security Agency, explained DHS Secretary Kirstjen M. Nielsen.

Having one agency in control of the country’s cybersecurity, will help the U.S. government to address the current gaps in security. Presently, every federal agency takes care of its own IT systems and handles cyber risks. Irrespective of size and funding, every government entity should manage cyber risks and decrease those risks to a minimal level. However, since the budgets of each agency can vary substantially, security gaps are likely to occur, especially at agencies with limited resources.

Prioritizing the cybersecurity mission of the Department of Homeland Security, simplifying operations, and working to give NPPD a name that reflects what it truly does will keep the country’s vital infrastructure and cyber platforms secure. The changes being made will also help the Department of Homeland Security engage with government and industry stakeholders and recruit the best cybersecurity talent.