Congress Passes Legislation Establishing Cybersecurity Agency in DHS
by Angela C. Schulz, Associate Attorney
On November 16, 2018, President Trump signed into law a bill that authorizes the reorganization of the US Department of Homeland Security’s National Protection and Programs Directorate (NPPD) into a new cybersecurity agency, the Cybersecurity and Infrastructure Security Agency (CISA).
The new federal agency operating within the Department of Homeland Security (DHS) will have a Cybersecurity Division, an Infrastructure Security Division, and an Emergency Communications Division. The NPPD will benefit from an increased budget, streamlined operations, and improvements in the agency’s ability to recruit top cybersecurity talent. Christopher Krebs, the current NPPD Undersecretary, will head up CISA.
The move to transform the NPPD into a separate, operational cybersecurity agency comes amid growing threats to critical US infrastructure and industries from various nation-state adversaries and increasingly sophisticated cybercrime groups. Still, some cybersecurity analysts question whether reorganizing the NPPD into a new agency will make much of a difference in the US’s ability to address its cybersecurity concerns. Cybersecurity increasingly is an integral concern for consumers, businesses, and non-federal assets. However, the DHS’s primary focus of addressing cyber crime remains on the federal government, not the epidemic problems that private citizens and businesses also face.
The CISA Act (H.R. 3359) was initially proposed last year, passed in the Senate in October, and passed the House earlier in November.