The House Homeland Security Committee will consider legislation this week that would reorganize and elevate the Department of Homeland Security’s cybersecurity branch.
The draft bill, from committee Chairman Michael McCaul (R-Texas), would replace the National Protection and Programs Directorate (NPPD) at DHS with the Cybersecurity and Infrastructure Security Agency.
NPPD is currently responsible for the department’s cyber and physical infrastructure protection efforts. The new agency would be headed by a director who would report to the Homeland Security secretary, a post now held by John Kelly. NPPD is now headed by an undersecretary.
The new agency would have a cybersecurity division led by an assistant director as well as an infrastructure security division.
McCaul has long been pushing for a reorganization of DHS’ cybersecurity responsibilities, an idea that has advocates in and outside the department. The Texas Republican introduced similar legislation last year that advanced the panel but never went to the floor for a full House vote.
McCaul has been engaging with the Trump administration on the legislative effort, submitting a draft to DHS earlier this year in order to receive feedback. McCaul described the administration as “fully supportive” of the effort during a forum in May.
“This is simply about making the department more effective in one of the most important missions it has,” McCaul said then.
The committee is slated to mark up the bill along with several others during a meeting Wednesday.
The legislation lays out the responsibilities of the director of the Cybersecurity and Infrastructure Security Agency, which include leading cybersecurity and critical infrastructure protection programs and cyber response initiatives, coordinating with federal and nonfederal entities on cyber and infrastructure security, and coordinating a national effort to secure critical infrastructure from threats.
It also spells out the cybersecurity and infrastructure security authorities of the Homeland Security secretary, including carrying out risk assessments of critical infrastructure and developing a comprehensive plan to secure critical resources and infrastructure such as power plants, information technology and telecommunications infrastructure.
In addition to the cyber and infrastructure security divisions, the agency would also get a “privacy officer” to ensure that its use of technology is consistent with privacy protections governing the use, collection and disclosure of personal information.
Under the legislation, the Office of Biometric Identity Management currently located at NPPD would be transferred out to the DHS’s Directorate for Management. The bill would also give the secretary the authority to transfer the Federal Protective Service to any other part of DHS he deems appropriate.