Congress is moving forward with a plan to reauthorize the Department of Homeland Security for the first time since its 2002 creation and establish a permanent, dedicated cyber office within the agency.
The Senate Committee on Homeland Security and Government Affairs approved the legislation Wednesday. The current bill is a version of what the House passed in July. If it passes in the full Senate, it would still need to see action in the House, even though that side of Congress already passed two attempts to reauthorize DHS last year.
The Senate bill would reorganize DHS’s National Protection and Programs Directorate into a dedicated cyber agency, called the Cybersecurity and Infrastructure Security Agency. NPPD was established in 2007 by DHS and therefore isn’t officially deputized by Congress. The new office would be headed by an department undersecretary.
“Passing the Department of Homeland Security Authorization Act is an important step to strengthen DHS and to establish a process for regular authorizations so that Congress clearly defines the department’s responsibilities and authorities over time to evolve and address emerging threats,” said committee Chairman Ron Johnson, R-Wis., in a statement.
“Establishing an agency within DHS to focus on cyber and infrastructure security will help DHS achieve its missions,” Johnson said.
House Homeland Security Committee Chairman Mike McCaul, R-Texas, who led both reauthorization bills in the House, said that “It has taken too long to reauthorize NPPD” at an event last month, adding that it’s “demoralizing to a department when Congress hasn’t officially authorized or recognized it by law.”
The Senate bill also includes a version of Hack the DHS Act, legislation pushed by Sen. Maggie Hassan, D-N.H., that would create a bug bounty program to invite security researchers to find vulnerabilities in the agency’s networks.
Other cybersecurity-oriented amendments did not end up in the final version of the bill. Sens. James Lankford, R-Okla., and Kamala Harris, D-Calif., withdrew an amendment that sought to strengthen DHS’s support for states in dealing with election cybersecurity. A number of secretaries of state reportedly expressed concern to Lankford that the amendment would result in federal overreach.
Hassan also withdrew an amendment that would have established DHS “best practices” for the the security of election systems.