Senate panel approves DHS authorization

The Department of Homeland Security is a step closer to obtaining its first congressional authorization in its 15-year history.

The Senate Homeland Security and Governmental Affairs Committee approved authorization legislation by a vote of 10-1 on March 7. The measure now goes on to the full Senate for a vote.

The Senate bill is a substitute amendment to a House bill offered by Rep. Michael McCaul (R-Texas), who chairs the Homeland Security Committee. The bill passed the House by a vote of 386-41.

The House would have to vote again on the bill, assuming it passes the full Senate.

The bill reorganizes and upgrades the DHS cyber agency, the National Protection and Programs Directorate. The new organization, dubbed the Cybersecurity and Infrastructure Security Agency, will have new authority and will be headed by a DHS undersecretary.

The measure also sets roles and responsibilities for DHS' headquarters offices and includes provisions aimed at strengthening the agency's acquisition processes.

An amendment to the bill offered by Sen. Maggie Hassan (D-N.H.) sets up a bug bounty program at DHS modeled on the Hack the Pentagon effort.

Another amendment offered by HSGAC Ranking Member Sen. Claire McCaskill (D-Mo.) would set up a suspension and debarment program at the agency to sanction or exclude poorly performing contractors.

Sen. Rob Portman (R-Ohio) offered an amendment to modify a section on virtual currency use by terrorists to direct the production of an unclassified executive branch report on the "applications and threats of blockchain technology."

Election security

However, amendments that would have strengthened DHS' hand in helping states defend their election systems from cybersecurity threats or attack weren't included in the bill approved by the committee.

An amendment backed by Sen. James Lankford (R-Okla.) and Sen. Kamala Harris (D-Calif.) was withdrawn after Lankford said secretaries of state had contacted him with concerns it could "federalize" state-run elections. 

Lankford said he was frustrated with his amendment's withdrawal since election system cybersecurity has become a focus of concern for the next election cycle.

"When an actor tries to break into one state system, it is a danger" to the entire system, he said at the March 7 markup.

Another amendment, codifying established DHS "best practices" for election system security, such as cybersecurity sweep-by-request; sharing threat intelligence with states and providing security clearances for state election officials, was also offered and withdrawn by Hassan.

Lankford, Harris and Hassan said they would offer these measures as stand-alone legislation.

Johnson assured the committee he would hold a hearing on election security as the Senate Intelligence Committee prepares to publish a report on election system vulnerabilities.

In a statement to FCW after the amendments were withdrawn and the bill approved, the National Association of Secretaries of State said it had offered secretaries of state who had administered elections as a resource to Congress in drafting amendments, "but that offer was never pursued." NASS said it remained "eager for a more collaborative approach on any proposed legislation in the future."