DHS still waiting on NPPD reorg

Shutterstock image (by vetkit): businessman thinking with question mark over head.

The Department of Homeland Security's plan to reorganize and rename the National Protection and Programs Directorate is still stuck on Capitol Hill, according to one of NPPD's top officials.

When asked about the status of the plan at a Nov. 2 conference, Phyllis Schneck, deputy undersecretary for cybersecurity and communications at NPPD, said, "I wish I knew."

She and other DHS officials have been trying to keep the reorganization's profile high on Congress' agenda for the past few months.

The reorganization would rename NPPD as the Cybersecurity and Infrastructure Protection Agency and bind cyber and physical security capabilities more closely to better reflect the links between security threats.

In mid-October, DHS Secretary Jeh Johnson told the Critical Infrastructure Partnership Advisory Council that the reorganization should be at the top of the next Congress' list of priorities.

At the same meeting, NPPD Undersecretary Suzanne Spaulding said the reorganization would position the new cyber hub as an operational component at DHS rather than simply a headquarters agency. The new organization could then go beyond policy guidance to provide specific, results-oriented advice.

In her remarks at the Homeland Security Week conference on Nov. 2, Schneck said October and November mark a particularly interesting time for DHS, cybersecurity and critical infrastructure.

In October -- DHS' designated Cybersecurity Month -- the agency highlights the importance of basic cybersecurity practices and awareness. November is Critical Infrastructure Security and Resilience Month, when DHS highlights relevant best practices and awareness.

And Nov. 8, of course, is Election Day. Although the nation's voting systems are not currently designated as critical infrastructure, Johnson raised that possibility in August after hackers targeted Democratic National Committee systems and state voter databases. The majority of states have asked DHS to scan their election systems for vulnerabilities, but several state officials have publicly objected to any formal DHS oversight.

In a Nov. 2 blog post about this month's emphasis on critical infrastructure, Spaulding said officials at NPPD and other DHS components -- such as the Federal Emergency Management Agency, Transportation Security Administration and Coast Guard -- "are on the frontlines securing and protecting critical infrastructure each and every day throughout the nation."

This year, Critical Infrastructure Security and Resilience Month will focus on the sector's increasing reliance on web-enabled systems, she said.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 


Reader comments

Fri, Nov 4, 2016 Bill CT

No mention of what the reorganization really is about. "...the reorganization would position the new cyber hub as an operational component at DHS rather than simply a headquarters agency. The new organization could then go beyond policy guidance to provide specific, results-oriented advice." What is the difference between "policy guidance" and "advice"? It sounds like the typical government approach - rename something to make it look like they are doing something when nothing actually changes. Then blame Congress or "fill-in-the-blank" for not getting excited about it. Homeland Defense has become one more huge bureaucracy that does little beyond issuing statements and reacting to events after the fact - like telling me to take off my shoes at the airport. I remember noting several years before the shoe bomber that all someone had to do was to hide things in their shoes rather than their pockets since the scanner didn't go that low. Pretty obvious even to me. Its the same with cyber crime. They react after the fact. Why is it almost every part of the government has been hacked? Because they don't do anything until after the fact. And then they react by issuing statements and, at most, closing the door that got opened rather than looking at all of the remaining attack surfaces and fixing them. They don't fix things. No one gets fired. They simply issue statements and everyone else gives a sigh of relief that it was not their computers this time and hopes that they are not the next headline. They'd pray they are not but then that is a firing offense these days.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group