DHS cyber reorg bill coming

The chairman of the House Homeland Security Committee plans to reintroduce legislation that would rename and reorganize the cybersecurity division at Department of Homeland Security in the coming weeks, dubbing it a priority.

The Department of Homeland Security has been touting a plan for some time to reorganize and rename its National Protection and Programs Directorate to more closely bind cyber and physical security capabilities as well as elevate the directorate to a headquarters division.

In a March 28 subcommittee hearing on the current state of DHS' effort to secure federal networks, House Homeland Security Committee Chairman Michael McCaul (R-Texas) said he will introduce a bill in the next two weeks that would "create a stronger, consolidated cybersecurity agency" at DHS. The proposal, he said "will elevate the cybersecurity mission at DHS at a critical time and further enhance cyber operations, including those to more effectively secure federal networks."

McCaul told FCW after the hearing that he planned a markup of the NPPD bill "by the end of spring" and that it was a priority.

In testimony before the Cybersecurity and Infrastructure Subcommittee, Jeanette Manfra, acting undersecretary for cybersecurity at NPPD, told lawmakers that rebranding the agency was at the top of her legislative wish list. "It's very important for us," she said.

Lawmakers on the panel asked Manfra about the progress of DHS' Einstein, Continuous Diagnostics and Mitigation and information-sharing programs. 

DHS came in for only slight criticism on Einstein and CDM shortfalls during the hearing. Gregory Wilshusen, director, Information Security Issues at the Government Accountability Office, said Einstein was limited in its ability to detect intruder signatures that weren't on its list or hadn't been detected before. Its ability to analyze network data for trends as well as share information with agencies on cyber threats and incidents were also limited.

However, he said DHS had taken up the nine recommendations GAO made for improvements in Einstein's detection, notification, analytics and information-sharing capabilities.

IT modernization and protecting legacy IT at federal agencies are two top challenges for DHS going forward, Manfra said.

Acquisition reform, she said, could help with both.

"Acquisition reform is important," Manfra said, as traditional federal acquisition practices can blunt technology refreshes that bring new, more effective capabilities.

A faster capability to buy tech goods and services, she said, would help the agency keep up with galloping IT capabilities, as would a more flexible way to work with non-traditional contracts.

Leveraging government buying power across government, Wilshusen said, could also strengthen cybersecurity as it could lead to common, more interoperable solutions across agencies. "It's important for integration of the computing environment."

The panel was concerned, however, about DHS' indicator sharing program with private industry. Congress has been working to build DHS’s ability to work with commercial companies to exchange threat indicators.

Rep. James Langevin (D-R.I) told Manfra that DHS "needs to work harder on information sharing, including sharing context along with the indicators. Companies have complained that raw threat indicators don't provide them with enough information to take action.

Manfra said a year into the threat indicator sharing program, there are about 200 participants getting indicators from DHS. "We're looking to improve the program," she said, potentially providing scoring and context along with the indicator data. She said companies "understood that we're improving, but we still need to do more."