DHS still pushing to rename cyber shop

Although it sounds like a small thing, a new name for the Department of Homeland Security's key cybersecurity component would go a long way toward making it more effective and attracting a technically skilled workforce, its top manager told lawmakers.

The Cybersecurity and Infrastructure Agency Act of 2917, sponsored by House Homeland Security Committee Chairman Michael McCaul, would elevate and rebrand the National Protection and Programs Directorate. The bill was approved out of committee last July, but touches on the jurisdiction of multiple committees and faces headwinds in the Senate.

The renaming of NPPD, said Christopher Krebs, the senior official in charge of the cyber shop, is more important than it might sound.

Speaking at an Oct. 3 hearing of the House Homeland Security Committee, Krebs said changing NPPD's name to the Cybersecurity and Infrastructure Security Agency will be instrumental in moving the agency's cybersecurity efforts ahead, said Krebs.

To drive that point home, Krebs told lawmakers he had accompanied officials from DHS and various component agencies to Puerto Rico twice in the last week to support the disaster recovery efforts there in the wake of Hurricane Maria.

Krebs said NPPD was helping telecommunications critical infrastructure providers, including AT&T, Sprint, Verizon and other companies, get the devastated communications infrastructure on the island back up and running.

He said he met with DHS acting Secretary Elaine Duke, Puerto Rico Gov. Ricardo Rosselló and Rosselló's key staff to talk about the efforts to restore the communications infrastructure.

"As I briefed, I introduced myself as the 'senior official performing the duties of the undersecretary for the National Protection and Programs Directorate,'" Krebs said. "Now try repeating that back. It's not easy."

"Someone who has never heard that before [from the governor's office] immediately went on a press interview and alongside the [Transportation Security Administration] administrator, vice commandant of the Coast Guard, the secretary of Homeland Security, the FEMA regional administrator, they said 'we have FEMA, TSA, the Coast Guard and the comms guy…'"

That minimization shows how NPPD's name clouds its critical mission, Krebs argued. Passing the bill, he said, would not only clarify internal duties, but also build the agency's brand with the public and for recruiting experts.

Lawmakers were also interested in how NPPD was dealing with the Russian probes of local and state voting systems in the run-up to the 2016 election.

Renaming the NPPD would give "clear direction" on how it would proceed in many areas, including technologically, Krebs said, adding that the agency will need more expert staff and resources as DHS moves toward cloud and shared services. "Cybersecurity isn't going away. We need resources and staffing," he said.

NPPD, he said, has been building relationships with local and state election officials to collaborate on how to protect those systems from cyberattack or outside meddling.

Building those relationships will take "a lot of effort and time," he said. With the next election only months away, "there's not a lot of time," he added.

To that end, Krebs said he had told NPPD the week of Sept. 28 that he had elevated the election protection program to a task force that could tap experts from across DHS, including the agency's Office of Intelligence and Analysis, to help with the issue.