DHS cyber re-org clears Congress

Cybersecurity gets its own agency under a reorganization bill that is headed to the White House for the president's signature.

The House agreed to a Senate version of the Cybersecurity and Infrastructure Security Agency Act on Nov. 12. The House agreed to the Senate amendment without opposition.

The bill, which the president is expected to sign, will replace the National Protection and Programs Directorate with the new Cybersecurity and Infrastructure Security Agency. CISA will be an operational component with the Department of Homeland Security on the same level as Customs and Border Protection and the Transportation Security Administration. The agency's leader Chris Krebs will report directly to the DHS Secretary.

Krebs and other DHS cybersecurity officials have long complained the NPPD name didn't explain the directorate's important public-facing cybersecurity duties, which include the federal government's cyber incident response teams, a 24/7 watch floor and information-sharing hub and other resources.

"Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation's critical infrastructure and cyber platforms," Krebs said in a statement. "The changes will also improve the department's ability to engage with industry and government stakeholders and recruit top cybersecurity talent."

NPPD and top DHS officials have been pushing for the change for a couple of years. In October 2015, NPPD chief Suzanne Spaulding unveiled the reorganization plan, which she said was needed to unify responses to possible combined cyber and physical attacks on critical infrastructure and computer networks.