Congress Passes Bill to Create New Federal Cybersecurity Agency

Cybersecurity and Infrastructure Security Agency Act now headed to President Trump for signing into law.

A bill that seeks to reorganize the US Department of Homeland Securitys National Protection and Programs Directorate (NPPD) into a new cybersecurity agency has cleared Congress and is now headed to President Trumps desk for his signature.
The Cybersecurity and Infrastructure Security Agency Act - which passed the Senate in October and the US House of Representatives this week - essentially re-designates NPPD as the Cybersecurity and Infrastructure Security Agency (CISA).
CISA
will be responsible for leading cybersecurity and critical infrastructure protection programs, developing associated policy, and coordinating with federal and private sector entities on security matters. CISA also will be responsible for fulfilling DHS responsibilities with respect to anti-terrorism standards for chemical facilities.
The new agency will have a Cybersecurity Division, an Infrastructure Security Division, and an Emergency Communications Division. Christopher Krebs, the current NPPD Undersecretary, will head up CISA.
The reorganization will elevate and streamline the cybersecurity mission within DHS while improving the departments ability to engage with government and industry stakeholders, Krebs said in a
statement
this week. Giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms, he added.
The move to spin out NPPD into a separate, operational cybersecurity agency comes amid growing threats to US critical infrastructure and industry from nation-state adversaries and increasingly sophisticated cybercrime groups. Concerns about adversaries having capabilities to physically damage critical systems and networks and to steal trade secrets and intellectual property from US companies have escalated sharply in recent months. The current geopolitical tensions between the US and countries such as China, Russia, North Korea, and Iran have only exacerbated those concerns.
Same Agency, New Look?
The big question though is whether reorganizing the NPPD into a new agency is going to make much of a difference in the USs ability to address its cybersecurity concerns. Im concerned that putting a new face on the old NPPD wont raise performance levels to what the nation needs, says Alan Paller, founder and director of research of the SANS Institute.
There has been something of an internal battle between the NPPD and the DHS Science & Technology group, which is responsible for researching, developing, testing, and evaluating technologies in support of the DHS mission, Paller notes. So far at least, the only things that you could point to with impact were coming out of the [S&T] group, he says.
Colin Bastable, CEO of Lucy Security, says the feds instead need an FBI-like organization in charge of cybersecurity for businesses, non-federal assets, and consumers. The problems that private citizens and private enterprises face from rampant cybercrime are never going to be addressed by the DHS, even wearing its CISA cape, because DHS primary focus is the federal government, Bastable says.
A federal bureau of cybersecurity would be focused on protecting Americans as consumers and employees, and the businesses that employ them. It would be responsible for investigating and attacking cyber criminal gangs and anticipating cyber threats.
From a cybersecurity perspective, the DHS is always going to focus on federal infrastructure and major systems, Bastable notes. It is an amalgamation of 22 agencies and while it has many smart employees, it is never going to be agile enough to combat the cyber threats that we face.
Related Content:
DHS Establishes Center For Defense of Critical Infrastructure
White House Cybersecurity Strategy at a Crossroads
DHS Directive Increases Federal DMARC Adoption 38 Percent in 30 Days
2018 State of Cyber Workforce

Black Hat Europe returns to London Dec 3-6 2018 with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the
conference
and
to register.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Congress Passes Bill to Create New Federal Cybersecurity Agency