Security news that informs and inspires

Congress Votes to Create New Federal Cybersecurity Agency


The division of the Department of Homeland Security that handles cybersecurity for the nation’s networks will soon become a new agency called the Cybersecurity and Infrastructure Security Agency.

The move will give the new agency responsibility for “cybersecurity and critical infrastructure security programs, operations, and associated policy” and create a new position of director of National Cybersecurity and Infrastructure Security. This change will involve quite a bit of reorganization inside DHS, as several of the department’s components will become part of CISA. The current National Protection and Programs Directorate, which has responsibility for cybersecurity right now, will be reorganized into the new agency.

The creation of CISA is the result of a bill that passed the House of Representatives on Tuesday and had previously passed the Senate. The move represents a significant shift in the way that the federal government treats cybersecurity and how it’s prioritized.

“Today’s vote is a significant step to stand up a federal government cybersecurity agency. The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical,” said said DHS Secretary Kirstjen Nielsen. “It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.”

"The changes will also improve the department’s ability to engage with industry and government stakeholders."

Right now, cybersecurity is handled by the NPPD, which also includes a number of other functions, such as the Federal Protective Service and the Office of Biometric Identity Management. Under the new agency, the FPS will de transferred to another part of DHS and the OBIM will become part of the Directorate of Management. But most significantly, it creates a single agency that is the lead for cybersecurity, something that legislators, officials, and private sector experts have been pushing for for several years. The current head of the NPPD, Under Secretary Chris Krebs, said the creation of CISA will make it easier for the agency to work with security community as a whole, as well.

“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms. The changes will also improve the department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”

There are several government agencies that have some responsibility for cybersecurity in the federal government, including the FBI, which investigated cybercrime, DHS, and the National Security Agency, which runs offensive operations and also has some defensive cybersecurity responsibilities. That won’t change once CISA becomes operational, but the new agency will have broad responsibilities for both cybersecurity and critical infrastructure protection. The agency will “lead cybersecurity and critical infrastructure security programs, operations, and associated policy for the Agency, including national cybersecurity asset response activities,” the bill says.