Cyber First Responder Teams Established Under Newly Passed House Bill
Cybersecurity first responder teams at the Department of Homeland Security (DHS) will be created under new bi-partisan legislation passed by House lawmakers in a voice vote.
The DHS Cyber Incident Response Teams Act (H.R. 1158) would establish cybersecurity crews sent out to help public and private sector asset owners and operators in the immediate wake of a cyber attack, according to Michael McCaul, the legislation’s primary sponsor and ranking member of the House Foreign Affairs Committee. Teams would operate inside DHS’s National Cybersecurity and Communications Integration Center.
“My bill authorizes CISA’s (Cybersecurity and Infrastructure Security Agency) ability to maintain cyber incident response teams to assist against cyberattacks on the government and private sector,” McCaul said in remarks on the House floor. “These teams not only help respond to cyberattacks, but also help mitigate the potential destruction they cause, and restore damaged networks after.”
The House bill is also sponsored by Reps. Jim Langevin (D-RI), John Katko (R-NY), Dutch Ruppersberger (D-MD), and John Ratcliffe (R-TX). A companion law in the Senate sponsored by Sen. Maggie Hassan (D-NH) and backed by Sens. Gary Peters (D-MI) and Rob Portman (R-OH) was approved by the Homeland Security and Governmental Affairs Committee in April but has yet to receive a floor vote.
One unique aspect of the House bill is that it allows cybersecurity pros from the private sector to serve on the teams, McCaul said. “This ensures that we have the best and brightest from both the public and private sectors working in unison to secure our critical infrastructure and vital national networks. These response teams are a force multiplier—enhancing our cybersecurity workforce and helping protect our connected world.”
Under H.R. 1158, the Center has to maintain cyber hunt and incident response teams that provide the following:
- Assist asset owners and operators to restore services following a cyber incident.
- Identify cybersecurity risk and unauthorized cyber activity.
- Develop mitigation strategies to prevent, deter, and protect against cybersecurity risks.
- Make recommendations to asset owners and operators to improve overall network and control systems security to lower cybersecurity risks.
- The Center must continually assess and evaluate the cyber incident response teams and their operations.
- For each of the first four years after the measure is enacted, the Center must show Congress information on the metrics used for evaluation and assessment of the teams, including operations, resources and staffing.