A bipartisan bill newly introduced in the House would update a Department of Homeland Security (DHS) program that provides tools and services to lock down federal cybersecurity.
The proposed House legislation sponsored by Reps. John Ratcliffe (R-TX) and Ro Khanna (D-CA), termed the Advancing Cybersecurity Diagnostics and Mitigation Act, would formally codify the department's Continuous Diagnostics and Mitigation (CDM) program and provide Congressional oversight. The CDM program offers commercial, off-the-shelf cybersecurity tools, integration services, and dashboards to participating agencies to support them in improving their respective security posture.
The House bill would require DHS to develop a strategy to ensure that the CDM program can adjust to emerging cyber threats and would require the DHS secretary to make the CDM program available for state, local and tribal governments.
A companion bill was re-introduced in the Senate on July 30 by Sens. Maggie Hassan (D-NH) and John Cornyn (R-TX). Ratcliffe’s and Khanna’s bill is identical to the Senate legislation, which has not yet been acted on. It has been referred to the Senate Committee on Homeland Security and Governmental Affairs.
“Our government must have the necessary tools to protect Americans against the massive cybersecurity threats of the 21st century,” Khanna said. “The technology is there: we just have to ensure our agencies have the necessary tools to defend against hackers and cyberthreats. A strong CDM program will be instrumental in that effort.”
The Advancing Cybersecurity Diagnostics and Mitigation Act:
- Codifies the work of the CDM program to date.
- Requires the Secretary to make CDM capabilities available and develop policies for reporting cyber risks and incidents based upon data collected under CDM.
- Directs the Secretary to deploy new CDM technologies to continuously evolve the program.
- Requires the Secretary to make the CDM program capabilities available for use to civilian departments and agencies, and State, local, and tribal governments.
- Mandates that DHS develop a strategy to ensure the program continues to adjust to the cyber threat landscape.
"With constantly evolving threats, it's critical that the Department of Homeland Security enhances its efforts to monitor and address cybersecurity vulnerabilities as they arise, and importantly, ensures that these resources are available to state and local governments across the country,” Hassan said.