Cybersecurity

Homeland Security Committee to weigh DHS cyber reorganization

The House Homeland Security Committee on Wednesday will mark up legislation by Chairman Michael McCaul (R-Texas) to reorganize how the Department of Homeland Security (DHS) protects critical infrastructure from digital threats.

{mosads}The bill, set to be introduced Tuesday, would replace the National Protection and Programs Directorate (NPPD) with a new agency tasked with protecting the computer networks that run the nation’s power grid, water utilities and more.

The proposed agency — the so-called Cybersecurity and Infrastructure Protection Agency — would remain under the authority of the DHS, but would have operational capabilities.

The administration has pushed for a reorganization of the NPPD — which currently houses a cyber-focused office — but the particulars have been the subject of some quibbling between the DHS and lawmakers.

The agency has proposed three operational units within the renamed NPDD — an office of infrastructure protection, an “elevated and enhanced” cybersecurity office and the existing Federal Protective Service, which protects federal buildings.

McCaul’s legislation differs from the administration’s proposal in a number of key ways.

While the DHS wants to integrate responsibility for cyber and physical security across the agency, McCaul’s bill would keep the cyber division separate from the agency’s mission to guard against physical threats.

The bill does call for risk assessments and joint working groups to mitigate the cascading fall-out between the cyber and kinetic world.

“I’d say we’re 90 percent in agreement on what we’re trying to achieve — allowing them to be operational,” the aide told The Hill.

But the DHS’s handling of the proposed restructuring has long been a sore spot between the administration and the committee.

Over the summer, an administration proposal was leaked to the media, drawing ire from members who criticized the agency for pushing forward with the reorganization without involving lawmakers.

“The committee only received a briefing after these reports in the press, and unfortunately, only minimal details of the reorganization effort after several requests have been provided in the time since,” Rep. John Ratcliffe (R-Texas), chairman of the cybersecurity subcommittee, said during a hearing in October.

“Even more disappointing, the committee has heard that DHS leadership had planned to move forward unilaterally on several efforts without Congressional review or approval,” Ratcliffe added.

Earlier that month, the House also passed a bill brought by committee member Rep. Cedric Richmond (D-La.) that, among other things, forbade the agency from undertaking a major reorganization without Congressional authorization.

NPPD Under Secretary Suzanne Spaulding insisted that the department’s plans were leaked to the media “prematurely” and that the agency tried to ensure that Congress has been informed at appropriate junctures throughout the process.

In upper chamber, Sen. Tom Carper (D-Del.), the ranking member of the Homeland Security and Government Affairs Committee, has floated a draft proposal that hews closely to the administration proposal.