After years of debate, Congress is poised to vote on legislation that would cement the Department of Homeland Security’s role as the government’s main civilian cybersecurity authority. The Cybersecurity and Infrastructure Security Agency Act, which has been in the works since the Obama administration, would give the department a stand-alone cybersecurity agency with the same stature as other DHS units, such as the Federal Emergency Management Agency. The Senate could vote on the bill, which passed in the House last year, as early as this week as it takes up a slew of cybersecurity-related legislation. Approving the legislation would mark a major shift in Congress’s views on whether DHS should lead the government’s efforts to protect federal computer networks, power plants and other critical infrastructure from digital attacks. Attempts to make DHS the government’s civilian cybersecurity hub have stalled amid resistance from some lawmakers who say the relatively young agency isn’t as well equipped to deal with cyberthreats as the National Security Agency or the FBI.
“It would be a sea change,” said Chris Cummiskey, a former undersecretary at DHS. “This is a capstone saying, ‘The debate is over — at least in who Congress says should take the lead here.’ ”
Congress has taken some steps in recent years to expand DHS’s cybersecurity authorities, passing legislation such as the 2015 Cybersecurity Information Sharing Act, which tasked the agency with exchanging threat information with the private sector. But lawmakers have stopped short of handing over the reins entirely, allowing other agencies with cyber components to keep asserting control over civilian cybersecurity. In the meantime, the dozens of congressional committees that claim jurisdiction over DHS have tussled over who should be in charge. Passing this legislation would quell those disputes, Cummiskey told me.
“Up until now there’s been a series of bills that have chipped away at this notion that multiple agencies should have primary roles. This is a much more definitive statement,” he said. “It won’t eradicate these arguments and turf wars completely, but they will fall by the wayside.”
Full Article: The Cybersecurity 202: Congress poised to allow DHS to take the lead on federal cybersecurity – The Washington Post.