A bipartisan pair of senators wants to codify the Department of Homeland Security’s program for monitoring federal networks and make those cybersecurity capabilities available at the state and local levels as well.
The Office of Management and Budget mandated in 2018 agencies use the Continuous Diagnostics and Mitigation program’s suite of real-time capabilities for tracking and responding to digital incidents. Earlier this week, Sens. John Cornyn, R-Texas, and Maggie Hassan, D-N.H., introduced the Advancing Cybersecurity CDM Act, which would make the program law and require DHS to report systemic risks and potential incidents using data from the initiative.
Most agencies are behind in implementing the network security and data protection.
“Cyberattacks on government networks are increasing in frequency and sophistication, so updating the programs and tools federal agencies use to thwart these attempts is critical,” Cornyn said in a statement. “By codifying the CDM program and providing congressional oversight, we can ensure the federal government is better prepared for cyberthreats.”
The department created CDM with input from OMB and the National Institute of Standards and Technology, but without direct action by Congress.
Acting through the Cybersecurity and Infrastructure Security Agency, the DHS secretary would be expected to regularly launch new CDM tools and update existing ones to keep the program relevant.
Within 180 days of enactment, the law would require the creation of a CDM strategy for DHS to submit to Congress.
Cornyn and Hassan first introduced the bill last congressional session but without requiring capabilities be made available to state and local governments — which the program currently does.
The House recently passed legislation sponsored by Hassan that would make DHS’s “cyber hunt” and “cyber incident response” teams permanent.