A bill codifying the Department of Homeland Security’s program for monitoring federal networks will be introduced in the House on Friday.
The Office of Management and Budget mandated in 2018 that agencies use the Continuous Diagnostics and Mitigation program’s tools for tracking and responding to cybersecurity incidents. But CDM was created without direct action from Congress codifying it.
Sens. John Cornyn, R-Texas, and Maggie Hassan, D-N.H., introduced the Advancing Cybersecurity CDM Act in the Senate in late July to make the program law and require DHS report systemic risks and potential breaches using data from the initiative. And now Reps. John Ratcliffe, R-Texas, and Ro Khanna, D-Calif., will introduce identical, companion legislation in the House.
“As cyber threats continue to increase in frequency and complexity, we must constantly work to enhance our nation’s cyber defense capabilities,” Ratcliffe said in the announcement.
Most agencies are behind in implementing CDM’s network security and data protection capabilities.
DHS would be required to submit a CDM strategy to lawmakers within 180 days of the new legislation’s enactment.
Acting through the Cybersecurity and Infrastructure Security Agency, DHS would be expected to regularly launch new CDM tools and update existing ones — making them available to state, local and tribal governments as well.
Cornyn and Hassan first introduced their bill last congressional session but without state, local and tribal support.
“The technology is there; we just have to ensure our agencies have the necessary tools to defend against hackers and cyberthreats,” Khanna said in a statement. “A strong CDM program will be instrumental in that effort.”