The full House is set to pass legislation that would halt plans by the Department of Homeland Security to embolden the agency’s cyberthreat information-sharing hub -- without first delivering a strategy to Congress.
The bipartisan measure was approved Sept. 30 by the Committee on Homeland Security and is expected to easily pass, as is, this evening, a congressional aide tells Nextgov.
In a related move, the panel has called DHS officials to reveal their proposal at a subcommittee hearing Wednesday morning, after committee leaders from both parties penned a letter of concern to Jeh Johnson about a lack of transparency, the aide said.
On Aug. 10, Johnson announced his intention to "elevate" the National Cybersecurity and Communications Integration Center, or NCCIC, within the department's structure. The rationale being that the center is key to Homeland Security's cybersecurity mission, he said.
However, an internal watchdog report released last month contends DHS struggles to align activities at its various cyber-related agencies with the department's overall mission. The investigation, conducted by the department inspector general, also found there is no automated information-sharing tool to share cyberthreat data between department components.
The findings come at a time when Congress is debating controversial legislation that would authorize the center or another federal info-sharing hub to swap threat data with the private sector.
According to Johnson, the center's leadership will report directly to him about network incidents that endanger the civilian government or key U.S. sectors. He said he already had instructed the National Protection and Programs Directorate, the division that oversees the center, to develop a reorganization plan that "will ensure the NCCIC is focused on strengthening our operational capabilities for mitigating and responding to cyber incidents."
The House bill, H.R. 3510, forbids DHS from changing "the location or reporting structure of the National Protection and Programs Directorate" or "the location or reporting structure of any office or component of the directorate" without prior authorization by Congress.
Lawmakers on Wednesday are convening to examine whether the proposed reorganization offers a clear mission, simplifies the entity's structure and ensures a qualified workforce is on board to execute that mission. The directorate's Undersecretary Suzanne Spaulding and Deputy Undersecretary for Cybersecurity and Communications Phyllis Schneck have been invited to testify, along with director Undersecretary Ronald J. Clark.
All three department senior executives are confirmed to attend, a DHS spokesman told Nextgov in an email.
"Threats to critical infrastructure, particularly cyber threats, are evolving with increasing speed and we need to evolve to effectively support government and the private sector to address these threats," the department spokesman said. "As our plans for changes in NPPD have developed, we have worked to keep both Congress and our workforce informed and we look forward to the opportunity for further dialogue."