Cyber-Heavy DHS Reauthorization Bill Passes House

A bill that would reauthorize the Homeland Security Department for the first time in its nearly 15-year history and beef up cyber protections at ports and airports passed the House of Representatives Thursday.

The reauthorization bill, which was long championed by House Homeland Security Chairman Michael McCaul, R-Texas, would direct the Transportation Security Administration to conduct a broad assessment of cyber risks to aviation security and to be prepared to vet cyber protections of specific airports and airlines if requested.

TSA must also develop one program to enhance cyber threat information sharing across the aviation sector and another to assess cyber vulnerabilities in data stored by TSA PreCheck and other trusted traveler programs, according to the bill, which passed the House 386-41.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The bill also formally tasks the U.S. Coast Guard with ensuring cyber protections at U.S. ports and with helping port operators share cyber threat information.

The bill now heads to the Senate where there’s no schedule yet for considering it.

McCaul is planning separate legislation that would elevate DHS’s cyber operations wing, the National Protection and Programs Directorate, giving it enhanced authorities and a more direct line to department leadership. McCaul has yet to introduce that bill.

Similar legislation failed to advance last Congress amid jurisdictional disputes among House committees.

The reauthorization bill also aims to improve how DHS shares cyber threat information and best practices with state and local officials.

It directs DHS to embed representatives from state and local DHS fusion centers in its cyber operations hub, the National Cybersecurity and Communications Integration Center.

The NCCIC currently embeds representatives from industry sector-specific cyber information sharing groups known as Information Sharing and Analysis Centers or ISACs. ISACs represent sectors deemed critical infrastructure such as telecommunications, energy and transportation.

The bill also urges DHS to do a better job creating unclassified versions of cyber threat alerts so it can share them with state and local officials who lack security clearances.  

“The Committee has heard that, while improving, the flow of federal cyber threat and risk information to State and local emergency response providers is slow and overclassified,” a bill outline states, adding that “the current process of sharing information has caused emergency response providers to be reactive rather than proactive in addressing the current cyber threats.”

The bill also directs the Federal Emergency Management Agency to study how state and local officials are using two DHS grant programs to address gaps in their cyber protections. States and cities consistently give low marks to their cyber preparedness but only a small portion of State Homeland Security Grant Program and Urban Area Security Initiative grant funds are directed at cyber improvements, the outline states.