Government’s Cyber Monitoring Program Would Become Law Under House Bill

Natali_ Mis/

The bill also aims to prevent agencies from getting stuck with outdated technology.

At least one lawmaker is a fan of one of the Homeland Security Department’s governmentwide cybersecurity initiatives and has introduced legislation to ensure it sticks around and evolves along with private-sector technology.

Rep. John Ratcliffe, R-Texas, Wednesday introduced the Advancing Cybersecurity Diagnostics and Mitigation Act, which would codify the Homeland Security Department’s Continuous Diagnostics and Mitigation, or CDM program, a suite of tools for agencies to monitor malicious traffic and hacking attempts.

The program was created in 2012 and has recently been upgraded to CDM Dynamic and Evolving Federal Enterprise Network Defense, or CDM DEFEND, a new tack intended to speed up the acquisition process and make it easier to make new technologies and solutions available.

“Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector,” Ratcliffe said in a statement. “We’re also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors.”

Ratcliffe introduced the bill as an amendment to the statute that created the Homeland Security Department in 2002.

The bill outlines the responsibilities of the CDM program, including developing network monitoring tools and the acquisition vehicles needed to spread them across government. But the legislation adds some additional duties, as well, such as providing regular risk reports to federal agencies.

The bill would also give Secretary Kirstjen Nielsen 180 days to put a comprehensive CDM strategy in writing. That strategy must include: a description of the program, an outline of interagency coordination, a list of obstacles to deployment and recommendations for current and future agency programs.

After that, Nielsen and DHS will have another 90 days to use CDM data to create a cybersecurity risk assessment that covers the entire federal enterprise.

“At the end of the day, cybersecurity is national security—and that means we’ve got to ensure we’re addressing the dangers at our digital borders through risk-based, cost-effective strategies enabled by programs like CDM,” Ratcliffe said. “I’m hopeful for the strong support of our bill to back this important mission, as the cyber threats we face continue to evolve.”