A long-stalled bill to include “cybersecurity” in the name of the government’s central cybersecurity office is now moving forward.
The lead office governmentwide for handling cybersecurity issues in the public and private sector was finally granted something officials had long sought: actually including “cybersecurity” in the office’s name.
Wednesday, Senate lawmakers passed a long-awaited bill to rename the Homeland Security Department’s point office for cybersecurity, the National Protection and Programs Directorate, to something more fitting. The Cybersecurity and Infrastructure Security Agency Act of 2017—which passed by unanimous consent—would change the office’s title to the Cybersecurity and Infrastructure Security Agency, or CISA.
As the name suggests, the office will lead efforts on cybersecurity of federal networks and critical infrastructure and coordinating between the government and private sector. The legislation also gives the office purview over “DHS's responsibilities concerning chemical facilities antiterrorism standards.”
Proponents of the name change have long said it is more than cosmetic. Besides being a strange, bureaucratic word-salad, NPPD’s non-descriptive name made it difficult for private sector, state and local parties to identify the office as the place to go for cybersecurity assistance—a central focus of the program.
The office’s lead, Chris Krebs, took to Twitter to thank lawmakers for officially creating “the first cybersecurity agency in the fed gov’t.”
“Perfect timing as Oct. is #CyberMonth2018,” he added. “This will go a long way in our ability to defend the nation against #cyber threats.”
The bill will now go back to the House, which approved a version of the bill in December 2017 but will have to vote on the updated language before it can become official.
“The Cybersecurity and Infrastructure Security Act … is meant to recognize the importance of the mission that we have at DHS,” Homeland Security Secretary Kristjen Nielsen said during a Washington Post event Tuesday. “We are responsible for federal efforts when it comes to both protecting critical infrastructure, working with the owner-operators in private sector and protecting all those civilian dot-govs. To do that, we have to have both a name that indicates that is what we do, and we have to be able to streamline the organization so that we can become more operational.”
The new name also mirrors landmark cybersecurity legislation passed in 2015, the Cybersecurity Information Sharing Act, which sought to increase the sharing of threat information between the private and public sector. While the measure was lauded by many in government, a Nextgov investigation showed there has been little private sector participation in the intervening time.