Lawmakers Want to Expand DHS' Cyber Monitoring Program to State and Local Governments


Under a forthcoming bill, lawmakers also aim to make it easier for agencies to put the data collected under the program to good use.

A bipartisan pair of lawmakers are trying to make the Continuous Diagnostics and Mitigation program a permanent fixture in the government’s cybersecurity toolkit.

Launched in 2013 by the Homeland Security Department, the program offers agencies across government a full suite of cyber tools, dashboards and services. The tools and their associated sensors feed network data back to a central dashboard, which gives both agencies and Homeland Security officials a bird’s-eye view of the government’s cyber landscape.

Lawmakers want to make it easier for agencies to put data collected under the initiative to good use.

On Friday, Reps. John Ratcliffe, R-Texas, and Ro Khanna, D-Calif., plan to introduce a bill that would codify CDM in federal law and expand the arsenal of cyber tools available under the program. Additionally, the Advancing Continuous Diagnostics and Mitigation Act would give all federal civilian agencies, as well as state, local and tribal governments, free access to the program.

The expansion would come as a growing number of cities across the country fall victim to ransomware attacks.

“Our government must have the necessary tools to protect Americans against the massive cybersecurity threats of the 21st century,” Khanna said in a statement. “The technology is there: we just have to ensure our agencies have the necessary tools to defend against hackers and cyber threats. A strong CDM program will be instrumental in that effort.”

Beyond expanding the program, the bill would make it easier for agencies to use information gathered under CDM to improve their cyber defenses. 

Under the legislation, Homeland Security officials would provide data analysis and visualization tools that would let agencies make sense of the traffic flowing across their networks. The department would also need to create policies for reporting cyber risks and incidents revealed by program data, and help agencies prioritize their cyber efforts.

The department would also regularly refresh the tools provided under the program to keep up with the latest security threats. Within 180 days of the bill’s approval, the agency would need to submit a report detailing its plans for keeping CDM relevant and effective in an evolving cyber landscape.

“As cyber threats continue to increase in frequency and complexity, we must constantly work to enhance our nation’s cyber defense capabilities,” Ratcliffe said in a statement.

Sens. John Cornyn, R-Texas, and Maggie Hassan, D-N.H., introduced an identical bill in July.