The House Homeland Security Committee on July 26 unanimously passed two bills to improve the government’s cybersecurity posture: the Cybersecurity and Infrastructure Security Agency Act of 2017 and the Cyber Vulnerability Disclosure Reporting Act.
The Cybersecurity and Infrastructure Security Agency Act creates a new agency within the Department of Homeland Security (DHS) to deal with cyber and infrastructure weaknesses.
“This bipartisan legislation that I introduced with the Ranking Member and several committee members for the first time authorizes and redesignates the National Protection and Programs Directorate (NPPD) as a cybersecurity and infrastructure security agency within the Department of Homeland Security,” said Rep. Michael McCaul, R-Texas. “This new operational agency will be led by a director, and will be comprised of three divisions: cybersecurity, infrastructure security, and emergency communications.”
“Enactment of this measure, which includes considerable input from DHS, will ensure that the Department is organized in a manner to effectively carry out both its cyber and infrastructure missions,” said Rep. Bennie Thompson, D-Miss.
The bill passed unanimously to the House floor and with no amendments.
The second bill, the Cyber Vulnerability Disclosure Reporting Act, would require DHS to detail how it is using vulnerability disclosure programs in a report to the House Homeland Security and Senate Homeland Security and Government Affairs committees within 240 days of the act’s enactment.
“The Cyber Vulnerability Disclosure Reporting Act requires the Secretary of Homeland Security to submit a report on policies and procedures developed for coordinating cyber vulnerability disclosures,” said Rep. Sheila Jackson Lee, D-Texas. “The report will include an annex with information on instances in which cybersecurity vulnerability disclosure policies and procedures are used to disclose details on identified weaknesses on computing systems that put digital devices at risk.”
The bill also passed unanimously and without amendment.