Rep. John Ratcliffe, R-Texas, introduced legislation today to codify into law the Department of Homeland Security’s Continuous Diagnostics and Mitigation (CDM) Program, in order “to advance and modernize” the program and ensure procedural policies for it.
“Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector,” Ratcliffe said in a statement today. “We’re also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors.”
The bill would require DHS “to develop policies and procedures for reporting systemic cybersecurity risks and potential incidents on data collected under CDM” and “regularly deploy new technologies” in order to keep pace with market trends and advancements in cybersecurity monitoring software. If enacted into law, the bill will require the DHS Secretary to submit a strategy to carry out the program within 180 days.
CDM is a multibillion dollar program aimed at safeguarding Federal agency networks by providing monitoring-as-a-service tools to know what is occurring on those networks at all times. DHS is currently is the process of awarding task orders–with a potential value of up to $3.4 billion–to support Phase 3 of the program at all of the CFO Act agencies excluding the Defense Department.
DHS coordinates CDM implementation for all the agencies, an effort led by DHS’ National Protection and Programs Directorate (NPPD). Ratcliffe pledged his support to that mission and NPPD’s leader today.
“Supporting DHS Under Secretary Krebs’ effective deployment and ongoing improvement of CDM at NPPD is a top priority of the Cybersecurity and Infrastructure Protection Subcommittee,” said Ratcliffe, the chairman of the subcommittee, which falls under the House Homeland Security committee.
“At the end of the day, cybersecurity is national security – and that means we’ve got to ensure we’re addressing the dangers at our digital borders through risk-based, cost-effective strategies enabled by programs like CDM,” he said.