US Cybersecurity and Infrastructure Agency: Trump signs bill to place new agency under DHS
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

US Cybersecurity and Infrastructure Agency: Trump signs bill to place new agency under DHS

The United States finally has its own cybersecurity defense agency.

Last week President Trump signed a bill formally approving the creation of a new Cybersecurity and Infrastructure Security Agency that will be under the auspices of the Department of Homeland Security.

The move marks a step in the right direction following the Trump administration’s decision earlier this year to axe the role of the White House Cybersecurity Advisor, an Obama-era creation that provided cybersecurity intel directly to the president. At the time, I held off on writing an article criticizing the decision for fear of appearing partisan, but I’ll go on the record now and say it was a misguided decision born more out of a desire to erase the legacy of the President’s predecessor than to make our country safer.

But, on Friday, to his credit and the credit of his administration, the President acquiesced and signed a bill calling for the creation of the government agency.

So, let’s spend a few minutes talking about the agency and why this is a significant step for this country – albeit one that probably should have been taken a few years ago.

Let’s hash it out.

The US Cybersecurity and Infrastructure Agency

Let’s start with the verbiage we’re using. “Creation” is probably a bit of a stretch, because at its essence this is really more of a rebranding, the so-called CISA act (this country has never seen an acronym it didn’t like) rebrands and reorganizes an already-existing agency called the National Protection and Programs Directorate (NPPD). It will now be known as the US Cybersecurity and Infrastructure Agency. The NPPD was already charged with overseeing both federal and civilian cybersecurity and has handled the brunt of the the DHS’ cyber-related projects since its inception in 2007.

So what’s changing?

Well, the scope is more-or-less the same as it’s always been, but now CISA will be empowered as a federal agency, which means more funding and more authority to impose directives. Both of those are considerable steps forward and illustrate that the government is putting more priority on national cyber defenses.

“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” said NPPD Under Secretary Christopher Krebs. “The changes will also improve the Department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”

Krebs will become the first director of CISA. Now that it’s a federal agency, CISA is on the same level of agencies like secret service and FEMA, though organizationally it is under the umbrella of the Department of Homeland Security.

Federal Data Privacy PolicyWhy did this CISA thing take so long?

Here’s where I’m going to tread lightly and try to avoid being partisan, but also try and be objective: politics. We’ve covered this before, but if this had been purely a matter of national security and doing what is in the best interest of the US, this would have been taken care of years ago.

Unfortunately, there are two issues that plague not just this decision, but every piece of legislation that relates to “the cyber.” The first, as was just alluded to, is general ignorance of the way technology, specifically the internet, works. Ron Wyden is the only Senator – or for that matter, member of Congress – that I could confidently say has even a solid idea. Case in point, Orrin Hatch, who retired this year following 42 years in the Senate, asked Mark Zuckerberg in a recent hearing – in all seriousness – how does Facebook make money?

Congress is not really the best-suited body to legislate on issues that move far faster than it can readily keep up with.

The other reason is pure political calculation. Following the elections of 2016, there was considerable foot-dragging from one party (and perhaps an over-politicization from the other) on shoring up US cyber defenses before 2018. A move, that in the eyes of many, would have cast legitimacy on the election interference that some believe tipped the scales in that 2016 election.

But, now that the 2018 elections are over and this is less of a political football, sure let’s do the right thing.

As always, leave any comments or questions below…

Hashed Out by The SSL Store is the voice of record in the SSL/TLS industry.

Author

Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.