The Cybersecurity and Infrastructure Security Agency Act addresses the White House for President Trump’s approval
A recently approved bill seeks to restructure the US Department of Homeland Security’s National Directorate of Protection and Programs (NPPD) to become a new cybersecurity agency. According to reports of specialists in digital forensics and information security, only the approval of President Trump is needed to make this concrete.
The Cybersecurity and Infrastructure Security Agency Act, which was passed in the Senate in October and in the House of Representatives this week, essentially reconverts NPPD as the Cybersecurity and Infrastructure Security Agency (CISA).
According to specialists in digital forensics from the International Institute of Cyber Security, CISA will be responsible for leading the programs to protect critical infrastructure and cyber security, develop associated policies and coordinate security matters with private sector and federal entities.
The new agency will have a cyber security division, an infrastructure security division and an emergency communications division. Christopher Krebs, the current undersecretary of the NPPD, will lead CISA.
“The reorganization will optimize cybersecurity within DHS, while improving its ability to engage with government and some industry sectors”, Krebs said in a statement this week. “Giving the NPPD a name that reflects what it really does will help to better protect the nation’s critical infrastructure and cybernetic platforms,” he added.
This law arises in a context of growing threats to the critical infrastructure and the US industry by rival nations and increasingly sophisticated cybercriminals groups. The concerns of the American government have been increasing over the past few months. Geopolitical tensions between the US and countries like China, Russia, North Korea, and Iran have only exacerbated those concerns.
However, the big question posed by experts in digital forensics is whether rearranging NPPD in a new agency really is a significant change in the interests of cybersecurity. “I’m concerned that the only name change does not elevate performance levels to what the nation needs,” says Alan Paller, a specialist in information security issues.
Paller points out that there has been some sort of internal battle between NPPD and the DHS Science and Technology Group, which is responsible for researching, developing, testing and evaluating technologies in support of the DHS mission.
On the other hand, Colin Bastable, an expert in cybersecurity, says that the feds need a cybersecurity division for businesses, non-federal assets and consumers, in a similar way to the FBI. “DHS will never address the problems that citizens and private companies face because of cybercrime because the main focus of DHS is the federal government,” says Bastable.
A federal cybersecurity office would focus on protecting Americans as consumers and employees, and the companies that employ them. It would be responsible for investigating and attacking the cyber criminal gangs and anticipating possible attacks.
“From the perspective of cybersecurity, DHS will always focus on federal infrastructure and critical systems,” says Bastable. “Despite how great the DHS structure is, it will never be enough to fight the cyber threats we face”.