US Congressman John Ratcliffe, yesterday introduced a bill that would officially codify the Department of Homeland Security's (DHS) Continuous Diagnostics Mitigation (CDM) cyber-security programme, and allow the agency to modernise it to keep up with evolving threats and emerging technologies.
DHS' CDM program provides the federal government with automation capabilities and tools for monitoring vulnerabilities and unauthorised network activity, and identifying and prioritising security risks for mitigation. "Our goal with this new legislation is to help boost the long-term success of the CDM programme by ensuring it keeps pace with the cutting-edge capabilities in the private sector," said Ratcliffe, chairman of the Cybersecurity and Infrastructure Protection Subcommittee on the House Homeland Security Committee, in a press release. "We're also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors."
Dubbed the Advancing Cybersecurity Diagnostics and Mitigation Act, the proposed legislation would amend the Homeland Security Act of 2002 to officially grant the DHS secretary the power to, in its own words, "deploy, operate and maintain" a CDM program that would "develop and provide the capability to collect, analyse and visualise government-wide information relating to security data and cybernetics risks."
The CDM programme would make its capabilities and tools available to any federal agency, while helping officials set information security priorities and developing procedures for "reporting systemic cyber-security risks and potential incidents based upon data collected..."
If passed, the bill would give the DHS secretary 180 after its enactment to develop the new-and-improved CDM strategy.
"At the end of the day, cyber-security is national security -- and that means we've got to ensure we're addressing the dangers at our digital borders through risk-based, cost-effective strategies enabled by programmes like CDM," Ratcliffe continued. "I'm hopeful for the strong support of our bill to back this important mission, as the cyber-threats we face continue to evolve."
Gregory Wilshusen, the US Government Accountability Office's director of information security issues, provided testimony to a Congressional committee last April, stating that DHS was falling behind schedule as it implemented its CDM programme.