U.S. Congressman John Ratcliffe, R-Tex., yesterday introduced a bill that would officially codify the Department of Homeland Security's (DHS) Continuous Diagnostics Mitigation (CDM) cybersecurity program, and allow the agency to modernize it to keep up with evolving threats and emerging technologies.
DHS' CDM program provides the federal government with automation capabilities and tools for monitoring vulnerabilities and unauthorized network activity, and identifying and prioritizing security risks for mitigation. "Our goal with this new legislation is to help boost the long-term success of the CDM program by ensuring it keeps pace with the cutting-edge capabilities in the private sector," said Ratcliffe, chairman of the Cybersecurity and Infrastructure Protection Subcommittee on the House Homeland Security Committee, in a press release. "We're also safeguarding agencies from getting stuck with technologies that will soon become outdated or unsupported by their vendors."
Dubbed the Advancing Cybersecurity Diagnostics and Mitigation Act, the proposed legislation would amend the Homeland Security Act of 2002 to officially grant the DHS secretary the power to, in its own words, "deploy, operate and maintain" a CDM program that would "develop and provide the capability to collect, analyze and visualize government-wide information relating to security data and cybernetics risks."
The CDM program would make its capabilities and tools available to any federal agency, while helping officials set information security priorities and developing procedures for "reporting systemic cybersecurity risks and potential incidents based upon data collected..."
If passed, the bill would give the DHS secretary 180 after its enactment to develop the new-and-improved CDM strategy.
“At the end of the day, cybersecurity is national security -- and that means we've got to ensure we're addressing the dangers at our digital borders through risk-based, cost-effective strategies enabled by programs like CDM," Ratcliffe continued. "I'm hopeful for the strong support of our bill to back this important mission, as the cyberthreats we face continue to evolve.”
Gregory Wilshusen, the U.S. Government Accountability Office's director of information security issues, provided testimony to a Congressional committee last April, stating that DHS was falling behind schedule as it implemented its CDM program.