House Committee Focus on DHS Cybersecurity Division Reorganization Doesn't Reflect Priorities
The House Homeland Security Committee’s aim to make the Department of Homeland Security’s plan to reorganize the National Protection and Programs Directorate its first cybersecurity focus of 2016 is a reflection of timing rather than an indication that NPPD reorganization is a higher priority than other cybersecurity issues, cybersecurity-focused executives and lobbyists told us. But early consideration of the NPPD reorganization plan may be necessary, given ongoing industry concerns about the plan, executives and lobbyists said. DHS began seeking legislation last year to codify its planned reorganization of NPPD, which would rename it the Cybersecurity and Infrastructure Protection division (see 1509170038). House Homeland Security plans to file a bill on NPPD reorganization this spring (see 1601290058).
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
House Homeland Security typically works on several cybersecurity issues simultaneously, so its decision to bring up NPPD’s reorganization as its first cybersecurity issue in a formalized fashion is mostly a matter of that issue being the fastest to reach the stage where more public consideration can occur rather than an indication of how high a priority it is, Internet Security Alliance President Larry Clinton said. “It’s not a linear process.” House Homeland Security is also further examining potential incentives for companies to improve cybersecurity defenses, including new liability protections for companies that can show they're vigilant in upping their cybersecurity, an industry lobbyist said. The committee is also examining additional ways to further aid state and local governments on cybersecurity matters, the lobbyist said. The House passed two bills in 2015 that would assist state and local cybersecurity efforts -- the Strengthening State and Local Cyber Crime Fighting Act (HR-3490) and the State and Local Cyber Protection Act (HR-3869). The Senate hasn’t considered either bill.
House Homeland Security’s planned focus on NPPD reorganization “is a good thing,” given ongoing industry concerns about DHS’ reorganization plan, Clinton said. The NPPD reorganization, which Secretary of Homeland Security Jeh Johnson cleared, would bring together administration of the National Cybersecurity and Communications Integration Center with directorates focusing on infrastructure protection and security of federal buildings. The reorganization is meant to develop more unity among DHS officials who deal with the department’s cyber and physical security missions, but “some of us are concerned” about unifying those missions, Clinton said. “Historically, we’ve found that when you integrate cybersecurity with physical security, cybersecurity has tended to get lost in the shuffle.” Cybersecurity stakeholders “had to lobby for several years” for creation of a separate DHS assistant secretary for cybersecurity, so the planned reorganization could be a “step backward,” an industry executive said.
DHS’ decision to begin gathering support in 2015 for NPPD reorganization is also concerning because it’s occurring in the “waning days” of President Barack Obama’s administration, an industry executive said. “That’s the big concern I hear from folks in industry,” Clinton said. “Doing a massive reorganization of NPPD in the midst of moving through what’s frankly the exit ramp of the Obama administration could interrupt the progress that DHS has made on cybersecurity over the past few years.” ISA and other stakeholders have been pushing for DHS action on better implementing the National Institute of Standards and Technology’s Cybersecurity Framework and development of its own incentive programs. “Reorganizing NPPD right now seems like an odd choice given how many purely functional issues DHS has to deal with,” an industry executive said.