DHS Needs More Time to Submit NDAA-Mandated Cybersecurity Strategy to Congress, Official Says

Deputy Undersecretary-Cybersecurity Jeanette Manfra during a Tuesday House Homeland Security Cybersecurity Subcommittee hearing. DHS was mandated by the FY 2017 National Defense Authorization Act to submit the report to Congress by Thursday, but House Homeland Security members hadn't received it, said Subcommittee ranking member Cedric Richmond, D-La. DHS needs additional time to “ensure that the new administration has an opportunity to review and provide guidance on what that strategy should look like,” Manfra told the subcommittee: “We are working very hard on it, and this is something that we recognize as critical to our success and the next evolution for DHS cybersecurity.” Manfra said DHS has “made significant progress over the past year” on its cybersecurity programs, including its Continuous Diagnostics and Mitigation (CDM) and “Einstein” National Cybersecurity Protection System programs. GAO Director-Information Security Issues Gregory Wilshusen said the department made some progress in addressing GAO’s earlier concerns about the department’s implementation of CDM and Einstein. Lawmakers “need to ensure that these programs are agile enough to keep pace with the cybersecurity needs of federal agencies,” said Chairman John Ratcliffe, R-Texas. “We need to ensure DHS is properly leveraging private sector innovation and is able to quickly adopt cutting-edge technologies.”