Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

House Committee Passes Bills Improving CISA Leadership and Authority

Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency (CISA). 

Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency (CISA). 

Referred to as the CISA Director Reform Act, the first of the bills (H.R. 5679) would amend the Homeland Security Act of 2002 so that the Director of CISA shall serve a term of five years. 

The amendment shall be applied beginning with the confirmation of the new Director of CISA, or on January 1, 2021, whichever comes first.

The bill was introduced on January 27, 2020, by Rep. John Katko [R-NY-24] and was co-sponsored by Rep. Cedric Richmond [D-LA-2], and Rep. James R. Langevin [D-RI-2]. 

Should it pass the U.S. House of Representatives and Senate and become law, the bill is expected to attract top talent and limit turnover within the position. 

The second bill (H.R. 5680), which is being referred to as the Cybersecurity Vulnerability Identification and Notification Act of 2020, also amends the Homeland Security Act of 2002 to provide CISA with the “legal tools to notify entities at risk of cybersecurity vulnerabilities in the enterprise devices or systems that control critical assets of the United States, and for other purposes.”

The bill covers operational and industrial control systems, distributed control systems, and programmable logic controllers, which represent systems “commonly used to perform industrial, commercial, scientific, or governmental functions or processes that relate to critical infrastructure.” Personal devices and systems are not covered.

As per the legislation, CISA’s Director will have the ability to issue subpoenas for the production of information that would help identify and notify the entity at risk. 

The subpoena authority covers situations when an Internet-connected system is identified with a vulnerability related to critical infrastructure and there were reasonable efforts made to identify the affected entity. 

The bill was introduced on January 27, 2020, by Rep. James R. Langevin [D-RI-2] and cosponsored by Rep. John Katko [R-NY-24], Rep. Cedric Richmond [D-LA-2], Rep. Bennie G. Thompson [D-MS-2], and Rep. Sheila Jackson Lee, [D-TX-18]. 

RelatedNew Legislation Would Require a Cybersecurity Coordinator in Every State

Related: Bipartisan Bill Aims to Reform NSA Surveillance of Americans

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.

CISO Conversations

In this edition of CISO Conversations, SecurityWeek speaks to two city CISOs, from the City of Tampa, and from Tallahassee.