Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency (CISA).
Referred to as the CISA Director Reform Act, the first of the bills (H.R. 5679) would amend the Homeland Security Act of 2002 so that the Director of CISA shall serve a term of five years.
The amendment shall be applied beginning with the confirmation of the new Director of CISA, or on January 1, 2021, whichever comes first.
The bill was introduced on January 27, 2020, by Rep. John Katko [R-NY-24] and was co-sponsored by Rep. Cedric Richmond [D-LA-2], and Rep. James R. Langevin [D-RI-2].
Should it pass the U.S. House of Representatives and Senate and become law, the bill is expected to attract top talent and limit turnover within the position.
The second bill (H.R. 5680), which is being referred to as the Cybersecurity Vulnerability Identification and Notification Act of 2020, also amends the Homeland Security Act of 2002 to provide CISA with the “legal tools to notify entities at risk of cybersecurity vulnerabilities in the enterprise devices or systems that control critical assets of the United States, and for other purposes.”
The bill covers operational and industrial control systems, distributed control systems, and programmable logic controllers, which represent systems “commonly used to perform industrial, commercial, scientific, or governmental functions or processes that relate to critical infrastructure.” Personal devices and systems are not covered.
As per the legislation, CISA’s Director will have the ability to issue subpoenas for the production of information that would help identify and notify the entity at risk.
The subpoena authority covers situations when an Internet-connected system is identified with a vulnerability related to critical infrastructure and there were reasonable efforts made to identify the affected entity.
The bill was introduced on January 27, 2020, by Rep. James R. Langevin [D-RI-2] and cosponsored by Rep. John Katko [R-NY-24], Rep. Cedric Richmond [D-LA-2], Rep. Bennie G. Thompson [D-MS-2], and Rep. Sheila Jackson Lee, [D-TX-18].
Related: New Legislation Would Require a Cybersecurity Coordinator in Every State
Related: Bipartisan Bill Aims to Reform NSA Surveillance of Americans