Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas, reintroduced the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act on July 30.
In a move to shore up both Federal and state and local cybersecurity, the legislation, obtained by Inside Cybersecurity, would both enshrine the Continuous Diagnostics and Mitigation (CDM) Program, currently spearheaded by the Department of Homeland Security (DHS)’s Cybersecurity and Infrastructure Security Agency (CISA), into law and make cybersecurity resources available to state and local governments.
The legislation, first introduced during the last Congressional session, is designed to help update and improve Federal agencies’ cybersecurity posture. In a change from last year’s bill, the legislators added a provision to require DHS to share cyber defense resources with state and local governments
“Cyber-attacks on government networks are increasing in frequency and sophistication, so updating the programs and tools federal agencies use to thwart these attempts is critical,” Senator Cornyn said in a statement. “By codifying the CDM program and providing congressional oversight, we can ensure the Federal government is better prepared for cyber threats.”
If passed, the bipartisan legislation would “provide a suite of cyber capabilities to provide real-time, continuous monitoring of the networks of Federal agencies.” More specifically, the bill would:
- “Codify the work of the CDM program to date;
- Require the [DHS] Secretary to make CDM capabilities available, at the Federal, state, and local level;
- Establish policies for reporting cyber risks and incidents based upon data collected under CDM;
- Direct the [DHS] Secretary to deploy new CDM technologies to continuously evolve the program; and
- Mandate that DHS develop a strategy to ensure the program continues to adjust to the cyber threat landscape.”
As CISA waits for the legislation to move through Congress, the CDM program continues to grow and spread throughout the government. Outside of this bill, Congress has already indicated its support for CDM and interest in seeing the program grow. In a June draft of the FY2020 Department of Homeland Security (DHS) budget, the House Appropriations Committee Homeland Security Subcommittee allocated $134.9 million more than the White House request, including $60 million to accelerate data protection and dashboard development, $51.8 million to support Federal network infrastructure modernization, $14 million to accelerate CISA’s mobile device protection deployments, and $9.1 million for other CDM enhancements, like dashboard visualization. Late last month, MeriTalk published an update on CDM’s priorities and recent Federal agency success stories.
During the previous Congress, a companion bill was introduced in the House and passed by the House Homeland Security Committee. The legislation was sponsored by Rep. John Ratcliffe, R-Texas. Given Ratcliffe’s recent nomination to be the new director of national intelligence, it is unclear if there will be a companion bill during the current Congress and who will sponsor it.
Please save the date, October 10, for MeriTalk’s CDM Central: Navigating the Cyber Roadmap event. Details coming soon…until then contact email@example.com