Rep. John Ratcliffe, R-Texas, confirmed to MeriTalk that he will reintroduce the Advancing Cybersecurity Continuing Diagnostics and Mitigation (CDM) Act. His office said to expect the bill “within the next month or so.”
His legislation would join the Senate companion bill that was reintroduced on July 30 by Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas.
“I’m pleased that our efforts to codify and strengthen the CDM program have recently gained renewed traction with the introduction of a new Senate version of the Advancing Cybersecurity Continuing Diagnostics and Mitigation Act,” Rep. Ratcliffe told MeriTalk.
“I look forward to building upon this momentum with the reintroduction of our House companion bill in the coming weeks, so we can get this important legislation to the president’s desk,” the congressman said. “As cyber threats become increasingly sophisticated, we must actively work to improve our real-time response capabilities, so we can ensure our Federal, state and local networks are properly secured.”
The legislation would codify the Department of Homeland Security’s (DHS) CDM Program into law. CDM is a multibillion-dollar program aimed at safeguarding Federal agency networks by providing monitoring-as-a-service tools, which give agencies better knowledge of endpoints, data, and activities occurring on their networks.
The bill, which was introduced by Ratcliffe during the previous congressional session, would provide legislative backing to ensure that the CDM Program continues to employ leading-edge network monitoring technologies. It also would require the DHS Secretary to submit a strategy to Congress –within 180 days of the bill’s enactment – on how to carry out the program effectively.
While Ratcliffe’s bill passed in the House last year, the legislation stalled in the Senate. When the bill was reintroduced in the Senate this year, legislators did make a change from the previous legislation by adding a provision to require DHS to share cyber defense resources with state and local governments. Whether Ratcliffe’s legislation will include the new change is left to be seen.
“Cyber-attacks on government networks are increasing in frequency and sophistication, so updating the programs and tools federal agencies use to thwart these attempts is critical,” Sen. Cornyn said in a statement. “By codifying the CDM program and providing congressional oversight, we can ensure the Federal government is better prepared for cyber threats.”
If the House bill matches the Senate legislation, it would “provide a suite of cyber capabilities to provide real-time, continuous monitoring of the networks of Federal agencies.” More specifically, the bill would:
- “Codify the work of the CDM program to date;
- Require the [DHS] Secretary to make CDM capabilities available, at the Federal, state, and local level;
- Establish policies for reporting cyber risks and incidents based upon data collected under CDM;
- Direct the [DHS] Secretary to deploy new CDM technologies to continuously evolve the program; and
- Mandate that DHS develop a strategy to ensure the program continues to adjust to the cyber threat landscape.”
As legislators wait for the bill to move through Congress, the CDM program continues to grow throughout the government, and it has received significant funding support through the traditional appropriations process.
In a June draft of the FY2020 DHS budget, the House Appropriations Committee Homeland Security Subcommittee allocated $134.9 million more than the White House request, including $60 million to accelerate data protection and dashboard development, $51.8 million to support Federal network infrastructure modernization, $14 million to accelerate CISA’s mobile device protection deployments, and $9.1 million for other CDM enhancements, like dashboard visualization. In June MeriTalk published an update on CDM’s priorities and recent Federal agency success stories.