Rep. Cedric Richmond (D-La.) on Tuesday introduced a bill that would require the Department of Homeland Security to develop a formal cybersecurity strategy, part of a broader push among lawmakers to clarify the agency’s role in that area.
The legislation comes just days after a watchdog audit revealed that the agency has fallen behind in coordinating and training its cybersecurity staff, potentially exposing networks at two DHS agencies.
“While our audit showed improved coordination between DHS components in carrying out their cybersecurity functions, we have identified duplication of effort and lack of effective policies and controls,” said DHS Inspector General John Roth in a statement.
{mosads}Richmond’s bill lays out mandated responsibilities for the DHS strategy, including acting as a cross-sector hub for federal and civilian cyberthreat information sharing.
The bill would also require the agency to provide technical assistance — such as help attributing hacks and mitigating damage — to organizations that suffer a breach.
It joins a host of other bills seeking to codify the DHS’s cybersecurity responsibilities.
In the Senate, an amendment to the stalled Cybersecurity Information Sharing Act (CISA) would require all sensitive data to be funneled through DHS, thought to have some of the government’s best data privacy procedures.
The House version of the legislation, a pair of bills passed in April, gave companies legal liability protections when sharing cyber threat data with DHS.
Other bills seek to drastically expand the agency’s oversight over other agencies.
In the House, a bill put forward by House Homeland Security Chairman Michael McCaul (R-Texas) would give DHS the power to investigate other agencies’ networks and boot out digital intruders.
Currently, the agency has to request permission to either monitor or search other agencies’ networks.
A similar piece of legislation in the Senate would also give DHS the authority to search for intruders on any government network without a formal request.
Lawmakers in both chambers point to escalating cyberattacks on federal agencies and private companies as cause for urgency, in some cases combining different pieces of smaller legislation in order to ensure swift passage.
The House Cybersecurity, Infrastructure Protection and Security Technologies Subcommittee is scheduled to hold a markup of Richmond’s bill on Thursday.