H.R. 6443, Advancing Cybersecurity Diagnostics and Mitigation Act

Floor Situation

On Tuesday, September 4, 2018, the House will consider H.R. 6443, the Advancing Cybersecurity Diagnostics and Mitigation Act, under suspension of the rules. This bill was introduced on July 19, 2018 by Rep. John Ratcliffe (R-TX) and was referred to the Committee on Homeland Security, which ordered the bill reported, as amended, by unanimous consent on July 24, 2018.

Summary              

H.R. 6443 codifies and defines the activities of the continuous diagnostics and mitigation (CDM) program at the Department of Homeland Security (DHS). The bill requires the Secretary of Homeland Security to deploy, operate, and maintain the CDM program, developing and providing capabilities to collect, analyze, and visualize information related to security data and cybersecurity risk.

H.R. 6443 requires the Secretary to make these capabilities available, with or without reimbursement. The Secretary is also required to develop policies and procedures for reporting systemic cybersecurity risks and potential incidents based upon data collected under CDM. The bill requires the Secretary to regularly deploy new CDM technologies and modify existing CDM capabilities to continuously improve the program.

Additionally, the bill also requires the Secretary to ensure timely, actionable, and relevant cybersecurity risk information, assessments, and analysis are provided in real time while ensuring all raw data is made available to the National Cybersecurity and Communications Integration Center (NCCIC). Finally, the bill requires DHS to develop a strategy to ensure the program continues to evolve and adjust to the changing cyber threat landscape and requires the strategy to be shared with Congress.

Background

DHS’s National Protection and Programs Directorate (NPPD) is currently in the process of implementing a four-phase rollout of CDM capabilities at participating federal agencies. The CDM program office has been working with federal civilian agencies and departments, including the 24 Chief Financial Officer (CFO) Act agencies to deploy CDM functionality since 2013. To provide near real time effective continuous monitoring and mitigation, agencies and DHS will not only need to implement all four phases and deploy CDM dashboards, but also evolve cybersecurity tools to address the growing threats the federal enterprise faces. CDM tools and data provide individual agencies improved visibility and understanding of their systems and networks.

The CDM program also provides DHS with broad situational awareness and places DHS in a strong position to leverage individual agency data to identify, respond to, and mitigate cybersecurity vulnerabilities and threats. In this way, DHS can utilize CDM to consolidate some of the federal government’s cybersecurity responsibilities, allowing agencies to focus on the specific and unique cybersecurity risks their agency is facing.[1]

Cost

The Congressional Budget Office (CBO) estimates that enacting H.R. 6443 would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2029.

Staff Contact

For questions or further information please contact Jake Vreeburg with the House Republican Policy Committee by email or at 2-1374.