These legislative actions have long been sitting on desk tops waiting for the right moment to introduce and pass, now over to the Senate. When fully passed, it will be a great launch of additional security for the new DHS Secretary, John Kelly.
Assuring that the “House Committee on Homeland Security continues its efforts to shield the homeland and protect Americans right out of the gate in the 115th Congress,” committee chairman Michael McCaul’s (R-TX) office said Tuesday “the House passed 17 Committee bills that touch on a wide array of homeland security issues—from the security of our border, transportation and cyber networks, to counterterrorism, first responder capabilities and ensuring the Department of Homeland Security [DHS] runs efficiently.
“The 17 bills that passed the House today are all unified in their purpose to better protect our homeland and our people,” McCaul said in a statement, noting, “These bills improve our border security, transportation security and cybersecurity defenses, enhance first responder capabilities and streamline the management efficiency of [DHS]. My committee is working to get common sense legislation signed into law as soon as possible and make our country safer by doing so.”
Six of the bills passed Tuesday were sponsored by Democrats, Rep. Bennie G. Thompson (D-MS), ranking member of the House Committee on Homeland Security, pointed out.
Thompson said his legislation, the “Department of Homeland Security Clearance Management and Administration Act … which previously passed the House in 2015, makes specific reforms in how DHS identifies positions that warrant clearances, how it investigates and homeland security manages its security clearance processes. Specifically, it addresses dates for clearances, and how it administers its adjudications, denials, suspensions, revocations and appeals processes.”
“This legislation … seeks to improve how DHS manages its clearance process at all stages—from decisions on whether to designate positions as requiring clearances to ensuring uniformity in how clearances are adjudicated, suspended, denied and revoked. My bill will make DHS a leader among federal agencies with respect to security clearance and position designations practices. It is critical we put DHS on a path to right-sizing the number of classified positions in its workforce. I thank my colleagues for supporting it and urge the Senate to recognize the necessity to pass this legislation.”
The 17 passed by the full House include:
The DHS Acquisition Documentation Integrity Act of 2017, introduced by Rep. Bonnie Watson Coleman (D-NJ). It would require the DHS Secretary to request component heads to maintain specific types of acquisition documentation.
The DHS Stop Asset and Vehicle Excess (SAVE) Act, introduced by Rep. Scott Perry (R-PA), would direct the Under Secretary for Management of the Department of Homeland Security to make certain improvements in managing DHS’s vehicle fleet.
The Medical Preparedness Allowable Use Act, introduced by Rep. Gus Bilirakis (R-FL), would amend the Homeland Security Act of 2002 to codify authority under existing grant guidance authorizing the use of Urban Area Security Initiative and State Homeland Security Grant Program funding for enhancing medical preparedness, medical surge capacity and mass prophylaxis capabilities.
The Border Security Technology Accountability Act of 2017, introduced by Rep. Martha McSally (R-AZ), would strengthen accountability for deployment of border security technology at DHS and for other purposes.
The Counterterrorism Advisory Board Act of 2017, introduced by Rep. John Katko (R-NY), would establish a board in the Department of Homeland Security to coordinate and integrate departmental intelligence, activities, and policy related to counterterrorism.
The Transit Security Grant Program Flexibility Act, introduced by Rep. Dan Donovan (R-NY), would clarify certain allowable uses of funds for public transportation security assistance grants and establish periods of performance for such grants, and for other purposes.
The Cyber Preparedness Act of 2017, introduced by Rep. Dan Donovan (R-NY), would enhance preparedness and response capabilities for cyberattacks and bolsters the sharing of information related to cyber threats.
The United States-Israel Cybersecurity Cooperation Enhancement Act of 2017, introduced by Rep. James Langevin (D-RI), would establish a grant program at DHS to promote cooperative research and development between the United States and Israel on cybersecurity.
The Fusion Center Enhancement Act of 2017, introduced by Rep. Lou Barletta (R-PA), would enhance the partnership between DHS and the National Network of Fusion Centers.
The Securing the Cities Act of 2017, introduced by Rep. Dan Donovan (R-NY) would establish the Securing the Cities program, which will enhance the ability of the United States to detect and prevent terrorist attacks and other high consequence events utilizing nuclear or other radiological materials that pose a high risk to homeland security in high-risk urban areas.
The Airport Perimeter and Access Control Security Act, introduced by Rep. William Keating (D-MA), would require the Transportation Security Administration to update risk assessments at airports—specifically along airport perimeters and points of access to secure areas—and report to Congress strategic plans to increase security measures.
The Department of Homeland Security Insider Threat and Mitigation Act of 2017, introduced by Rep. Peter King (R-NY), would require the DHS Secretary to establish an insider threat program within the department.
The CBRN Intelligence and Information Sharing Act of 2017, introduced by Rep. Martha McSally (R-AZ), would amend the Homeland Security Act of 2002 to establish chemical, biological, radiological and nuclear intelligence and information sharing functions of DHS’s Office of Intelligence and Analysis and to require dissemination of information analyzed by the department to entities with responsibilities relating to homeland security.
The Department of Homeland Security Support to Fusion Centers Act of 2017, introduced by Rep. Martha McSally (R-AZ), would require an assessment of fusion center personnel needs.
The First Responder Access to Innovative Technologies Act, introduced by Rep. Donald Payne Jr. (D-NJ), reported this week by Homeland Security Today, would direct FEMA to develop a uniform process for reviewing grant applications seeking to purchase equipment or systems that do not meet or exceed applicable national voluntary consensus standards using funds from the Urban Area Security Initiative or the State Homeland Security Grant Program.
The Gains in Global Nuclear Detection Architecture Act, introduced by Rep. Cedric Richmond (D-LA), would direct DHS’s Domestic Nuclear Detection Office (DNDO) to develop and maintain documentation that provides information on how the Office’s research investments align with gaps in the Global Nuclear Detection Architecture and the research challenges identified by the DNDO Director.
The Department of Homeland Security Clearance Management and Administration Act, introduced by Rep. Bennie Thompson (D-MS), would improve the management and administration of the security clearance processes throughout DHS.
The House also passed the First Responder Identification of Emergency Needs in Disaster Situations Act sponsored by Rep. Sheila Jackson Lee (D-TX).
*** When it comes to cyber and cyber protections, things are not so rosy.
The extent to which the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) has taken steps to perform each of its 11 statutorily required cybersecurity functions — such as being a federal civilian interface for sharing cybersecurity-related information with federal and nonfederal entities — the degree to which the center has adhered to the 9 principles required by the National Cybersecurity Protection Act of 2014 to perform its cybersecurity functions “is unclear because the center has not yet determined the applicability of the principles to all 11 functions, or established metrics and methods by which to evaluate its performance against the principles,” according to new Government Accountability Office (GAO) audit report.
NCCIC manages programs that provide data used in developing 43 products and services in support of its functions, including monitoring network traffic entering and exiting federal agency networks, and analyzing computer network vulnerabilities and threats. NCCIC products and services also are provided to its customers in the private sector; federal, state, local, tribal and territorial government entities; and other partner organizations. For example, NCCIC issues indicator bulletins, which can contain information related to cyber threat indicators, defensive measures and cybersecurity risks and incidents, and help to fulfill its function to coordinate the sharing of such information across the government.
GAO reported it “identified instances where NCCIC had implemented its functions in accordance with one or more of the principles. For example, consistent with the principle that it seek and receive appropriate consideration from industry sector-specific, academic, and national laboratory expertise, NCCIC coordinated with contacts from industry, academia and the national laboratories to develop and disseminate vulnerability alerts.”
But, “On the other hand,” GAO said it “also identified instances where the cybersecurity functions were not performed in accordance with the principles. For example, NCCIC is to provide timely technical assistance, risk management support and incident response capabilities to federal and nonfederal entities; however, it had not established measures or other procedures for ensuring the timeliness of these assessments. Until NCCIC determines the applicability of the principles to its functions and develops metrics and methods to evaluate its performance against the principles, the center cannot ensure that it is effectively meeting its statutory requirements.”
GAO said it further “identified factors that impede NCCIC’s ability to more efficiently perform several of its cybersecurity functions. For example, NCCIC officials were unable to completely track and consolidate cyber incidents reported to the center, thereby inhibiting its ability to coordinate the sharing of information across the government. Similarly, NCCIC may not have ready access to the current contact information for all owners and operators of the most critical cyber-dependent infrastructure assets. This lack could impede timely communication with them in the event of a cyber incident.”
GAO warned that, “Until NCCIC takes steps to overcome these impediments, it may not be able to efficiently perform its cybersecurity functions and assist federal and nonfederal entities in identifying cyber-based threats, mitigating vulnerabilities and managing cyber risks.”
In its written comments on a draft of GAO’s audit, DHS concurred with all nine recommendations.
DHS “also provided details about steps that it plans to take to address each of the recommendations, including estimated time frames for completion. If effectively implemented, these actions should enhance the effectiveness and efficiency of NCCIC in performing its statutory requirements,” GAO reported.
To more fully address the requirements identified in the National Cybersecurity Protection Act of 2014 and the Cybersecurity Act of 2015, GAO recommended that the DHS Secretary take the following nine actions:
- Determine the extent to which the statutorily required implementing principles apply to NCCIC’s cybersecurity functions.
- Develop metrics for assessing adherence to applicable principles in carrying out statutorily required functions.
- Establish methods for monitoring the implementation of cybersecurity functions against the principles on an ongoing basis.
- Integrate information related to security incidents to provide management with more complete information about NCCIC operations.
- Determine the necessity of reducing, consolidating, or modifying the points of entry used to communicate with NCCIC to better ensure that all incident tickets are logged appropriately.
- Develop and implement procedures to perform regular reviews of customer information to ensure that it is current and reliable.
- Take steps to ensure the full representation of the owners and operators of the nation’s most critical cyber-dependent infrastructure assets.
- Establish plans and time frames for consolidating or integrating the legacy networks used by NCCIC analysts to reduce the need for manual data entry.
- Identify alternative methods to collaborate with international partners, while ensuring the security requirements of high-impact systems.