OFFICIALS LEGISLATION INTEREST GROUPS PUBLIC STATEMENTS COMMITTEES VETOES

Advancing Cybersecurity Diagnostics and Mitigation Act

Floor Speech

Date: Sept. 4, 2018
Location: Washington, DC
Issues: National Security

Mr. Speaker, I rise in support of H.R. 6443, the Advanced Cybersecurity Continuous Diagnostics and Mitigation Act.

Mr. Speaker, H.R. 6443 would codify the existing Continuous Diagnostics and Mitigation, or CDM, program within the Department of Homeland Security's National Protection and Programs Directorate, NPPD.

CDM is an important part of our national approach to securing Federal networks. Through CDM, DHS works with Federal agencies to identify, purchase, and integrate cybersecurity tools and services to help defend their networks against cyber attacks.

By taking advantage of bulk pricing, CDM allows agencies to purchase security services at a discounted rate and, in turn, devote more of their limited resources to carrying out their missions. Another benefit of the program is that it enables DHS to track threats to agency networks, giving the Department a more holistic view of the threat landscape.

Still, given the enormous challenges associated with protecting such a massive and diverse set of networks, it is not surprising that DHS has, at times, struggled.

For instance, in rolling out CDM, DHS officials mapped four phases of implementation where, in the first phase, agencies would identify all the assets and devices on their networks.

At the time, DHS projected that the last phase, which is focused on protecting the data that agencies store, would begin being tackled in 2017. Unfortunately, the CDM deployment schedule has been plagued with across-the-board delays, starting with the implementation of phase 1, which took years. As a result of these delays, the data housed on agency networks--what the bad guys are really after--remains less secure than might otherwise have been.

H.R. 6443 would address CDM's challenges in a few ways, for example, by asking DHS to reconsider its phased approach to implementation and examine opportunities to streamline adoption of CDM technologies.

This bill would also require DHS to develop a comprehensive strategy that addresses deployment challenges, areas where greater coordination is needed, and recommendations for continuous improvement.

Finally, H.R. 6443 adds specificity to DHS' responsibilities under CDM and includes robust reporting requirements to inform congressional oversight.

Every year, Federal networks get hit by tens of thousands of attempted intrusions, many of them sophisticated, state-sponsored attacks. We have seen time and again the cost and damage that can flow from a high-profile Federal breach. As such, we need CDM to work.

BREAK IN TRANSCRIPT

Mr. THOMPSON of Mississippi. Mr. Speaker, I have no further speakers on this bill, and I yield myself the balance of my time.

Mr. Speaker, H.R. 6443 seeks to improve DHS' capacity to carry out one of its more important homeland security missions: the protection of Federal agency networks.

Over the past decade, we have seen the number of cyber attacks against Federal agencies rise by more than 1,000 percent. Last year alone, the Office of Management and Budget reported that Federal agencies experienced more than 35,000 cybersecurity incidents. A challenge of this magnitude cannot be undertaken by each agency on its own. They need help.

That is where the CDM program comes in. By authorizing CDM in law, DHS and its agency partners can confidently move forward to bolster Federal network security. By requiring the Department to revisit its implementation plans and work to finally resolve its longstanding CDM challenges, H.R. 6443 puts the program on an even more secure footing.

Mr. Speaker, I urge my colleagues to support this bipartisan legislation, and I yield back the balance of my time.

BREAK IN TRANSCRIPT


Source
arrow_upward