U.S. House passes new CISA reporting requirements, public-private security partnerships and DHS improvements

The U.S. House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 last week with a number of homeland security-related amendments, including measures that would strengthen the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Homeland Security (DHS).

Among the measures included in the NDAA, H.R. 4350, a notable amendment included a measure that would require CISA to develop reporting procedures for cybersecurity incidents. Such procedures would mandate reporting by covered critical infrastructure owners and operators. They would have to provide the cybersecurity incidents to a new office within CISA: the Cyber Incident Review Office. 

“I am pleased by the overwhelming bipartisan support in the House for homeland security measures that tackle everything from DHS’ historic morale problems, to human trafficking, to cybersecurity and transportation security,” U.S. Rep Bennie Thompson (D-MS), chairman of the House Homeland Security Committee, said. “The amendments authorizing mandatory cyber incident reporting and the CyberSentry program – two major cybersecurity priorities – underscore the bipartisan interest in strengthening CISA’s capabilities to support the private sector that is being barraged with more frequent and increasingly sophisticated cyber attacks.”

In the case of the CyberSentry program alluded to by Thompson, a separate amendment would authorize creation of a new program under CISA to more closely align business and government in dealing with cyberthreats. Specifically, it would allow CISA to initiate voluntary partnerships with priority Industrial Control System (ICS) owners and operators, essentially creating a public-private partnership for monitoring and detection of cyber threats. 

A third measure clinging to the broader NDAA was an amendment consisting of 19 House-passed legislative provisions. Each deals with improving homeland security, both through strengthening the DHS itself, as well as related research and development efforts, cyber and transportation security, and more. 

All three of these amendments were sponsored in part by Thompson, though he was joined by a bipartisan collection of colleagues on individual measures. Both the cyber incident reporting measure and CyberSentry measures were also backed by U.S. Reps. Yvette Clarke (D-NY), John Katko (R-NY) and Andrew Garbarino (R-NY). The general homeland security improvements were backed by Thompson and Katko. 

“Once enacted, CISA will be on the path to getting the information it needs to identify malicious cyber campaigns early, gain a greater understanding of the cyber threat landscape, and be a better security partner to its critical infrastructure partners,” Thompson said.