Trump signs bill that creates the Cybersecurity and Infrastructure Security Agency
The US now has an official federal cybersecurity agency.
US President Donald Trump signed today a bill into law, approving the creation of the Cybersecurity and Infrastructure Security Agency (CISA).
The bill, known as the CISA Act, reorganizes and rebrands the National Protection and Programs Directorate (NPPD), a program inside the Department of Homeland Security (DHS), as CISA, a standalone federal agency in charge of overseeing civilian and federal cybersecurity programs.
The NPPD, which was first established in 2007, has already been handling almost all of the DHS' cyber-related issues and projects.
As part of the DHS, the NPPD was the government entity in charge of physical and cyber-security of federal networks and critical infrastructure, and oversaw the Federal Protective Service (FPS), the Office of Biometric Identity Management (OBIM), the Office of Cyber and Infrastructure Analysis (OCIA), the Office of Cybersecurity & Communications (OC&C), and the Office of Infrastructure Protection (OIP).
As CISA, the agency's prerogatives will remain the same, and nothing is expected to change in day-to-day operations, but as a federal agency, CISA will now benefit from an increased budget and more authority in imposing its directives.
"Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation's critical infrastructure and cyber platforms," said NPPD Under Secretary Christopher Krebs. "The changes will also improve the Department's ability to engage with industry and government stakeholders and recruit top cybersecurity talent."
With its promotion to the rank of federal agency, CISA is now on the same level as the US Secret Service or FEMA, but still under the DHS' oversight. The new agency is expected to improve the cyber-security defenses across other US federal agencies, coordinate cyber-security programs with states, and bolster the government's overall cyber-security protections in the face of mundane criminals and nation-state hackers.