DHS Late in Submitting CyberSec Strategy to Congress

Cybersecurity , Legislation , Risk Assessments

Official: Policy Due on March 23 Could Be Months Away from Being Submitted DHS Late in Submitting CyberSec Strategy to CongressDHS Acting Deputy Undersecretary Jeanette Manfra testifies before a House panel.

The Department of Homeland Security, which missed meeting last week's deadline for submitting a new cybersecurity strategy to Congress, could be months away from providing lawmakers with that policy, a top DHS cybersecurity policymaker says.

See Also: Three and a Half Crimeware Trends to Watch in 2017

"We're working on the strategy," Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications, testified at a hearing of the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection on March 28. "We do need time to insure that the new administration has an opportunity to review and provide guidance on what that strategy should look like."

When pressed on a timetable by Rep. Cedric Richmond, R-La., Manfra responded: "Our goal is to get it within next couple months."

Why the Delay?

The delay is understandable, as the Trump administration focuses on other issues - healthcare, tax reform and immigration - and slowly builds its cybersecurity team at the White House and DHS. It was only two weeks ago that Assistant to the President Thomas Bossert revealed that National Security Agency veteran Rob Joyce would fill the role of White House cybersecurity coordinator. At DHS, top cybersecurity policy positions remain open. Besides Manfra's job, the head of DHS's National Protection and Programs Director - a DHS undersecretary - is vacant as is the assistant secretary for cybersecurity and communications. NPPD is the DHS unit responsible for the cyber protection of federal agencies and the nation's critical infrastructure.

Congress last year enacted the National Defense Authorization Act. That law directed DHS's secretary to develop a departmental cybersecurity strategy and submit it to Congress within 90 days, which would have been March 23. The strategy, including an implementation plan, would cover strategic and operational goals and priorities, including cybersecurity initiatives.

$1.5 Billion Budget for Cybersecurity

Manfra said the $1.5 billion President Donald Trump proposes to budget to DHS safeguard federal IT and critical infrastructure represents an increase in spending.

Since taking office on Jan. 20, the Trump administration has been working on a cybersecurity executive order, with at least three drafts being circulated among stakeholders (see Latest Executive Order Draft Promotes Risk-Based Approach). A final version of the executive order isn't expected for several weeks or months.