Expansion of CISA‘s Role in Cybersecurity and Infrastructure Security
Introduction
The Cybersecurity and Infrastructure Security Agency (CISA) has been given new responsibilities to protect the U.S. critical infrastructure, safeguard open-source software, and expand the cybersecurity workforce. The Senate Homeland Security and Governmental Affairs Committee advanced four bills that would require CISA to maintain a commercial public satellite system clearinghouse, create voluntary cybersecurity recommendations for the space sector, create a pilot civilian cyber reserve program to respond to incidents, and train employees at DHS who are not currently in cybersecurity positions to move to such a role.
Issues with CISA‘s Authorities
The increasing responsibilities and authorities given to CISA have been met with skepticism from many Republicans in both the House and Senate. They have expressed concerns about giving CISA more power, stating that Congress should limit its power instead of expanding it. Republicans fear that CISA‘s increasing authorities might turn it into a regulatory agency.
Securing Open-Source Software Act of 2023
The Securing Open-Source Software Act of 2023 was a direct response to the Log4Shell vulnerability found in the popular open source tool from Apache’s Log4J logging tool used throughout industry. The bill would require CISA to engage with the open source community, hire employees who have experience with open source programs, and help both federal agencies and the private sector with coordinated vulnerability disclosures.
Protecting Open-Source Software
The issues in protecting open-source programs, which are largely driven by volunteer developers, were a key consideration by the Biden administration, which held a summit with leaders in the community. Additionally, the Log4Shell vulnerability was the inaugural topic for DHS’s Cyber Safety Review Board. The bill would require CISA to develop a framework to assess the risks of open-source components, including an assessment of each open-source software component used “directly or indirectly by federal agencies.”
Satellite System Clearinghouse
CISA has been given the responsibility to maintain a commercial public satellite system clearinghouse and create voluntary cybersecurity recommendations for the space sector. The satellite bill would also require the Comptroller General to report to Congress on federal efforts to protect satellite systems. The National Space Council is required to establish a strategy outlining federal roles and responsibilities for agencies.
Expanding Cybersecurity Workforce
CISA has also been given the authorization to create a pilot civilian cyber reserve program to respond to incidents and to train employees at DHS who are not currently in cybersecurity positions to move to such a role. The framework is aimed at expanding the cybersecurity workforce, which is essential in fighting against the increasing number of cybersecurity threats to the U.S. infrastructure.
Conclusion
The expanding role and authorities given to CISA is a step in the right direction towards protecting the U.S. critical infrastructure from cybersecurity threats. However, concerns about CISA‘s authorities among Republicans might hinder future progress if not addressed. It is crucial to maintain a balance between strengthening CISA‘s authorities while ensuring it does not become a regulatory agency.
<< photo by Jonny Caspari >>
You might want to read !
- Microsoft Teams’ Security Features Under Scrutiny As Cyberattacks Increase
- The Rise of Pre-Infected Devices: Lemon Group’s Latest Tactic for Cybercrime
- “US Goes After Russian Ransomware Suspect with $10M Bounty”
- “Insights from RSAC Innovation Sandbox Judge: Exploring the Evolution of Cybersecurity Innovation”
- “Targeting Cybercriminals: U.S. Government Offers $10 Million Reward for Apprehension of Prominent Russian Ransomware Operator”
- “Staying Ahead of the Game: Strategies for Maintaining a Competitive Edge in Cybersecurity”
