CISA: Cybersecurity and Infrastructure Security Agency


The Cybersecurity and Infrastructure Security Agency Act of 2017 was introduced by Rep. Michael McCaul (R-TX), to amend the Homeland Security Act of 2002 to solidify the National Protection and Programs Directorate’s (NPPD) place within the Department of Homeland Security. This watershed legislation will streamline the current structure of the NPPD and establish it as the Cybersecurity and Infrastructure Agency (CISA) to more effectively execute cybersecurity and critical infrastructure related authorities.


To learn more about CISA, click here.



Press Releases

McCaul Urges the Senate to Act on Bipartisan Cyber and Election Security Legislation

McCaul: CISA to Enhance Resilience of Critical Infrastructure

House Passes McCaul’s Landmark Cybersecurity Legislation

Signed Into Law: McCaul’s Historic Legislation Cementing Cybersecurity Agency at DHS

DHS: Congress Passes Legislation Standing Up Cybersecurity Agency in DHS 


Support for CISA

President Donald Trump: 

“Today, it’s my great honor to sign the Cybersecurity and Infrastructure Security Agency Act into law. The people behind me and alongside of me have been working long and hard on this for — actually, for years. And I want to congratulate them.


We’re grateful to be joined by House Majority Leader Kevin McCarthy. It’s very good. Majority Leader — that sounds good. Huh? Senator Ron Johnson, who’s been a fantastic ally and somebody who’s doing a really incredible job. And he chairs the Senate Committee on Homeland Security and Governmental Affairs. And Chairman Michael McCaul, who just had a great victory in Texas, and he’s in charge of the House Committee on Homeland Security. And, Michael, congratulations…


Every day, America’s adversaries are testing our cyber defenses. They attempt to gain access to our critical infrastructure, exploit our great companies, and undermine our entire way of life. And we can’t let that happen.


This vital legislation will establish a new agency within the Department of Homeland Security to lead the federal government’s civilian response to these cyber threats against our nation. We’ve had many, many threats against our nation. Cyber is going to be the newest form. And the threats have taken place, and we’ve been doing pretty good in knocking them out, but now we’ll be — this will make us, I think, much more effective. We’re putting people that are the best in the world, in charge. And I think we’re going to have a whole different ballgame. Cyber is, to a large extent, where it’s at nowadays.”


Read more.


Vice President, Mike Pence:

“The time has come for the Cybersecurity and Infrastructure Security Agency to commence. This agency will bring together the resources of our national government to focus on cybersecurity. And it’s an idea whose time has come.”


Secretary of Homeland Security, Kirstjen Nielsen:

“Today’s vote is a significant step to stand up a federal government cybersecurity agency. The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical. It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency. I thank Chairman Michael McCaul and Ranking Member Bennie Thompson for recognizing our critical role and both starting and completing this transformation in the House of Representatives. I also thank Chairman Ron Johnson and Ranking Member Claire McCaskill for their tireless support of the CISA Act in the Senate.”


NPPD Under Secretary, Christopher Krebs: 

“The CISA Act passing Congress represents real progress in the national effort to improve our collective efforts in cybersecurity. Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms. The changes will also improve the Department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”


Chairman of the Homeland Security and Governmental Affairs Committee, Sen. Ron Johnson:

“It is ridiculous that DHS needs an act of Congress to rename and reorganize an agency wholly within its jurisdiction. Nevertheless, I am glad the Senate passed the CISA bill to help the agency recruit talent and focus its efforts on protecting the homeland from cyber-attacks.” Read more.


Ranking Member of the Homeland Security and Government Affairs Committee, Sen. Claire McCaskill: 

“The creation of CISA within the department is a long overdue step that will strengthen DHS’s ability to execute its cyber mission and enhance coordination among our government’s cybersecurity efforts.”


Ranking Member of the Homeland Security Committee, Rep. Bennie Thompson: 

“Enactment of the Cybersecurity and Information Security Agency Act makes it clear – once again – that civilian cybersecurity efforts should be led by DHS. Re-branding DHS’s cyber arm and elevating it to an operational component – on par with FEMA and TSA – clarifies its mission while putting it on a path to build more robust cybersecurity capacity, boost morale, and better address threats. This long overdue bill was the result of years of bipartisan negotiation, and I want to thank leaders on both sides for their commitment to getting it done.”


General Petraeus at Washington Post Cybersecurity Summit 2018:

“You have now, legislation advanced through the House, that will strengthen very substantially within DHS, the National Cybersecurity and Critical Infrastructure Protection Agency. Elevating it from an office within a directorate to at least being equivalent of FEMA, and the Coast Guard, and TSA, and so forth. I personally think it could be elevated even further, but that is a good start. You have other legislation in the House that will help with the hiring of talented people by DHS again and throughout the federal government. All of these are issues that needed to be addressed, now they are being addressed, by a combination of, again, DHS and Congress with the Administration pushing this. So I think you see some momentum gathering now in response to a recognition of the very severe threats that are out there…”


CISA In The News


Washington Post Cybersecurity Summit 2018

“The Cybersecurity and Infrastructure security Act, it has bipartisan support, what it is meant to do is to recognize the import of the mission that we have at DHS. We are responsible as I mentioned earlier for federal efforts when it comes to both protecting critical infrastructure, working with the owner operators and private sector, but also to protect all of those civilian .govs, that’s all of the civilian agencies and all of their networks. To do that we have to have both a name that indicates that is what we do and we have to be able to streamline that organization so we can become more operational. We also want to pivot, and this is a main part of our strategy at DHS that was also reflected in the national strategy, away from particular assets in systems to a much more wholistic view of systemic risk that’s cross cutting interdependencies and how we can all play a part looking at the weakest link problem to attack it. That is what CISA will let us do… That takes time, but we passed all of those hurdles, we answered all those questions, we revised the text as necessary, I am very hopeful that we get this on the President’s desk for signature this year.” – Sec. Nielsen


The Washington Post: The Cybersecurity 202: ‘If you don’t have a brand, you’re not in the game.’ New DHS cyber chief wants to rename his agency 

“House Homeland Security Committee Chairman Michael McCaul (R-Tex.) has introduced a bill to rebrand the oddly named agency as the Cybersecurity and Infrastructure Security Agency — a more descriptive title that matches its mission of helping the nation’s critical infrastructure sectors respond to cyberthreats. It would also elevate the agency so that it has the same stature as other DHS units, such as the Federal Emergency Management Agency. It sounds like a simple change, and it has broad bipartisan support… The goal of McCaul’s legislation, called the Cybersecurity and Infrastructure Security Agency Act, is to create a more accessible hub within DHS for government agencies and the 16 critical infrastructure sectors the agency protects to coordinate responses to cyberthreats. It’s part of an overall expansion of DHS’s cybersecurity capabilities that has taken place in recent years that has raised the department’s profile as one of the government’s key cybersecurity authorities.”


Inside Cybersecurity: DHS cyber-agency bill may finally come to pass; will it make a difference?

“The bill was originally crafted by House Homeland Security Chairman Michael McCaul (R-TX) and passed that chamber last December. The Cybersecurity and Infrastructure Security Agency Act is intended to consolidate cyber functions at DHS within an agency that would replace the current National Protection and Programs Directorate headed up by Under Secretary Christopher Krebs.”


“What’s more important than a name change is transforming that organization from a DHS Headquarters element to a DHS operational component. This will in effect, elevate DHS’s cyber organization to the same standing as DHS’s other operational elements, such the Coast Guard, FEMA, and the Secret Service. That change alone will better help them carry out their mission. As a result, I strongly support the legislation.” – Michael Daniel, president and CEO of the Cyber Threat Alliance and former White House cybersecurity coordinator


Washington Post: The Cybersecurity 202: Trump set to make a new DHS agency the top federal cyber cop 

“CISA is the result of a long-fought battle to consolidate DHS’s authority on cybersecurity matters. An effort to create such an agency has been underway since the Obama administration, but it was hampered by lawmakers who felt the 14-year-old agency was not as equipped to deal with cyber threats as the National Security Agency or FBI. Earlier this week, the bill moved through the House with unanimous support — signaling lawmakers’ view on DHS’s role in handling civilian cybersecurity is evolving.”


POLITICO: Morning Cybersecurity, ‘Cybersecurity moonshot’ gets vote today

“The House on Tuesday evening sent a bill (H.R. 3359) to Trump reorganizing DHS’s main cyber division into the Cybersecurity and Infrastructure Protection Agency. Nielsen, Ratcliffe and others applauded the House for clearing the legislation. The measure, which Trump is expected to sign given that every leading DHS official and even Vice President Mike Pence lobbied for it, will “bolster public-private partnerships to help ensure businesses have the resources and support necessary before, during, and after a cyber incident,” said Christopher Roberti, the senior vice president for cyber, intelligence and security policy at the U.S. Chamber of Commerce.”


POLITICO: Morning Cybersecurity, What’s next for DHS cyber changeup

“Everybody’s pretty thrilled to see the CISA legislation finally get to the finish line. House Speaker Paul Ryan and sponsor Mike McCaul held a signing ceremony in honor of the occasion Wednesday.”


“The bill rightly gives the Department of Homeland Security the flexibility to organize its cybersecurity and critical infrastructure office to meet today’s threats and challenges, and grants the agency a name that truly matches its mission.”  – Ryan Gillis, VP of Cybersecurity Strategy and Policy at Palo Alto Networks


CNN: Trump signs measure overhauling DHS cybersecurity efforts

“President Donald Trump signed a measure Friday that renames and reorganizes a division within the Department of Homeland Security that works to reduce physical and cybersecurity threats to the country’s infrastructure. The directorate will be renamed the Cybersecurity and Infrastructure Security Agency and will operate with independence akin to the Secret Service. The goal of the new independence and autonomy of the office is to speed up the department’s efforts to protect the nation’s energy grid and critical infrastructure. The new agency will, among other responsibilities, head cybersecurity and infrastructure security programs. The legislation was sponsored by Texas Republican Rep. Michael McCaul, chairman of the House Committee on Homeland Security. He was present at the signing alongside incoming House Minority Leader Kevin McCarthy.”


FCW: DHS cyber re-org clears Congress

“The bill, which the president is expected to sign, will replace the National Protection and Programs Directorate with the new Cybersecurity and Infrastructure Security Agency. CISA will be an operational component with the Department of Homeland Security on the same level as Customs and Border Protection and the Transportation Security Administration. The agency’s leader Chris Krebs will report directly to the DHS Secretary.” US Congress Approves Creation of New, Centralized Federal Cybersecurity Agency

“On Tuesday, the U.S. House of Representatives voted to approve a bill that would reconfigure the Department of Homeland Security’s National Protection and Programs Directorate into the Cybersecurity and Infrastructure Security Agency (CISA). The House vote comes just a few weeks after the U.S. Senate approved the bill in late October…As laid out in House Resolution 3359, CISA would operate under the umbrella of the DHS, where its assigned responsibilities would encompass operations, programs and associated policy pertaining to infrastructure and cybersecurity.”