New legislation introduced by Sens. Maggie Hassan, D-N.H., and John Cornyn, R-Texas would codify into Federal law the Continuous Diagnostics and Mitigation (CDM) program, and provide for a pilot program for state and local governments to deploy the cybersecurity technologies that the CDM program offers.
The CDM program – operated by the Cybersecurity and Infrastructure Security Agency (CISA) – is one of the fundamental government programs that aims to improve Federal civilian agency cybersecurity. The program’s endpoint detection and response (EDR) requirements are a linchpin to the goals of President Biden’s 2021 cybersecurity executive order and its mandate that agencies migrate to zero trust security architectures.
The senators said the Advancing Cybersecurity Through Continuous Diagnostics and Mitigation Act would “codify the work of the CDM program to date.”
Beyond that, on the Federal level, the bill would take several other steps including:
- Establishing “policies for reporting cyber risks and incidents based upon data collected under the CDM program”;
- Direct the Department of Homeland Security (DHS) to “deploy new CDM technologies to continuously evolve the program, including for cloud technology”; and
- Direct DHS to develop a strategy to ensure the CDM program “continues to adjust to the cyber threat landscape.”
The legislation also would establish a pilot program to make “CDM capabilities available at the state and local level,” the senators said.
A copy of the bill was not immediately available.
Sen. Cornyn introduced similar legislation in 2019, which did not make it out of the Senate Homeland Security and Governmental Affairs Committee. One notable addition to the current bill compared to its predecessor is the provision for codifying the CDM program into Federal law.
“Cyberattacks on government networks are increasing in frequency and sophistication, so updating the programs and tools Federal agencies use to thwart these attempts is critical,” said Sen. Cornyn. “By codifying the CDM program and providing congressional oversight, we can ensure the Federal government is better prepared for cyber threats.”
“Cyberattacks pose a grave threat to our national security and our economy,” Sen. Hassan said. “Our bipartisan bill will help the Federal government stay on top of emerging cyber threats, as well as provide critical resources to state and local governments to help strengthen their defenses. I will keep working with Senator Cornyn to build support for this commonsense, bipartisan bill.”