Security News > 2020 > January > House Committee Passes Bills Improving CISA Leadership and Authority
Two bills approved this week by the House Homeland Security Committee were drafted to improve the leadership and legal authority of the Cybersecurity and Infrastructure Security Agency.
Referred to as the CISA Director Reform Act, the first of the bills would amend the Homeland Security Act of 2002 so that the Director of CISA shall serve a term of five years.
The second bill, which is being referred to as the Cybersecurity Vulnerability Identification and Notification Act of 2020, also amends the Homeland Security Act of 2002 to provide CISA with the "Legal tools to notify entities at risk of cybersecurity vulnerabilities in the enterprise devices or systems that control critical assets of the United States, and for other purposes."
The bill covers operational and industrial control systems, distributed control systems, and programmable logic controllers, which represent systems "Commonly used to perform industrial, commercial, scientific, or governmental functions or processes that relate to critical infrastructure." Personal devices and systems are not covered.
The subpoena authority covers situations when an Internet-connected system is identified with a vulnerability related to critical infrastructure and there were reasonable efforts made to identify the affected entity.