According to a Congressional Budget Office (CBO) report released Nov. 21, the Advancing Cybersecurity Diagnostics and Mitigation Act, H.R. 4237, would cost less than $500,000 to implement over the next five years if the legislation becomes law.
The bill – which is co-sponsored by Reps. John Ratcliffe, R-Texas, and Ro Khanna, D-Calif., in the House and by Sens. John Cornyn, R-Texas, and Maggie Hassan, D-N.H., in the Senate – would “advance and modernize” the Department of Homeland Security’s (DHS) Continuous Diagnostics and Mitigation (CDM) program by not only codifying the CDM program into law, but also by expanding the program’s capabilities and resources to additional Federal agencies and state and local governments.
CBO notes that the primary cost of the bill would come from requiring the Cybersecurity and Infrastructure Agency (CISA) to report to Congress on implementation of the program and the effectiveness of CDM. “On the basis of information from CISA about similar reporting requirements, CBO estimates that implementing H.R. 4237 would cost less than $500,000 over the 2020-2024 period,” the report said.
If passed, the bill would:
- Codify the work of the CDM program to date;
- Require the DHS Secretary to make CDM capabilities available, and develop policies for reporting cyber risks and incidents based upon data collected under CDM;
- Direct the DHS Secretary to deploy new CDM technologies to continuously evolve the program;
- Require the DHS Secretary to make CDM program capabilities available for use to civilian departments and agencies, and state, local, and tribal governments; and
- Mandate that DHS develop a strategy to ensure the program continues to adjust to the cyber threat landscape.
The Senate companion bill, S. 2318, is still awaiting committee consideration after being introduced on July 30.