On the Hill, Cybersecurity and Infrastructure Security Agency Director Chris Krebs made the case for his agency’s FY2020 $3.17 billion budget request – which represents a cut over FY2019 funding levels – during an April 30 House Committee on Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection, and Innovation hearing. In a rare move, there was strong bipartisan support for increasing the funding request and providing more funding to help improve the nation’s cybersecurity posture.
During the hearing, which experienced a lengthy delay due to legislators being busy with other votes, both Krebs and William Bryan, senior official performing the duties of the under secretary, Science and Technology Directorate (S&T), Department of Homeland Security (DHS), testified before the Subcommittee.
However, before testimony could begin, leaders on both sides of the aisle raised serious concerns over the funding cut, stressed the importance of the work CISA and S&T do and urged an increase to the budget request.
Homeland Security Chairman Bennie Thompson, D-Miss., argued that “[m]oving forward, we will look to CISA to continue its work improving the cybersecurity posture of 99 Federal agencies, ensure a secure 5G rollout, and help State and local governments keep bad actors out of their election systems. Yet the President’s budget would decrease funding for CISA’s cybersecurity budget from FY 2019 levels. In the context of the current threat environment, even level funding is as dangerous as a cut.”
Subcommittee Chairman Cedric Richmond, D-La., shared similar concerns, saying, “From election security to supply chain security, we ask more of DHS’ cybersecurity arm every year. Despite CISA’s growing mission, its budget has remained stagnant. Since taking office, the President and those around him have paid a lot of lip service to issues related to cybersecurity and innovation but there hasn’t been much follow through. In February, for example, the President touted his innovation agenda but his FY 2020 budget slashes funding for S&T by nearly one-third.”
On the other side of the aisle Subcommittee Ranking Member John Katko, R-N.Y., stressed that “it is crucial that CISA has the budget and the human capital necessary to be successful.” He continued to say that there is “bipartisan support” for increasing CISA and S&T’s budgets and that the House recognizes “the critical function [the agencies] play, and we understand that [the agencies] need more money to do it properly and I fully support that notion.”
After addressing budget concerns, the bulk of the hearing moved on to address how funding will be allocated across CISA and S&T’s missions and priorities.
As part of the budget request, the White House is allocating $694 million for Federal network protection, which includes Continuous Diagnostics and Mitigation (CDM), the National Cybersecurity Protection System (NCPS), and Federal Network Resilience. Krebs explained that these programs “provide the technological foundation to secure and defend the Federal Government’s information technology against advanced cyber threats.” Additionally, while there may be some sticker shock at the funding request, Krebs argued that this funding actually creates financial efficiencies for the government, because “[b]y pooling requirements across the Federal space, CISA is able to provide agencies with flexible and cost-effective options to mitigate cybersecurity risks and secure their networks.”
Additionally, the budget also calls for $371 million for proactive cyber protection, with $248 million specifically earmarked for CISA’s National Cybersecurity and Communications Integration Center (NCCIC). “The NCCIC is CISA’s operational cybersecurity center, and it provides capacity for the U.S. Government to respond rapidly to multiple significant incidents or risks,” Krebs explained. “The NCCIC provides a broad range of information sharing and technical assistance capabilities to assist government and private sector entities across all 16 sectors of critical infrastructure.”
With the 2020 election on the horizon, Krebs also addressed the $24.1 million allocated for state and local government cybersecurity and infrastructure assistance prioritized for election security. “These resources will institutionalize and mature CISA’s election security risk-reduction efforts, allowing the Agency to continue providing vulnerability management services such as cyber hygiene scans, and on-site or remote risk and vulnerability assessments, organizational cybersecurity assessments, proactive adversary hunt operations; and enhanced threat information sharing with state and local election officials.” During the questioning period, legislators further dug into what CISA is doing to partner with state and local election officials, as well as how CISA is incentivizing local officials to report suspected malicious cyber activity.
Legislators were also interested in how CISA is addressing its workforce needs. Specifically, Rep. Jim Langevin, D-R.I., asked Krebs how CISA is handling workforce demands, and what the agency is doing to make itself an appealing place to work. Krebs said that he believes CISA is “one of the best places to work in the Federal government,” but also stressed that the agency takes the issue of recruitment seriously and is working to hire and retain top cyber talent.
During the hearing, Bryan focused heavily on S&T’s investment in research and development when discussing the $582.1 million allocated for the directorate. He said that the R&D supports “a broad range of DHS missions, including domain threat awareness, delivering mitigation strategies, and creating novel technology and approaches for the Components, first responders and other partners across the homeland security enterprise.”
He further said that S&T is in the process of revitalizing its “structures, processes and procedures to ensure that S&T provides impactful solutions to the ever-changing threats faced by our nation. We will solidify and strengthen S&T’s core capabilities and provide a deliberative approach to program execution that ensures timely delivery and solid return on investment for our nation’s taxpayers.”