DHS Cybersecurity Budget Increase Warranted, Senators Say
Lawmakers lauded the Department of Homeland Security’s increase in cybersecurity funding, during a Senate Homeland Security and Governmental Affairs Committee budget hearing Wednesday. The president’s budget request includes a 74 percent increase in the department’s cybersecurity budget, for a total request of $770 million for cybersecurity in fiscal year 2013. The administration’s total fiscal year 2013 request for the department is $39.5 billion in net discretionary spending, a 0.5 percent decrease from the year prior.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
President Barack Obama offered a “responsible budget request,” said Committee Chairman Joe Lieberman, I-Conn. Lieberman said he “couldn’t agree more with the administration’s strong commitment to improving our cybersecurity and for placing much of that responsibility within the Department of Homeland Security as our lead civilian agency.”
The administration’s budget request “recognizes the seriousness of the cyberthreat,” said Ranking Member Susan Collins, R-Maine. “This level would help reduce vulnerabilities in the federal cyber domain by hastening deployment of intrusion prevention tools on government computer systems,” she said.
DHS Secretary Janet Napolitano backed the passage of the Cybersecurity Act (S-2105) sponsored by Lieberman, Collins, Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., and Senate Intelligence Committee Chairman Dianne Feinstein, D-Calif. “The bill is really a very robust public-private partnership approach to how we raise the base level of cybersecurity for the core critical infrastructure,” she said. Napolitano dismissed criticism that the bill would increase regulation of private sector owners and operators of critical infrastructure: “It has no regulation, per se.”
But Sen. John McCain, R-Ariz., told us the secretary was not accurate in saying S-2105 did not contain regulatory mandates. “Of course not. Senator [Saxby] Chambliss [R-Ga.] looked at the first section [of S-2105] and his staff came up with a large number of regulations that would be required [in] the legislation.”
McCain told us he still has a “philosophical difference” with Lieberman over the “role of government and what restrictions they can place on some of the private companies or corporations and what they can demand of them. … We believe that this should be a voluntary environment and obviously they don’t agree with that, so we have some differences.”
But Collins said Congress would “be falling short” if it passed a “very limited bill that dealt only with information sharing and did not give the department the authority to designate what is core critical infrastructure … and develop risk-based development standards. … The fact is that while information sharing about cyberthreats is needed and those liability protections are essential, that does not remove the necessity of focusing on critical infrastructure."
Napolitano agreed that information sharing and critical infrastructure protections are “not mutually exclusive. … I think we would be back here in a year or 18 months and we will have suffered a major infiltration or attack, and we will find that some part of our critical infrastructure contained a gap. … It seems to me that what we know now is already enough to go ahead and that we should be moving forward."
"We need information sharing and it needs to be in real time,” Napolitano said. “We need … [Federal Information Security Management Act] reform, we need some help with some personnel rules so we can hire more people more quickly. There are a lot of things that need to be done in cyber, and they need to be done now.
The department plans to bolster federal network security by spending $236 million to improve agencies’ IT networks and continuous monitoring capabilities and $345 million to speed the deployment of the National Cybersecurity Protection System, also known as Einstein 3. The budget also includes a $93 million request to fund the U.S. Computer Emergency Readiness Team and hire more analysts to handle increased federal traffic monitoring. The DHS budget request also includes $77.4 million to increase cybersecurity training, education, workforce development and general cybersecurity research and development.