Sequestration will severely hamper cybersecurity initiatives at the Department of Homeland Security, Secretary Janet Napolitano said Thursday. (AFP / Getty Images)
Automatic budget cuts that took effect March 1 will severely hamper cybersecurity initiatives at the Department of Homeland Security, Secretary Janet Napolitano told lawmakers Thursday.
The cuts will require DHS to scale back development of critical cyber capabilities, specifically technologies capable of blocking malicious Internet traffic from entering federal networks, Napolitano said. Current tools provided by DHS allow agencies only to detect those cyber intrusions, not stop them.
Napolitano discussed the impact of the so-called sequester cuts at a joint hearing before the Senate Commerce, Science and Transportation Committee and the Senate Homeland Security and Governmental Affairs Committee.
Under the Einstein 3 Accelerated program, DHS is working with Internet companies to offer agencies preventative services that block attacks. However, the sequester will delay the roll out of this capability by a year, Napolitano said.
“We won’t be able to meet deadlines,” she said of the program.
The sequester will also hamper efforts to expand the department’s cybersecurity workforce, which could undermine DHS’ ability to carry out a presidential executive order issued last month. In that executive order, DHS is tasked with identifying the nation’s most critical assets that are vulnerable to cyber attacks, increasing information sharing with the private sector, and facilitating a voluntary cybersecurity program for companies.
Napolitano said DHS’ computer emergency readiness teams (CERTs) would see a 10 to 12 percent budget reduction, hindering their ability to fill job vacancies. This comes at a time when cyber incidents are rapidly increasing.
Last year, US-CERT responded to about 190,000 cyber incidents involving federal agencies, critical infrastructure and industry, a 68 percent increase from 2011, Napolitano said.
A Government Accountability Office report released Thursday found the number of reported cyber incidents affecting federal systems and networks has ballooned from 5,503 in fiscal 2006 to 48,562 in fiscal 2012, an increase of 782 percent. The incidents reported by agencies to US-CERT were mainly violations of computer policies, malicious code and unauthorized access of their systems and networks.