Government shutdown and budgeting debates hurt agencies’ ability to adequately protect their networks, because they lose time to procure necessary technologies, according to Trey Hodgkins, senior vice president for public sector at the Information Technology Alliance for Public Sector.
As Congress looks likely to pass its fourth continuing resolution in five months, agencies will have a hard time procuring cybersecurity technologies through the Department of Homeland Security’s Continuous Diagnostics and Mitigation program and be forced to deal with shorter appropriations timetables.
“Agencies cannot begin to spend dollars until they are appropriated, and if their planning, their execution, their identification of contractors, identification of which tools they need happens and we end up with a fiscal year where only five months are actually appropriated, it’s too short of a time frame to effectively complete that, deploy the activity and get the dollars obligated for a contract,” Hodgkins told members of the House Homeland Security Committee Jan. 17.
“So it creates tremendous challenges, and those are some areas that delay implementation of a lot of programs, including CDM.”
The 2018 fiscal year occurs from Oct. 1, 2017, to Sept. 30, 2018, meaning that, even should Congress pass a complete appropriations bill by Friday, Jan. 19, agencies will have just over eight months of funding to work with when procuring technology for their CDM programs.
According to Hodgkins, agencies also rely primarily on the DHS budget for CDM rather than putting line items in their own budget requests.
Hodgkins suggested that Congress work to accelerate procurement cycles so that agency CDM programs can keep pace with the evolution of cyberthreats.
“The committee should work to ensure that there are sufficient numbers of adequately trained contracting personnel to deploy CDM tools in a timely fashion, to keep up with the evolving threat landscape,” said Hodgkins.
Rep. John Ratcliffe, R-Texas, noted in his opening statement that the federal government isn’t terribly good at procuring IT tools to begin with.
“It’s no secret that the government has trouble buying technology. Old and outdated technology is not only a barrier to the federal government completing its mission to serve the American people in a digital world, but brings with it insecurities and raises serious cybersecurity risks for each and every agency and department,” said Ratcliffe.
Frank Dimina, area vice president for federal at Splunk, also suggested that agencies better take advantage of the data already collected through the CDM program by using it to create a “cyber weather map” of threats to the federal government.
“One key opportunity it to better leverage the existing data collected throughout CDM. In our view, DHS should transform the existing CDM integration layer into a common data analytics fabric that is standardized across the program,” said Dimina.
“Today, CDM data presented in the federal dashboard is summary data. Like a photograph, summary data provides a snapshot in time, but lacks the fidelity of a live video feed. Providing DHS analysts with greater detail and drill-down capability would significantly enhance their ability to protect the homeland.”
Dimina added that data collected in the CDM program should be compatible with the DHS Einstein program, a system for monitoring, detecting and blocking threats to federal agencies, in order to expand agency cyber capabilities with what is already available.