Homeland Security Secretary Jeh Johnson is asking for an extra $200 million for cybersecurity in next year's budget but promised legislators the department won't be squandering those funds.
Johnson presented the DHS 2017 budget request to the House and Senate appropriations committees on Feb. 24, laying out the department's priorities, including cybersecurity. The department's plans for 2017 go beyond technology, putting DHS at the center of the government's cybersecurity operations and proposing a reorganization of operations within the department.
The secretary cited President Barack Obama's Cybersecurity National Action Plan (CNAP), a set of proposals to boost security over the next year, two years and 10 years.
"The plan includes a call for the creation of a Commission on Enhancing National Cybersecurity, additional investments in technology, federal cybersecurity, cyber education, new cyber talent in the federal workforce and improved cyber incident response," Johnson told Congress. "DHS has a role in almost every aspect of the president's plan."
To accomplish these goals, DHS is asking for $1.6 billion for cyber programs, an increase of $200 million over 2016. The ask represents about 4 percent of the department's $40.6 billion funding request.
"While counterterrorism remains a cornerstone of our department's mission, I have concluded that cybersecurity must be another," Johnson said. "Making tangible improvements to our nation's cybersecurity is a top priority for President Obama and for me to accomplish before the next president is inaugurated."
Almost half of the $1.6 billion request will go toward DHS's two major cybersecurity programs: $274.8 million for the Continuous Diagnostics and Mitigation (CDM) program — a set of tools to identify threats on civilian networks and boot the bad actors — and $471.1 million for Einstein — a sophisticated firewall that, in its third generation, can block known malicious traffic at the ISP level.
Johnson told lawmakers the first phase of CDM — which gives agencies a view of all the assets on their networks — is now on 97 percent of federal systems and the second phase — which monitors and controls user access — will be on all civilian networks by the end of 2016.
The secretary also defended the Einstein program, which has come under fire after a recent Government Accountability Office report identified several shortcomings in the program and its rollout.
"The conversations that I've had with our cybersecurity experts tell me that Einstein remains a good investment because of its unique capability to rely upon classified information for detecting and blocking cyber intrusions and, more importantly, because it is a platform for future technology," he told the Senate Appropriations Subcommittee, noting the program only blocks known bad actors at this time. "It is also a platform to block suspected bad actors in the future and so once that system is in place, it will serve as a platform for the future technology we need to have."
Johnson noted the first two iterations of Einstein are currently operating on all civilian systems and the third phase — dubbed Einstein 3 Accelerated, or Einstein 3A — is operating on half, with that figure continually on the rise.
He said Einstein and CDM are both staples of DHS's cybersecurity efforts and asserted that both are still strong investments.
To ensure these funds don't go to waste, DHS is also proposing a reorganization of the main office managing these programs: the National Protection and Programs Directorate. NPPD will be getting a new name this year but the move is more than cosmetic.
"We want to restructure the NPPD from a headquarters element to an operation component called the 'Cyber and Infrastructure Protection' agency," Johnson said.