Last week, the Senate Committee on Appropriations released the FY2018 chairmen’s recommendation for next year’s Department of Homeland Security appropriations. Significant in the marks were the increased allocations of cybersecurity spending for the National Protection and Programs Directorate (NPPD). The Senate recommendations includes $3.3 billion, over $9 million above the FY2017 level, to accelerate cybersecurity and critical infrastructure protection. The language states: “This funding will enhance cybersecurity capabilities across nearly every agency of the federal government while supporting cooperation with states, local governments, and the private sector.”
The committee DHS cybersecurity marks also included Operations & Support – $1.4 billion, including: $103 million to accelerate all phases of Continuous Diagnostics and Mitigation, the primary federal civilian cybersecurity system; $211 million for the National Cybersecurity and Communications Integration Center and Computer Emergency Readiness Teams; $294 million for the National Cybersecurity Protection System (NCPS) or “Einstein;” and $191 million for infrastructure protection.
The House Appropriation budget was passed last July and also promotes DHS’s civilian cybersecurity mandate. Now the bills will have to be reconciled between the Senate and House before they are sent to President Trump for his signature. The outcome will also likely require a bipartisan 2018 budget deal for all appropriations.
The increased DHS funding continues a trend. Cybersecurity and IT have moved more and more to the forefront of attention each year since DHS’s inception. The fact is that DHS’s responsibility to protect against cyber threats has evolved significantly from early days of the department and its creation under the Homeland Security Act of 2002. A major reason for this new focus on cybersecurity has been the rapid changes in the information technology landscape. Since 2002, the capabilities and connectivity of cyber devices and communications has grown exponentially. So have the cyber intrusions and threats from malware and hackers, requiring restructuring of priorities and missions.
In the past, much of the cybersecurity focus and activities by both government and industry have been mostly reactive to the latest threat or breach. The breaches have been plentiful and seemingly perpetual. They include the royal data crowns of the federal government, OPM, SEC Edgar, and way too many corporate incursions to mention.
In the cybersecurity community, there is a growing understanding the seriousness and sophistication of the threats, especially denial of service, ransomware and social engineering attacks from adversarial actors that include states, organized crime and loosely affiliated hackers.
A change in the cyber-risk landscape has corresponded with a heightening of DHS collaboration with other agencies in the public sector, and especially the private-sector stakeholders who own most of the nation’s vital infrastructure.
In particular, DHS NPPD has refocused their efforts on protecting against targeted cyber intrusions of the nation’s critical infrastructure, such as financial systems, chemical plants, water and electric utilities, hospitals, communication networks, commercial and critical manufacturing, pipelines, shipping, dams, bridges, highways and buildings.
The takeaways of both the House and Senate 2018 budgets and the Trump administration request, is that cyber response trends appear to be moving from a posture of reaction to one of proactive cybersecurity. Also, the government has clearly recognized that it cannot combat cyber-threats alone.
The more proactive role is evidenced in the adoption of the working Industry and Government Cyber Security NIST Framework. Cyber-preparedness will also require procurement of enhanced cybersecurity encryption, authentication, biometrics, analytics and automated network security capabilities. And, a successful cyber threat consequences strategy necessitates stepping up assessing situational awareness, cyber-hygiene, information sharing, and especially resilience in both the public and private sectors.
The Appropriations Committees funding and introduction of various introduction of legislative remedies for our cybersecurity vulnerabilities over the past year are being welcomed by most who follow these issues. Cybersecurity is a very challenging and adaptive environment. Being prepared is better late than never.
Chuck Brooks is vice president of government relations and marketing for Sutherland Government Solutions. Chuck served as the first legislative director for DHS’s Science & Technology Directorate. He also served as a top advisor to the late Sen. Arlen Specter, covering security and technology issues on Capitol Hill.