Funding DHS Cybersecurity Initiatives

House Panel Places Few Limits on How Money Could Be Spent
Funding DHS Cybersecurity Initiatives

A House Appropriations Committee bill would give the Department of Homeland Security $24 million less for cybersecurity than President Obama seeks. But it would provide the administration lots of flexibility in how to spend the money.

See Also: Webinar | Showing Companies How to Achieve NIS2 Compliance

The legislation, which cleared the panel May 16 and goes to the full House, would earmark $786 million for cybersecurity operations in fiscal year 2014, which begins Oct. 1. This figure represents a 4 percent increase over current spending levels and includes nearly $200 million for a federal network security program housed at DHS. That initiative is aimed to assist other agencies in providing adequate, risk-based and cost-effective cybersecurity, which includes the acquisition and operation of continuous monitoring and diagnostic software.

"At a time when many committees on the Hill are trying to insert themselves into cybersecurity, it's noteworthy that Appropriations did not offer much in the way of explicit instructions, guidance or reporting requirements for cybersecurity policy," says Allan Friedman, research director at the Center for Technology Innovation at the Brookings Institution, a Washington think tank.

Hands-Off Approach

The complexity of implementing information security initiatives is the major reason appropriators are taking a relatively hands-off approach on how to spend money on cybersecurity. "Nobody is really sure on how to restrict it," says former Federal Chief Information Officer Karen Evans.

Evans says the panel's bill likely includes less money for cybersecurity than the president requests because DHS isn't expected to spend all of its cybersecurity appropriation for the current fiscal year. House appropriators also may believe that DHS might not be able to spend the extra $30 million by the end of the next fiscal year. For instance, Evans says, DHS might fall short in hiring the number of cybersecurity experts it plans to employ by Sept. 30, 2014, the end of the next fiscal year.

The White House would have other means to make up the shortfall, at least in some areas, Evans says. On interagency cybersecurity programs, such as the federal network security program, the administration could tap funds from other departments and agencies using the acquired technology to make up the difference. "That's the flexibility," Evans says.

Privacy Protections

One of the few restrictions placed on the money targeted for DHS in the House plan is that continuous monitoring and diagnostic software procured with appropriated funds could not be used to collect personally identifiable information from other federal agencies.

"It's nice to see privacy protections built in at this level, although these protections don't cover other government agencies such as the FBI and intelligence community," Friedman says.

One restriction in the appropriations bill has little to do with cybersecurity, but is included for political reasons: All systems being funded cannot allow individuals to view or download pornography.

Obama's Plan

Cybersecurity spending at DHS would represent about 6 percent of the more than $13 billion in cyber-related programs Obama proposed in his FY 2014 budget [see Obama Budget Favors Cybersecurity].

For Homeland Security, the president proposes to designate $44 million in new funding to expand the Comprehensive National Cybersecurity Initiative to its fifth iteration, which would develop a comprehensive and coordinated system to foster cybersecurity information sharing across the government, while protecting individual privacy and civil liberties.

The Obama budget also includes $810 million to support efforts by the DHS National Protection and Programs Directorate to protect federal computer systems and networks from cyberattack, disruptions and exploitations; strengthen state and local governments' cybersecurity capacity and support private-sector efforts to protect critical infrastructure. The budget supports co-locating key civilian cybersecurity agencies to promote cybersecurity incident response throughout government.

A budget is a planning document that explains how funds would be spent. An appropriations bill is the allotment of money to an agency to be spent.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.