May 1, 2017–House and Senate negotiators are preparing to seek adoption of a federal government spending bill for the remainder of fiscal year 2017 that would give the Department of Homeland Security $1.8 billion for cybersecurity programs within the National Protection and Programs Directorate. That amount would be $183 million “above the fiscal year 2016 enacted level,” according to the House Appropriations Committee. “Hacking and cyber attacks cost the federal government billions of taxpayer dollars, and expose the personal information of thousands of Americans,” the committee said.
The spending boost would help NPPD “enhance critical infrastructure and stop cyber attacks,” the committee added. “Within this amount, $1.4 billion is provided to help secure civilian (dot-gov) networks, detect and prevent cyber attacks and foreign espionage, and enhance and modernize emergency communications,” it said. Other cyber-related items for DHS within the proposed spending bill include $197 million for the National Cybersecurity and Communications Integration Center (NCCIC), a multi-agency information-sharing and watch center run by NPPD in Arlington, Va.
The Multi-State Information Sharing and Analysis Center (MS-ISAC), a cybersecurity resource for state, local, territorial, and tribal governments, would receive $9.5 million under the compromise spending measure, and the bill would require DHS to brief House and Senate appropriators on the center’s operations.
“Within 120 days of the date of enactment of this act, NPPD shall brief the committees on the types of assistance, including technical and formal ongoing engagement, available to state and local governments, including law enforcement agencies, to protect their networks,” according to an explanatory statement accompanying the bill, which was released today.
NPPD also would be required to work with the Office of Management and Budget and other federal agencies to develop a strategic plan “for securing civilian federal networks,” the statement said. “The plan shall include an effective cost model whereby departments and agencies assume responsibility for the costs of their own systems while also using NPPD subject matter expertise and bulk-buying capabilities when it enhances security and is cost effective.”
“NPPD shall provide the strategic plan to the committees not later than 250 days after the date of enactment of this act, including a proposed governance structure, roles and responsibilities of departments and agencies, responsibilities inherent to NPPD, and a model for ensuring a long-term and sound financing structure for federal cybersecurity needs,” it said.
The Coast Guard, which is part of DHS, would receive $4.5 million “to increase the staffing of the Coast Guard’s Cyber Command and to establish a Cyber Protection Team to enhance the Coast Guard’s cyber capabilities,” the explanatory statement said. “Not later than 90 days after the date of enactment of this act, the Coast Guard shall brief the committees on plans, including funding strategy, for improving the cybersecurity posture of the Coast Guard and balancing requirements of operating within the ‘dot-mil’ domain while adhering to DHS cyber directives,” it said.
The spending bill’s provisions for the Defense Department’s cyber operations appear to be largely the same as those previously negotiated in DoD appropriations legislation. “The agreement fully funds the fiscal year 2017 base budget requirement of $6,734,000,000 for the Army, Navy, Marine Corps, Air Force, and the defense agencies’ cyberspace activities, an increase of $992,000,000 over the fiscal year 2016 enacted level,” an explanatory statement said.
The bill would require DoD to change its budget submissions to Congress “to provide increased visibility and clarity into the cyberspace activities funding requirements and changes to funding requirements from the previous fiscal year enacted levels,” it said. In addition, DoD would have to “conduct a review of the budget justification material and provide a proposal to the House and Senate Appropriations Committees not later than Sept. 1, 2017, for how to clearly delineate the Department of Defense cyber investment activities requested in the operation and maintenance, procurement, and research, development, test and evaluation accounts as part of the budget justification material beginning with the fiscal year 2019 budget submission.”
The bill would also require DoD “to provide quarterly briefings to the House and Senate Appropriations Committees on all offensive and significant defensive military operations in cyberspace carried out by the Department of Defense not later than 30 days after the end of each fiscal quarter.” — Tom Leithauser, firstname.lastname@example.org