Cybersecurity a top priority in Senate appropriations bill
- By Adam Mazmanian
- Jun 09, 2014
Cybersecurity provisions emerged as a leading theme in the fiscal 2015 appropriations bill for the Commerce Department, Justice Department and science agencies. Projects designed to beef up security for government systems, target malefactors in cyberspace, conduct research and encourage the growth of cybersecurity professions and businesses all held their own.
The FBI is maintaining the around-the-clock incident-response National Cyber Investigative Joint Task Force and will continue an agent-training program that gives the FBI authority and expertise for incidents affecting government systems, utilities, classified defense contractor systems and banks. The Justice Department is set for an increase to fund 25 new positions, including nine attorneys to prosecute cybercrime cases.
The bill would also moderate the language of required supply-chain investigations for the acquisition of high-impact IT systems. The House version and recently enacted appropriations make specific reference to threats posed by China-made IT gear and cover systems classified as moderate under the Federal Information Security Management Act. Those changes are bound to stoke debate when it comes time to reconcile the House and Senate versions because the chairman of the corresponding subcommittee in the House -- Virginia Republican Frank Wolf -- is a noted hawk on issues related to China and cybersecurity.
At the Commerce Department, the appropriations bill would provide $15 million for the National Institute of Standards and Technology's planned National Cybersecurity Center of Excellence. The committee report notes that the center -- located in Rockville, Md., which is the home state of Democratic Appropriations Committee Chairwoman Barbara Mikulski -- is intended to encourage co-location of a cluster of private-sector firms.
The Senate panel also endorsed $16.5 million for the continued funding of a NIST-led identity management research project, the National Strategy for Trusted Identities in Cyberspace, but the House bill would sharply limit NSTIC funding. NIST is also set to take over a Justice Department project to develop forensic science standards for digital evidence.
The National Science Foundation would receive $159 million in cybersecurity research grants to dole out and a $45 million scholarship program to train cybersecurity professionals who agree to work in the federal government. Senate appropriators, eager to beef up the cybersecurity workforce, funded the program at $20 million more than the Obama administration requested.
Outside the realm of cybersecurity, the bill supports plans by the Census Bureau to move to an enterprisewide data-collection system ahead of the 2020 enumeration. The planned Census Enterprise Data Collection and Processing Initiative would create an adjustable IT capacity for the bureau that would spin up for the decennial census and down in off years.
The Obama administration's goal has been to perform the 2020 count at the cost of the 2010 effort, using IT to achieve savings. After HealthCare.gov, this is one of the government's most significant public-facing IT investments, and senators want to make sure it stays on schedule. The Census Bureau would be required to share development timelines and cost estimates for the system 60 days after the appropriations bill takes effect.
Senators funded the National Oceanic and Atmospheric Administration's polar satellite programs at requested levels, but appropriators say the lack of a plan to mitigate a possible gap in satellite coverage is unacceptable, and the report instructs NOAA to supply "viable proposals" to obtain weather data in the event of a gap in coverage by U.S. satellites.
The committee reports that NASA is scheduled to finish restructuring its IT governance as recommended by the agency's Office of Inspector General in a June 2013 report. Senators backed the Obama administration's request of $183.6 million for NASA IT and recommended that the agency's IT model shift "to one with strong governance and information security practices."