Senate appropriators ramp up cyber at DHS

On Nov. 21, the Senate Appropriations Committee released a draft funding bill for the Department of Homeland Security. The bill delves into a range of cybersecurity and technology issues confronting DHS and makes it clear that Congress views protecting federal information systems as one of the department's top priorities for 2018.

"The bill … recommends an unprecedented level of investment in cybersecurity," the committee wrote in its explanatory statement accompanying the bill.

The National Protection and Programs Directorate comes in for $700 million for cybersecurity operations for 2018 -- a boost of approximately $27 million over 2017 levels -- out of a total $1.4 billion budget.

That total includes $9.5 million for NPPD for its Multi-State Information Sharing and Analysis Center to facilitate threat information sharing for state, local, tribal and territorial governments. The committee expressed "concern that [state and local] governments are falling behind" the federal government when it comes to information-sharing efforts, and it included an additional $3 million for NPPD to promote pilot projects that do not conflict with current DHS information-sharing programs.

The committee is also looking for DHS to speed up implementation of its Continuous Diagnostics and Mitigation program. In particular, members expressed a desire for NPPD to "accelerate" phases two and three of the program, which deal with access controls, credentialing, boundary protection and security lifecycle management. To that end, lawmakers recommended giving NPPD an extra $8.9 million above what it requested from Congress to complete these tasks, as well as rapidly move to other concerns such as data protection.

The committee also wants the Secret Service to do a better job protecting the White House and its occupants -- and thinks that tech is at least part of the answer. Since 2014, there have been at least 10 separate physical security breaches on White House grounds. The committee called this number "unacceptable" and is pushing the Secret Service to "consider fiber optic and other sensor technologies to improve perimeter security." They also earmarked $27 million to purchase upgraded radio equipment following recommendations from the inspector general in 2016.

The committee displayed frustration at several stumbles by DHS and the Federal Emergency Management Agency as FEMA has attempted to update its legacy IT systems in recent years. In particular, committee members declined budget requests to procure a new system and instead opted to dole out an additional $4.7 million to maintain existing systems "due to the continued delays in the Department-wide efforts to implement a consistent Financial Systems Modernization strategy."

The agency informed the committee of a new modernization strategy that will result in a $9 million cost increase for the project. Appropriators ultimately provided the funding but took the agency to task for "the lackadaisical approach" FEMA took in relaying that information to Congress.

"When considering modernizing or developing new systems, FEMA shall be more cognizant and proactive in ensuring that the Committee is kept informed of such significant changes to the trajectory of a project," the committee wrote.