House panel approves $408 million boost for CISA

The House Appropriations Committee approved a $63.8 billion spending package for the Department of Homeland Security that includes higher funding levels for the department's top cyber agency.

The bill allocates approximately $2 billion for the Cybersecurity and Infrastructure Security Agency, a $335 million bump from last year and $408 million above what was requested in the president's budget. Lawmakers in both parties have expressed support over the past year for the idea of providing CISA with more resources to carry out its cybersecurity mission.

"This 20% funding increase will help the new agency move faster to improve our cyber and infrastructure defense capabilities," said Rep. Lucille Roybal Allard (D-Calif.), chair of the House Appropriations Homeland Security Subcommittee.

It also includes $24 million in additional funding for CISA's election security initiative, including increased coordination between the National Cybersecurity and Communications Integration Center and National Guard units with cybersecurity experience to support training, risk assessments and incident response needs for state and local governments. The committee's report on the bill notes that NCCIC is currently grappling with a 12-month backlog for requested vulnerability assessments.

Officials from CISA have said they plan to expand outreach efforts to local governments, noting that while DHS was able to establish working relationships and provide election security-related services to all 50 states and more than 1,000 localities in the lead up to 2018, there remain thousands of counties, precincts and jurisdictions that still need help. A manager's amendment adopted during markup would also allocate $10 million to fund the deployment of cyber advisors deployed to state and local governments.

"In 2016, this nation's fundamental democratic system of free and fair elections was violated," said Rep. Marcy Kaptur (D-Ohio). "That was just a taste of what is to come if we do not focus needed resources and attention to the vulnerabilities of current election equipment and personnel."

The bill boosts funding for a range of cybersecurity programs at the agency, including $130 million above the president's budget request for the Continuous Diagnostics and Mitigation program and $40 million to establish a centralized Federal Domain Name System egress service that would provide more granular information about attacks on government DNS infrastructure.

Funding for industrial control system cybersecurity is $11.4 million above requested amount for training, malware analysis, incident response and other services.

The bill zeroes out $11 million in requested funding for CyberSentry, a DHS pilot program that voluntarily extends NCCIC services to critical infrastructure organizations and deploys IT network sensor systems to detect malicious activity. The committee said it wants to work with CISA to better understand the program and its impact.

The bill also declines an administration request to move $24 million in cybersecurity research funding from the Science and Technology Directorate to CISA.

The legislation would also include $266 million for Customs and Border Protection to acquire and deploy border security technologies and other assets. The agency faced scorn from lawmakers this week following an admission that one of its subcontractors (believed to be Perceptics) had been hacked, resulting in the theft of tens of thousands of photographs and images taken of travelers entering and exiting the border. Officials claim none of the data had been put on the Dark Web for sale, but the transparency group DDoS Secrets claimed to have found 500 GB of Perceptics data, including sales information, emails, license plate photos and other datasets containing personally identifiable information.