The Homeland Security Department is asking Senate appropriators for budget increases to bolster its cybersecurity programs, including the Federal Risk and Authorization Management Program (FedRAMP).
The total request for cyber programs at DHS add up to $1.4 billion. That’s just part of the total White House budget request for cybersecurity programs, which is up 11 percent for FY 2016, or $13.9 billion.
“These are ballpark figures, but my idea here is to give you a sense of the magnitude and relative effort that should be expended,” said Andy Ozment, assistant secretary for cybersecurity and communications, before the Senate Appropriations Subcommittee on Homeland Security today.
The agency’s cybersecurity budget breaks down into four key areas. The first would sustain funding levels for Immigration and Customs Enforcement and the U.S. Secret Service’s resources for cyber crime and cyber criminal investigations.
Next, DHS wants $480 million for Network Security Deployment to protect governmentwide networks. That includes the EINSTEIN3 Accelerated program that allows the agency to monitor agencies for malicious Internet traffic.
It also includes $103 million for continuous diagnostic monitoring programs. Ozment said yesterday the agency awarded seven companies a spot on the latest task order for CDM phase 1.
Finally, DHS wants $5 million for its CyberSkills Management Support Initiative. Its goal is to develop and sustain a skilled cybersecurity workforce, overseen by the agency’s Chief Human Capital Officer.
Request based on collaboration
DHS Chief Information Officer Luke McCormack told the subcommittee the budget request is based on “a collaborative environment and culture within DHS.” It’s part of Secretary Jeh Johnson’s Unity of Effort Initiative.
“The CFO and CIO councils work together to clearly define budgetary needs for cybersecurity efforts in 2016 and into the near future,” McCormack said. “As [the National Protection and Programs Directorate] coordinates the federal response to cyber incidents, we collaborate with them on many federal cybersecurity programs.”
On top of internal collaboration, McCormack said the budget request relied on outside input from other agencies and the federal IT industry.
This placed programs like FedRAMP close to the top of the funding priority list, where DHS plays a major role. He argued for increased involvement to save money in other places across the government, as multiple agencies can turn to FedRAMP to map their cloud security certification process.
“We have requested a program increase of $2.6 million in fiscal year 2016 to support FedRAMP as cloud computing expands and our engagement intensified,” McCormack said.
Private sector collaboration could also explode, depending on whether Congress can pass the latest National Cybersecurity Protection Advancement Act. The bill would extend liability protection to businesses that voluntarily report cyber threat information to the National Cybersecurity and Communications Integration Center (NCCIC) at DHS.
“This in turn would intensify the already pressing need for DHS to be able to process and act on that,” said Greg Garcia, executive director of the Financial Services Sector Coordinating Council, and former assistant secretary for cybersecurity and communications at DHS.
“That’s going to require more personnel who are well trained in cybersecurity, and in the critical infrastructure sectors that they serve,” he said.