Napolitano: Cyber threat 'right in front of us'
Connecting state and local government leaders
Cybersecurity would get a 74 percent boost under DHS' 2013 budget request, but some senators question if the department should be securing critical infrastructure.
Cybersecurity is a top priority in the Homeland Security Department’s fiscal 2013 budget request, and spending for it would get a 74 percent boost while overall department funding would remain flat in the coming year.
“The cybersecurity threat, in my wheelhouse, is right in front of us,” DHS Secretary Janet Napolitano told the Senate Homeland Security and Governmental Affairs Committee on March 21.
There was disagreement among the senators on what the role of DHS should be in protecting the nation’s critical infrastructure, however. Committee Chairman Sen. Joseph Lieberman (I-Conn.), who called cybersecurity “the most significant vulnerability we have in homeland security today,” has introduced a bill that would give the department oversight over the security of designated critical infrastructure. The panel's ranking Republican, Sen. Susan Collins of Maine, is a co-sponsor of the bill.
Related stories:
Cybersecurity research gets boost in 2013 budget request
DOD's 3 challenges in protecting cyber infrastructure
But Republican Sen. Ron Johnson of Wisconsin was skeptical of the cost and need for federal regulation of privately owned networks. He supports an alternative bill that focuses only on enabling better information sharing between the public and private sectors.
Napolitano said the two issues are not mutually exclusive. “We need the information sharing, and it needs to be real time,” she said. But she added that “it makes common sense” for DHS to be in charge of ensuring that critical infrastructure maintains a basic level of security and predicted possibly disastrous consequences within 18 months if steps are not taken soon to improve security.
“We will have suffered a major infiltration or attack and we will find some part of our critical infrastructure with a gap,” because the industry was not doing enough to protect itself on its own, she said. “What we know now is already enough to go ahead, and we should be moving forward.”
The department’s budget request for next year calls for $39.5 billion in discretionary spending, basically the same as the current year. But the budget would shift more than $850 million from administrative spending to mission support for core, front-line operational priorities. Cybersecurity, which is identified as one of the department’s five core missions, would be a major beneficiary of the shift, increasing that portion of the budget by $325.8 million to a total of about $770 million.
The money would go toward speeding the deployment of Einstein 3, the federal network monitoring system for intrusion detection and prevention, and boost the budgets for the U.S. Computer Emergency Readiness Team, which provides information sharing and incident response for intrusions in government and private-sector networks.
Priorities include:
- $236 for federal network security: To help executive branch civilian departments and agencies in improve their cybersecurity posture under the Federal Information Security Management Act, and improve continuous monitoring of network activity and other capabilities to address evolving cyber threats.
- $345 for the National Cybersecurity Protection System: This includes Einstein, an integrated intrusion detection, analytics, information-sharing, and intrusion prevention system. The program will continue to focus on intrusion prevention in 2013 while improving situational awareness of evolving cyber threats through a Managed Security Services solution. Under the MSS solution, each Internet service provider will use its own intrusion prevention services that conform to DHS-approved security, assurance and communication requirements.
- $93 million for US-CERT operations: The operational arm of the National Cyber Security Division, US-CERT leads and coordinates efforts to improve cybersecurity posture, promote cyber information sharing, and manage cyber risks. It provides customer support and incident response, including 24-hour support in the National Cybersecurity and Communications Integration Center. As NCPS covers more federal network traffic, additional US-CERT analysts are required to ensure cyber threats are detected and the federal response is effective.
- $12.9 million to increase the cybersecurity workforce: To provide high-quality, cost-effective virtual cybersecurity education and training to develop a robust cybersecurity workforce able to protect against and respond to national cybersecurity threats and hazards.
- $64.5 million for cybersecurity research and development: Focused on strengthening the nation’s cybersecurity capabilities.
Other elements include funding for a multistate information-sharing and analysis center, and support for cyber investigations conducted through the Secret Service and Immigration and Customs Enforcement.
ICE provides computer forensics support for investigations of domestic and international criminal activities, including benefits fraud, arms and strategic technology, money laundering, counterfeit pharmaceuticals, child pornography, and human trafficking involving the Internet.
The Secret Service’s Financial Crimes Task Forces focuses on the prevention of cyberattacks against U.S. financial payment systems and other critical infrastructure.