Budget would boost DHS cyber efforts in NCCIC, CDM

President Trump’s budget proposal, unveiled Tuesday, would boost spending on the Department of Homeland Security’s 24-hour digital-attack watch center by almost $50 million and more than double the funding for a governmentwide online security tools program to $279 million.

The proposal would also treble the size of the tiny team of DHS cybersecurity advisers who work with key businesses across the country.

Despite these increases, not every tech element of the department got its funding goosed. Research and development in the DHS Science and Technology Directorate was slashed by $100 million and the allocation for the CIO office was also down $60 million.

In documents released by the department and the White House Office of Management and Budget, the administration says it is asking for $3.28 billion for DHS’s National Protection and Programs Directorate, which includes most of the department’s cyber functions. It would be an increase of $196 million over fiscal 2017. The fiscal 2018 NPPD allocation includes $971.3 million total “to improve security of the U.S. cyber infrastructure” as the administration pushes the cybersecurity executive order signed earlier this month.

The spending would cover NPPD’s cybersecurity work with the private sector companies that own and operate the nation’s vital industries, like banking, telecommunications and power — as well as funding for two key governmentwide programs that strengthen the security of federal civilian .gov networks:

• $279 million for the Continuous Diagnostics and Mitigation program. CDM provides cybersecurity hardware, software, and services to departments and agencies from a centralized fund. The request would more than double CDM’s budget, up from about $102 million last year.

• $397.2 million for the National Cybersecurity Protection System, called Einstein 3A, a system of sensors that monitors .gov internet traffic looking for signatures of known malware variants. That’s down from $458.31 million last year.

DHS officials said the Einstein program had finished big procurement activities that had pushed up its costs over past years. “Einstein 3 is fully purchased and almost fully deployed so we are now more in sustainment mode with that program,” acting Undersecretary for Management Chip Fulghum told CyberScoop. By contrast, CDM would be “still in the acquisition phase” next year.

The budget for the Office of the Chief Information Officer is also lower than last year — $317.56 million, as opposed to $376.61 million last year. But that’s not a cut, according to DHS officials, but a product of a “large one-time purchase” in a prior year.

“In FY16, [the] CIO [office] had an increase of about $100 million dollars to have us take care of cyber threats after the [massive hack of the Office of Personnel Management] and so that was a one-time item,” which got rolled over into the current year, explained DHS Budget Director Allen Blume.

The department’s budget in brief also shows an increase of $49.2 million for the National Cybersecurity and Communications Integration Center “to execute new authorities under the Federal Information Security Modernization Act,” or FISMA, including training and engineering assistance “to effectively secure high value systems from cyber threats.” With the bump, the NCCIC would be funded to the tune of nearly $201 million and have a complement of 286 staff, compared to just 230 this year.

The additional resources, states the budget in brief, “will allow the NCCIC to protect private sector entities through the Enhanced Cybersecurity Services program, provide additional threat assessment capabilities, support the growth in demand for analytical products and 24x7x365 operational staffing, and maintain readiness to execute national security/emergency preparedness. It will also provide support to build Federal civilian cyber defense teams and activities to include incident response, red team penetration testing and cyber hunt to improve cybersecurity for all Federal civilian agencies.”

The document also shows that the department’s small team of cybersecurity advisers would treble in size, from just seven posts currently to a proposed 22. The budget for the program would jump to $14.7 million from just $8.2 million last year.

Although NPPD houses the lions’ share of the department’s cyber activities, there’s also cybersecurity spending by the U.S. Secret Service, the Science and Technology Directorate and other department elements amounting to almost $1.5 billion, Fulghum said.

Former DHS official James Norton noted to CyberScoop that the big plus-ups for cyber programs meant the Trump administration was putting “its money where its mouth is on cyber.” But he added that the key for DHS was “turning that money into confidence for the private sector to work with the department” on its cybersecurity advisers program and other partnership initiatives.

He also said that a long-planned reorganization of NPPD into an operational cyber-protection force — “probably the biggest reorganization of DHS since the post-Katrina reforms a decade ago” — needed to proceed “a lot faster than it currently is, so it can line up with the appropriators’ schedules as they start work” turning the administration’s budget proposal into funding bills and finally into law.

“They gotta get this done,” he said.