Congress Cuts $20 Million from Cyber-Security in Interim Bill

The short-term bill that keeps the government operating while Congress dithers over the budget debate has cut $20 million from cyber-security funding, far less than the originally proposed $60 million reduction.

Congress passed an interim law slashing $20 million from cyber-security funding while continuing the debate on other budget cuts.

The short-term continuing resolution, signed into law March 2, keeps the government operating till March 18 and buys the House of Representatives and the Senate time to negotiate other cuts for the rest of fiscal 2011, which ends in September, and finalizes the federal budget for fiscal 2012, which starts Oct. 1.

The $20 million reduction is far less than the original $60 million cut the House had asked for in February and was achieved by eliminating earmarks. These funds have not yet been allocated to specific infrastructure protection or information security projects at the DHS (Department of Homeland Security), according to NextGov. Previous earmarks from 2009 and 2010 went toward state and local cyber-security training, a multistate information-sharing and analysis center, and various analysis and testing centers around the country.

With negotiations for more cuts under way, other DHS cuts may be in store. A project to install Einstein-3, a traffic-monitoring system, on federal computer networks may be targeted next, DHS Secretary Janet Napolitano said at a House hearing on March 3.

The National Cyber Security Division at DHS plans to install five monitors and nodes on the .gov domain used by federal agencies. The intrusion-detection system would monitor network traffic entering or leaving federal computer networks, conduct real-time full-packet inspection and threat-based decision making, and automatically respond to certain threats, according to Napolitano.

The system will allow the federal government to identify and characterize malicious network traffic to enhance cyber-security analysis, situational awareness and security response, according to the DHS.

DHS requested $233.6 million in the 2012 budget for this project, which also includes upgrades to the existing National Cyber Security Protection System.

Further cyber-security cuts, either in the rest of 2011 or in the 2012 budget, would "cause significant delay" in deploying Einstein-3 by as much as two or three years, according to Napolitano. "And talk about an area where there's urgency, the cyber area has real urgency associated with it, so we hope we can work with the Congress to revisit that issue," she said.

A number of security experts had speculated a network-monitoring tool would have detected the traffic anomalies caused by Pvt. Bradley Manning downloading large amounts of classified data. DHS is also worried about the security risk of sophisticated hackers sponsored by an unfriendly country breaching federal systems.

President Obama asked for roughly $1 billion for information security at DHS in his fiscal 2012 budget proposal unveiled in early February. Cyber threats are "one of the most serious economic and national security challenges we face as a nation," he said.

DHS also requested $40.9 million to conduct 66 network assessments to improve security across all federal agencies, $24.5 million for cyber-security training and education, $1.3 million to coordinate cyber-security operations with the Department of Defense's National Security Agency, $18 million for research and development projects, and funding to support cyber investigations conducted by the Secret Service and Immigration and Customs Enforcement.

Even so, a current bill in the House of Representatives (HR 408) proposes reducing DHS fiscal 2012 spending to fiscal 2006 levels, or $10.7 billion less than what the department had requested for its total budget.