Friday, May 22, 2015

President's budget includes $8.5 million for DHS program to support cyber framework

Posted: March 5, 2014
Bookmark and Share

The president's proposed budget for the Department of Homeland Security includes $8.5 million to operate the so-called voluntary program intended to help companies use the framework of cybersecurity standards released in February by the National Institute of Standards and Technology.

Industry observers say it remains to be seen exactly how DHS will spend that money, which is part of a proposed $1.25 billion fiscal year 2015 budget for cybersecurity, according to a DHS document released on Tuesday.

Whether that funding will go to contractors, new employees, overhead or some other expense is an open question, one industry source said. Another asked whether the department would put some of it toward establishing metrics to determine what is and isn't working within the voluntary program, now known as C-Cubed.

"Without baseline data and cost effectiveness metrics we really can't assess how much we are succeeding and thus what we need to change going forward," the second source said.

"With the President's release of the 2015 budget, it is not yet clear what is actually targeted funding for Cybersecurity Framework-related efforts such as the C3 voluntary program," said Kent Landfield, McAfee's director of standards and technology policy. "We're looking forward to learning the details in the days to come."

DHS said in a release that the request "includes $1.25 billion for cybersecurity activities including resources to detect malicious traffic targeting civilian Federal government networks and resources to support cyber and cyber-enabled investigations . . . to areas such as cyber economic crime, identity theft, theft of export controlled data, and child exploitation, as well as for managing computer forensics programs."

The overall figure includes the $8.5 million for C-Cubed and other activities in support of President Obama's Executive Order 13636, which mandated the NIST framework and DHS voluntary program.

The adequacy of that figure is difficult to assess, industry sources agreed.

By comparison, a program to "audit, assess, and monitor critical infrastructure and/or key resources at protective sites which directly or indirectly support a Presidential visit" gets almost half as much -- $3.9 million -- as is allocated to support the voluntary program.

In other cybersecurity accounts, a DHS budget document explains that over $143 million is set aside to implement the government's continuous diagnostics and mitigation program, and another $28 million would go toward improved sharing of classified information with DHS' federal, state and local partners.

The budget includes $67.5 million for cybersecurity research, development, testing and evaluation.

The House Homeland Security Committee scheduled a hearing for March 13 to examine the budget request.

Senate Homeland Security and Governmental Affairs Chairman Tom Carper (D-DE) released a statement praising the administration's ongoing commitment to cybersecurity but he has yet to schedule a hearing on the budget request. -- Charlie Mitchell (This e-mail address is being protected from spambots. You need JavaScript enabled to view it )


Free Trial

Inside Cybersecurity is a subscription-based premium news service for policy professionals who need to know about evolving federal policies to protect cyberspace.

Sign up for a free one-month trial to Inside Cybersecurity. You'll get a morning email Daily Report each business day, news alerts throughout the day, access to hard-to-find policy documents and reports, and our exclusive Weekly Analysis every Monday.

Subscribe now and save 50%. Your free trial will include this special introductory offer: You'll save 50% off the first-year subscription price for Inside Cybersecurity. You'll pay just $447.50 for a full twelve months of service for a single-reader license. This is an unbeatable deal for exclusive news on the hottest issue in federal policymaking.

Additional readers can be added to a single-reader license for just $200 each, up to five. The 50% discount will be applied to the entire cost of the license. If you have more than five readers, or would like an organization-wide site license, even further discounts will apply. Contact or call 703-562-8992.

Form for a free trial

Get exclusive news on the cybersecurity debate in Congress and more.

Sign up for a free one-month trial to Inside Cybersecurity for daily news and analysis on emerging federal standards for cybersecurity, including the debate over information sharing, liability waivers and privacy protections.

Form for a free trial

Already a subscriber? Click here to log in.