Lawmakers will resume debate when Congress returns next week on a sprawling “Build Back Better” bill that would add another new layer of cybersecurity funding on top of the cyber provisions in the infrastructure modernization package passed and sent to the president last week.
The House late Friday passed the infrastructure bill and put off further consideration of its version of the “’BBB” bill until next week, after the measure bogged down amid internal disputes within the Democratic Caucus. The BBB faces a similarly difficult path in the Senate where Sens. Joe Manchin (D-WV) and Kyrsten Sinema (D-AZ) have objected to the size and scope of the measure, and have the power to block its progress. The legislation is intended to enact much of President Biden’s domestic policy agenda.
The BBB legislation was crafted under so-called budget reconciliation rules requiring a simple majority in the Senate and includes money for government tech upgrades, Cybersecurity and infrastructure Security Agency programs and assistance to state-local-Tribal-territorial governments. The cyber funding in the BBB bill would be added on top of the provisions in the infrastructure bill and regular annual appropriations measures to provide a major jolt to federal government investment in cybersecurity.
“The Build Back Better bill includes funding for a number of critical cyber programs, a clear focus on critical infrastructure by providing new funding for the CyberSentry program and other industrial control systems; funding for state and local governments to secure systems and increased support for the MS-ISAC, but also a critical focus on funds to CISA for cloud security and cloud threat hunting capabilities,” commented Norma Krayem of Van Scoyoc Associates and a former official at the departments of State, Commerce and Transportation.
“I’m also glad to see a focus on funding for cyber workforce programs at CISA as well as for a grant program at FEMA to help state, local, Tribal and territorial (SLTT) governments recruit and train cybersecurity personnel,” Krayem said. “While the private sector owns and operates the overwhelming majority of Critical Infrastructure, we cannot forget that SLTT governments run a host of national critical functions, airports and transit, public water/wastewater and many more functions. They absolutely need support to hire cybersecurity experts.”
Michael Hettinger of Hettinger Strategy Group observed, “The $1.75T package takes a slightly different approach to cyber funding than the original reconciliation bill, with investments that are more targeted toward identified needs -- securing federal information systems, cloud security, industrial control systems, cyber training and state and local grants. With these additional funds, plus the increases CISA is likely to see via the FY22 appropriations bill, it will be critical for CISA to ensure they have enough and the proper resources to carry out these programs in line with congressional intent.”
But he added, “That said, missing from the new approach is dedicated funding to help agencies implement the requirements of the cybersecurity executive order, including those focused on multi-factor authentication and zero trust. Ensuring implementing the cyber EO gets the attention it deserves must be a priority.”
The House reconciliation measure includes language added by Rep. Gerald Connolly (D-VA) providing $250 million for the Technology Modernization Fund to upgrade federal systems, $200 million for the GSA Federal Citizen Services Fund, and $50 million for the OMB IT Oversight and Reform fund.
Speaker Nancy Pelosi (D-CA), in the midst of the scramble to pass the BBB bill last week, released a fact sheet detailing the provisions including $400 million for CISA and $100 million for state and local cyber assistance, in addition to the technology funding that will play a key role in securing federal networks.
House Homeland Security Chairman Bennie Thompson (D-MS) in late October said: “Enactment of the Build Back Better Act will help fortify our cybersecurity posture to defend both government and critical infrastructure networks and make them more resilient. It includes $500 million in new investments to help accelerate the transition of State and local government networks to the .gov domain, for States to improve their ability to hire network defenders, and to modernize our approach to securing Federal networks and growing the cyber workforce.”
Thompson said, “It also increases the Cybersecurity and Infrastructure Security’s ability to help critical infrastructure operators defend industrial control systems, including through the Cybersentry program.”
The House Homeland Security Committee in September approved $865 million for inclusion in the reconciliation measure, but that was reduced as Democratic leaders sought to bring down the overall price tag. -- Charlie Mitchell (cmitchell@iwpnews.com)