Legislation carrying a funding boost for the Cybersecurity and Infrastructure Security Agency, along with much of President Biden’s domestic policy agenda, is stuck in the Senate but sources say regular appropriations are likely to include a substantial increase for CISA without or without the money contained in the stalled “Build Back Better” package.
“We’re going to have to probably break it up,” President Biden said Wednesday of the massive “BBB” legislation, which has stalled in the Senate amid ongoing opposition from two Democratic senators. The House-passed version of the BBB legislation includes $400 million for the Cybersecurity and Infrastructure Security Agency, $100 million for state and local cyber assistance, and government technology improvement funding.
Voting rights legislation containing cyber elements also hit a wall in the Senate on Wednesday, where Majority Leader Charles Schumer’s (D-NY) bid to advance the bill by changing filibuster rules was thwarted Wednesday.
Congressional sources point to substantial increases for CISA that are already the focus of negotiations over a final fiscal 2022 spending package.
A Senate source said, “After the ‘four corners’ appropriations meeting last week, negotiations to reach an agreement for FY22 remain ongoing. However, I can point out that the Chairman’s Mark of the FY22 Senate Homeland Security Appropriations Bill released by Chairman [Patrick] Leahy [D-VT] in October includes a $332 million increase over FY21 enacted for CISA.”
House appropriators produced a bill that includes “$2.42 billion for CISA, an increase of $397.4 million above the fiscal year 2021 enacted level and $288.7 million above the [Biden administration] request,” according to a summary. That proposed funding hike is separate from the money in the BBB, which Democrats structured to move under reconciliation rules requiring a simple majority to pass the Senate.
Norma Krayem, chair of the cyber practice at Van Scoyoc Associates, remarked, “As we know, the continued stalemate in the Senate on Build Back Better remains a clear challenge and has funds in it for critically needed programs. However, when we think about the funds needed for cybersecurity, at this point, it may be easier to focus on finishing the FY22 appropriations process so that funding for DHS and CISA that was included in those bills can move quickly.”
“The big issue now is do we have a regular appropriations bill, versus a year-long continuing resolution,” said Mark Montgomery of the Foundation for Defense of Democracies and a leader of the Cyberspace Solarium Commission. “If it is a regular appropriations bill, I think both the Senate and House appropriators have already indicated that they plan to provide larger CISA budgets than the President's Budget. This is where the key to CISA's successful long term resourcing lies.”
Cyber policy pros say there’s also a chance to secure the added BBB funding for CISA, perhaps through regular fiscal 2022 or fiscal 2023 appropriations.
“Cybersecurity has consistently been a bipartisan issue. The cyber monies allocated in the BBB Act are sorely needed, specifically the state funding aspects,” according to Kent Landfield of Trellix, the new name for McAfee Enterprise and FireEye under a merger. “While the BBB, in its current form, will not pass, valuable pieces of it will succeed in future legislation. I expect they will find another vehicle. What that is and the timing is totally unclear at this point. The need has not gone away.”
Michael Hettinger of Hettinger Strategy Group said, “I think there’s a recognition that additional cyber money is needed, especially in light of recent concerns over Log4j and nation-state cyber intrusions in Ukraine and elsewhere. How or if that is reflected in the FY22 appropriations bills and at what level remains an open question that likely won’t be resolved until there’s some bipartisan agreement on the top-line for the FY22 bills.”
He said, “I am also watching what cyber-related opportunities might present themselves if there is a new targeted COVID supplemental.” – Charlie Mitchell (cmitchell@iwpnews.com)