Homeland Security Secretary Janet Napolitano recently testified at a Senate appropriations subcommittee hearing on the president's FY 2013budget request, where she emphasized that funds were needed to strengthen the nation's cybersecurity efforts.
"Today's threats are not limited to any one individual, group or ideology and are not defined nor contained by international borders," Napolitano said. "Terrorist tactics can be as simple as a homemade bomb and as sophisticated as a biological threat or a coordinated cyber attack."
Napolitano said the funds would support efforts to secure civilian government computer systems and the nation's critical infrastructure and information systems. Indeed, the FY 2013 budget makes a significant investment of $345 million to expedite the deployment of EINSTEIN 3, a system that identifies and characterizes malicious network traffic to enhance cybersecurity analysis, situational awareness and security response. She testified that the system prevents and/or detects intrusions on government computer systems and increases federal network security of large and small agencies.
In addition, the DHS asked for nearly $13 million to develop a robust cybersecurity workforce to protect against and respond to national cybersecurity threats and hazards. Napolitano said the budget request also addresses money that is needed — $64 million — to investigate cyber crimes, targeting large-scale producers and distributors of child pornography and preventing attacks against U.S. critical infrastructure. (See sidebar.)
Federal sources say the budget request may not pass simply because there is a lack of consensus towards the government's approach to cybersecurity. The issue continues to be debated on the Senate floor with Republican senators recently rejecting S.2105, the Cybersecurity Act of 2012, that would give DHS regulatory cybersecurity authority over private networks tied to U.S. security. Instead, they offered an alternative: the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology Act (SECURE IT), which allows companies to voluntarily comply with the government.
$345 million: The National Cybersecurity Protection System (NCPS) manages EINSTEIN. NCPS is an integrated intrusion detection, analytics, information-sharing and intrusion-prevention system that supports DHS responsibilities within the Comprehensive National Cybersecurity Initiative mission. In FY 2013, the program will continue to focus on intrusion prevention while taking steps to improve its situational awareness of evolving cyber threats to federal networks and systems through a managed security services (MSS) solution. Under the MSS solution, each Internet service provider will use its own intrusion-prevention services that conform to DHS-approved security, assurance and communication requirements.
$236 million: The Federal Network Security Branch manages activities designed to enable federal agencies to secure their IT networks. This funding supports Federal Executive Branch civilian departments and agencies in implementing capabilities to improve their cybersecurity posture in accordance with the Federal Information Security Management Act.
$93 million: The US-Computer Emergency Readiness Team (US-CERT Operations) is the operational arm of the National Cyber Security Division. US-CERT leads and coordinates efforts to improve the nation's cybersecurity posture, promote cyber-information sharing and manage cyber risks to the nation. US-CERT provides customer support and incident response, including 24-hour support in the National Cybersecurity and Communications Integration Center.
$64.5 million: The budget continues to support cyber investigations conducted through the Secret Service and Immigration and Customs Enforcement. In FY 2013, ICE will continue to investigate and provide computer forensics support for investigations into domestic and international criminal activities — including benefits fraud, arms and strategic technology, money laundering, counterfeit pharmaceuticals, child pornography and human trafficking — occurring via the Internet.
$12.9 million: The budget will provide high-quality, cost-effective virtual education and training to develop and grow a robust workforce that is able to protect against and respond to national cybersecurity threats and hazards.