Mission 4: Safeguarding and Securing Cyberspace
In today's Department of Homeland Security budget in brief, cybersecurity plays a significant role as the fourth of the agency's six key missions, first identified in the Quadrennial Homeland Security Review more than a year ago and elaborated on last summer in Bottom-Up Review.
According to the budget, the mission is as follows:
Mission 4: Safeguarding and Securing Cyberspace -- By statute and presidential directive, DHS has the lead for the Federal Government to secure civilian government computer systems and works with industry and state, local, tribal and territorial governments to secure critical infrastructure and information systems. DHS analyzes and reduces cyber threats and vulnerabilities; distributes threat warnings; and coordinates the response to cyber incidents to ensure that our computers, networks, and cyber systems remain safe.
In laying out its mission, DHS is very clear. It believes it is the lead for the federal government on civilian websites and it does not plan to cede that role anytime soon. In addition, DHS interestingly has moved the vocabulary away from the "attack" and "security" terminology to focus some on "safety" and "threats and vulnerabilities." It is a subtle change but discussing cybersecurity in terms of safeguarding and safety takes it further away from the defense/military model of attack and counterattack into a more gentle yet strict coordination effort.
In terms of funding, DHS continues to request significant funds on the cybersecurity front. The department is asking for more than $459 million to support the National Cybersecurity Division in its FY2012 budget.
Specfically, DHS is requesting $233.6 million to expedite the deployment of Einstein 3, as well as to upgrade the National Cyber Security Protection System. Einstein 3 is the next-generation cybersecurity effort by DHS that, according to a March 2010 Privacy Impact Assessment by the Chief Privacy Officer would allow the government to use "commercial technology and specialized government technology to conduct real-time full packet inspection and threat-based decision-making on network traffic entering or leaving these executive branch networks. The goal of EINSTEIN 3 is to identify and characterize malicious network traffic to enhance cybersecurity analysis, situational awareness and security response."
Essentially Einstein 3 identifies threats before they arrive on the network. The program has raised privacy concerns in the past but it appears that DHS may believe those concerns have been adequately addressed. It will be interesting to see how Congress and privacy advocates respond to the budget item.
In addition to Einstein 3, DHS would like to invest in strengthening the assessments on government systems and increasing the professional cybersecurity workforce. The budget requests $40.9 million ito support the Department's efforts to conduct approximately 66 network assessments across the Administration. It also requests $24.5 million to provide "high-quality, cost-effective virtual cybersecurity education and training to develop and grow a robust cybersecurity workforce that is able to protect against and respond to national cybersecurity threats and hazards."
Hopefully, as the agency obtains funding and moves to meet this effort, it will look to the success of the private sector in workforce cybersecurity training and not try to recreate the wheel.
One interesting tidbit: the budget requests "$1.3 million to enable DHS to coordinate national cyber security operations and interface with the U.S. Department of Defense's National Security Agency at Fort Meade, Maryland." This funding is intended to support the MOU between DHS and DoD to work together on cybersecurity efforts. Does this mean that the agencies plan to continue to co-locate and brand certain cyber efforts? How does this funding play into efforts to have DHS be the civilian lead on cybersecurity?
The budget also includes an increase of $18 million to support research and development projects, In the coming days, we will need to analyze whether this funding is for the Science & Technology Directorate's expanded Cybersecurity Division or if the funding is intended to be split with the National Protection and Programs Directorate.
As the budget is dissected in the coming days, we will get a better sense of how much of a priority cybersecurity is to the administration and DHS. We will also be able to determine whether that prioritization is shared with Congress, especially in light of House Republican's move to cut some cybersecurity funding in the continuing resolution.