Jeh Johnson Makes ‘Hard Choices’ in Cyber Budget
In a series of budget hearings, Johnson defended the department’s $40.6 billion budget request for the upcoming fiscal year.
Cybersecurity education is among initiatives to be pared back in the Department of Homeland Security’s new budget request, and at least one senator wasn’t happy about it.
During a Feb. 24 Senate Appropriations Subcommittee on the DHS budget hearing, Sen. Bill Cassidy, R-La., asked Secretary Jeh Johnson why he didn’t value cyber education.
“Your budget zeroes out the cybersecurity education program, and every year our committee puts it back in," he said. "And it seems like we have the better argument because in your testimony and elsewhere, you mention the need to have better cybersecurity, which therefore of course suggests that we need a better-trained workforce."
Cassidy asked why the department doesn’t “have the same prioritization for cyber education” as the subcommittee.
Johnson said he agreed cyber education is important, and that “I would certainly prefer that we had more money for cyber education," but the department has "to live within the budget caps" imposed as part of a congressional debt deal several years ago.
It’s a theme Johnson reiterated throughout back-to-back House and Senate appropriations committee hearings when questioned about technology budgeting decisions.
The president’s fiscal 2017 budget request proposes $40.6 billion for DHS, down $381.3 million from last year. It also budgets $471.1 million for the National Cybersecurity Protection System known as EINSTEIN that would “invest in new capabilities for analytics, information sharing, and intrusion prevention."
Another $274.8 million is slated for DHS’ Continuous Diagnostics and Mitigation program, which bolsters the security of dot-gov sites, according to a DHS budget fact sheet.
During a House appropriations subcommittee hearing, Chairman Rep. John Carter, R-Texas, said he was “pretty disappointed in the budget’s mission." He added, "It’s not the amount of the request that worries me; it’s the intellectually dishonest and politically insensitive gimmicks included in the request.”
For instance, Carter explained, while he was “somewhat comfortable” with a $350 million proposed budget increase for cybersecurity enhancement, he was not “if the majority of the funds are for increases to personnel.”
But budget constraints could also impact DHS’ ability to attract top cyber talent, Sen. John Hoeven, R-N.D., noted Wednesday afternoon.
“I’m competing with other agencies and I’m competing with the private sector,” Johnson said, adding later, “it is tough to hire good cyber talent, without a doubt. But we have additional hiring authorities and we are hiring at a pretty rapid rate, but there are vacancies that we can fill ... it’s an effort where we continually push our people to work at this.”
During both hearings, Johnson affirmed commitments to EINSTEIN. The system currently uses classified information to block “known bad actors, known bad signatures,” but he said it’s also a platform that can help block suspected bad actors in the future, he explained.
When asked for his perspective on the ongoing battle between the FBI and Apple, in which the latter has been asked to unlock the iPhone of one of the attackers in the San Bernardino mass shooting, Johnson said he thought that “in response to the demands of the marketplace, a lot of tech companies have driven deeper and deeper toward encryption. That has in fact hampered federal state and local law enforcement in their ability to track and detect potential terrorist plots.”
In the Apple and FBI standoff, he said, “I fully support the government’s position.”
NEXT STORY: Can the FDA secure medical devices?