House reconciliation bill includes nearly $800 million for CISA
The funding supports the implementation of President Joe Biden's May executive order on cybersecurity and workforce development.
The House version of the $3.5 trillion Build Back Better Act includes almost $800 million for the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security.
The funding supports the implementation of President Joe Biden's May executive order on cybersecurity, in particular the section on modernizing government cybersecurity through zero-trust architecture, cloud adoption, multifactor authentication and encryption. When the order was released, there was concern in industry that the administration was issuing unfunded mandates to agencies that could complicate the accomplishment of the goals laid out in the order.
The House Homeland Security Committee chairman Rep. Bennie Thompson (D-Miss.) noted that the funding has a 10-year lifespan.
The committee marked up its section of the budget resolution for fiscal year 2022 on Tuesday. Democrats are hoping that bill can be passed through the Senate on a simple majority vote through the reconciliation process.
The bill includes $400 million to support the implementation of the executive order, including the sections on endpoint detection and response, incident logging, cloud security and multifactor authentication.
An amendment offered by Rep. Elissa Slotkin (D-Mich.) added $60 million to CISA's cloud architecture and migration services as well as support for threat hunting in the cloud.
The bill also includes $25 million for a nationwide multifactor authentication campaign aimed at the general public, $50 million for the Multi-State Information Sharing and Analysis Center, $50 million for the operation and expansion of Crossfeed, a voluntary, self-service CISA program aimed at giving private-sector website operators a dashboard view of potential vulnerabilities. A similar program called CyberSentry, focused on critical infrastructure, is poised to get $75 million thanks to an amendment from Rep. Yvette Clarke (D-N.Y.), who chairs the panel's subcommittee on Cybersecurity, Infrastructure Protection and Innovation.
The bill also adds $100 million for cybersecurity education and training with an eye to building workforce capacity inside the federal government.
"Congress has generously funded many security priorities in recent years, but for too long funding for cyber has not kept pace with the threats," Thompson said. "The cost of waiting any longer to invest in cybersecurity is simply too high."
Ranking Member Rep. John Katko (R-N.Y.) complained in his opening statement that the views of the minority were not consulted in the construction of the massive $3.5 trillion bill and that the drafting of the committee's relatively small portion of the bill did not take into account the ransomware threat. He also noted that the bill's focus on funding CISA ignores a swath of other potential threats to the U.S.