The Department of Homeland Security’s budget request includes proposed funding changes to two federal cybersecurity programs run by the Cybersecurity and Infrastructure Security Agency, while also previewing future investments CISA wants in order to improve its effectiveness.
CISA would receive $1.75 billion under President Donald Trump’s proposed fiscal 2021 budget, released Feb. 10, a significantly reduction from the more than $2 billion in funding that the agency received from Congress in December.
Under the budget proposal, $1.1 billion would be allocated for DHS’ cybersecurity work, similar to last year’s budget request. Under the proposal, OMB wrote in budget documents, DHS could increase its number of network risk assessments from 1,800 to more than 6,500.
The FY21 proposal would boost funding for the Continuous Diagnostics and Mitigation program, which allows federal agencies to monitor their networks for cyberthreats, taking FY20′s $232 million proposal up to $281.7 million.
Under the proposed FY21 budget, CDM capabilities dashboard, asset management, identity and access management and network security management all receive funding increases over the FY20 budget. Network security management, the third phase of CDM, receives a $25.5 million boost.
The most recent budget request reduces data management from $42.6 million in FY20 to $29 million for FY21. With the requested funding, the White House wants the data protection pilots to expand and begin full deployment in FY21.
The DHS budget proposal cuts the total amount available to CISA’s National Cybersecurity Protection System that provides several capabilities, such as intrusion detection, information sharing, analytics and prevention. The program was cut to $370 million in the FY21 request, down from FY20′s $405 million proposal.
The proposed cuts come from a reduction in the NCPS proposed procurement budget, which is reduced from $105.8 million to $91.2 million from FY20 to FY21. It also stems from a $22 million reduction in the NCPS proposed operational budget.
The DHS budget request makes two multimillion-dollar cuts to the intrusion prevention and information sharing responsibilities of the NCPS since the FY20 budget. Intrusion prevention saw a decrease to $11.4 million, down about $8.5 million from the FY20 request. The president’s budget also decreased its information sharing funding request by more than $7.5 million, down to $13.7 million for FY21.
What CISA wants
CISA also asked Congress for a $20.8 million FY21 operational budget boost for its vulnerability management service, which performs 174 vulnerability assessments on federal high-value assets per year, an amount that prevents the program from providing services to other CISA commitments like oil and gas, supply chain and 5G, according to budget documents. The request asks for funding for 29 new jobs.
“CISA’s Vulnerability Management component is not currently resourced to provide the technical assessment and analytic support necessary to sufficiently support mission requirements,” the budget document said.
The proposed budget increase would go on top of the $58.5 million increase Congress appropriated for the program in FY20. CISA wrote that fulfilling the request would increase the assessment capacity to 380 per year, which it deemed an “appropriate level of activity.”
Back in December, Congress allocated $25 million to CISA to establish a cybersecurity shared services office for federal agencies. The DHS budget request said that only $21 million will be needed to carry out the responsibilities of the shared services office. The request also shows that shared cybersecurity services marketplace will require 26 new positions in FY21.
Fiscal 2021 proposed funding would establish a “storefront and marketplace” to provide shared services such as security operations, secure web connections and a vulnerability disclosure program, the last of which CISA and OMB have mandated federal agencies establish.
“CISA will develop service standards, evaluate individual offerings, and oversee a marketplace of qualified cybersecurity services to federal customers to ensure performance effectiveness, and most importantly, agency customer satisfaction,” the DHS budget request reads.
CISA also requests $4 million for an new enterprise cloud platform, called CISA Cloud Platform, to allow the agency’s IT system owners to operate in a centralized, common cloud environment to increase efficiency and strengthening the IT governance structure.
“It allows mission programs to field new capabilities much sooner to meet emerging operational needs,” the budget request reads. “And it allows the limited governance staff to focus their resources on higher risk efforts.”
Overall funding for cybersecurity programs across government totals $18.8 billion in funding.