This week congressional appropriators released two must-pass spending bills to avert the government shutting down Dec. 20. The two pieces of legislation, each known as a “minibus,” contain funding for programs across the federal departments, including several cybersecurity initiatives.
Here’s a look at some of those highlights:
Study on cyber terrorism
Language in the must-pass spending bill directs the Comptroller of the United States to conduct a study and provide a report on cyber terrorism. The report must analyze overall vulnerabilities in U.S. networks, the potential cost of cyberattacks to U.S. public and private infrastructure, assess whether insurance for cyber terrorism provides “adequate coverage” and if cyber risks can be “adequately” priced by the free market.
Congress also wants recommendations on how it can change a terrorism insurance law to better accommodate for cyber terror.
Department of Agriculture
The Department of Agriculture’s Office of the Chief Information Officer received an overall boost of $18 million to its cybersecurity pot, upping the department’s cyber budget to more than the entire fiscal 2019 budget of the USDA’s CIO office. Under the legislation, the Agriculture Department received $56 million designated specifically for cybersecurity, while the CIO’s overall budget for FY19 totals $66.5 million. Last year, the department CIO’s budget was just under $56 million, with $38 million obligated for cybersecurity.
According to budget documents, the department also received an $11 million boost for the department’s implementation of the Department of Homeland Security’s Continuous Diagnostics and Mitigation program, which provides agency with more information on their overall cybersecurity posture.
Agriculture CIO Gary Washington told Federal Times in October that his agency was planning to consolidate its networks in 2020. Washington continuously highlights the department’s cybersecurity culture and has said that that success is driven by top leadership, starting with CIO Sonny Perdue.
The Department of Energy
The Department of Energy received $20 million more than it requested for “cybersecurity for energy delivery systems (CEDS),” like the power grid. The final budget agreement allocated $95 million for CEDS, up from $89.5 million last year.
In total, the bill gives Energy $156 million for cybersecurity, energy security and emergency response, up from $120 million last year.
Department of Transportation
The Transportation Department received $15 million for its cybersecurity enhancements. According to the legislation, the bill can be used for upgrades to its network and IT infrastructure, improving identity management and perimeter controls, bettering security on its devices, along with several other cybersecurity measures.
Department of Veterans Affairs
The VA received $16.6 million for cybersecurity development projects.
Department of Homeland Security
DHS’ Cybersecurity and Infrastructure Security Agency, responsible for protecting the federal networks and critical infrastructure from cyberattacks, received a $334 million budget increase over last year in the legislation. The CDM program, which it runs, was given a $53.5 million boost up to $213.5 million.
Department of the Treasury
The Department of the Treasury’s Cybersecurity Enhancement Account, which protects the U.S. financial infrastructure from cyberthreats, received $18 million, a decrease of about $7 million over last year. In its FY20 budget request, it asked for the decrease.
Taking on the Chinese government
The legislation also tackles 5G and cybersecurity issues relating to the relationship between China and countries receiving financial support from the United States government. The Treasury Department language in the minibus spending bill says that funds in the act shall be used to advance the adoption of “secure, next-generation communications networks and services” in countries receiving funds under the bill, while also directing Treasury to use funds to counter the “establishment of insecure communications” infrastructure from Chinese-backed companies.
The legislation also bans dollars allocated under the spending bill from being spent on products made by Chinese tech giants Huawei and ZTE amid concerns about the pair giving the Chinese government access to the network or user data.
These measures comes at a time when several U.S. allies are implementing Huawei products into their networks, prompting outcry from top U.S. officials.