Congressman Hal Rogers: concerned about cybersecurity funding

By Dorothy Ramienski
Internet Editor
Federal News Radio

The Comprehensive National Cybersecurity Initiative (CNCI) is being implemented, albeit slowly, according to one Republican congressman who is concerned about the level of funding it will receive next fiscal year.

Rep. Hal Rogers (R-Ky.) is the ranking member of the Homeland Security subcommittee of the House Appropriations Committee.

On Thursday, the committee heard from two Department of Homeland Security officials: Philip Reitinger, Deputy Undersecretary for National Protection and Programs Directorate; and RADM Michael Brown, Deputy Assistant Secretary for Cyber Security and Communications.


The two testified about cybersecurity funding during FY 2011.

According to the opening statement of subcommittee Chair David Price (D‐NC), “The 2011 budget proposes $379 million for the National Cyber Security Division, an $18 million (or 4.6 percent) cut to the 2010 enacted level. Most of this reduction is attributable to one‐time 2010 costs not repeated in 2011 and projected savings that will result from hiring federal employees to work on DHS cyber security programs in place of government contractors.”

Rep. Rogers said he is concerned about these potential cuts

“Given the seriousness and complexities of this threat that we’re under, it is a bit disconcerting that the budget request actually calls for a decrease in the dollars put into the program — nearly five percent cut from current spending — an $18.4 million reduction. I think that’s likely to slow the rate of deployment of both Einstein 2 and 3, and slow consolidation efforts under the TIC program. It also could reduce the outreach to the private sector, which, by the way, is 85 percent of the critical infrastructure, not to mention outreach to safeguard data held by state and local governments.”

Congressman Rogers explained that there has been some progress when it comes to implementing the CNCI.

One of the goals is to keep agency networks and network gateways safe from attacks, which is why the Initiative builds on mandates from the Bush administration, including Einstein.

Einstein, deployed in 2004 at some federal agencies, was designed to resolve common IT security weaknesses throughout the federal government as identified by the Office of Management and Budget.

Second and third versions — Einstein 2 and Einstein 3 — have evolved since then.

Rep. Rogers said some goals of these programs are being met on time, but others are lagging.

“The Department is on track to deploy Einstein 2, but they are a year behind on Einstein 3. So, we’re making some progress, but we’ve still got a long way to go. . . . We’re less than half finished now with the TIC structure. About 40 percent of the agencies are into the TIC program already, so we’ve got a long way to go even on Einstein 2, but they assured us that they would finish that up in this fiscal year. Then on [Einstein] 3, we’ve got a long ways to go even with the concept of the program. It’s not a sure thing at this point in time technically, not to mention practically.”

Part of the problem, he said, is that there have been a number of technical glitches, as well as a lack of overall leadership.

During the hearing, witnesses testified about US-CERT, strategic initatives, and outreach and programs — PPAs (programs, projects and activities) that need funding from Congress.

The congressman said the witnesses did note that a reduction in funds would not slow down deployment or implementation of any of the projects discussed, but, Congressman Rogers still has doubts.

“I think the progress on [CNCI] is dragging. I think they have the concept in mind and are working toward fulfilling it, but it’s going very slowly and we are way behind. Einstein 3, they tell me, was at least one year behind their schedule. That’s not satisfactory — and we’re less than half finished with the Einstein 2’s TIC program. So, I guess I’m a little discouraged that we’re not moving fast enough.”

A recent report from the Government Accountability Office about TIC said that more direction needs to come from both OMB and DHS if agencies are going to be able to meet their requirements.

Rep. Rogers said efforts have been made since the report was released last month, but more should be done, in his opinion.

“The review was dated through September 2009, and progress has been made since that time, but no federal component is 100 percent compliant with the internet connections consolidation effort as of the last day of March. . . . We’ve got a ways to go even on Einstein 2.”