Facing increasing cyber threats aimed at exploiting known vulnerabilities, lawmakers secured funding in their new $1.3 trillion spending bill for programs needed to improve the cyber resiliency of critical infrastructure and address vulnerabilities in outdated election and federal IT systems.
President Donald Trump signed the fiscal year 2018 omnibus spending package Friday, which includes $722.9 million for Department of Homeland Security cyber efforts and $100 million to kickstart a new federal IT modernization fund.
“In light of recent cyber events, DHS is expected to accelerate the completion of this strategy and to continue to engage with relevant public and private stakeholders to help prevent and mitigate future cyber intrusions,” officials wrote in the DHS-related report on the spending bill, citing a provision in the FY '18 National Defense Authorization Act to implement a department-wide cyber security strategy.
DHS received $244 million for cyber readiness programs, $432.7 million for federal cyber security efforts and $46.2 million to improve cyber infrastructure resilience.
The new spending bill numbers reflect a $40 million boost in cyber readiness and $40 million less for federal cyber security than was included in a previous budget estimate.
Lawmakers included provisions to ensure DHS’ National Cybersecurity and Communications Integration Center (NCCIC) has efficient funding to improve its cyber response teams' ability to address software vulnerabilities in critical infrastructure control systems.
NCCIC received $173.9 million for its Computer Emergency Response Teams, with $17 million specifically for enhancing malware analysis and incident response capabilities.
Included in the “federal cyber security” appropriations is $102.7 million for DHS’ Continuous Diagnostics and Mitigation program to improve network threat detection and $287.2 for the anti-cyber intrusion National Cybersecurity Protection System.
DHS’ National Protection and Programs Directorate (NPPD) is required under the bill to conduct an assessment of all election infrastructure vulnerabilities within the next 60 days and has 270 days to report on the results of established cyber information sharing programs.
NPPD has previously faced scrutiny over the year-long process it took for officials to warn election system leaders in 21 states that their voting infrastructure faced attempted hacking attacks in the 2016 elections.
To assist state and local election officials with their effort to improve the cyber resiliency of their voting systems ahead of the 2018 midterms, the new spending bill allocates $380 million to the Election Assistance Commission. The funding is meant to help states enhance their election technology and make security improvements.
“I applaud Senate leadership for including election security funding in this Omnibus appropriations bill. Although I object to this year’s broken budget process, the funding in this omnibus appropriations bill will help states modernize their voting systems and ensure that auditable ballots can provide safeguards against manipulation and malicious cyber attacks,” said Sen. James Lankford (R-Okla.) in a statement.
The National Association of Secretaries of State (NASS) applauded the inclusion of election security funding in the bill as a first step to acquiring the necessary security capabilities to address vulnerabilities in voting infrastructure.
“Safeguarding the integrity of our elections process will require the ongoing commitment and vigilance of the federal, state and local governments and our public and private partner institutions. I want to thank Congress on behalf of all Secretaries of State and all Americans for enabling us to acquire us additional tools to ensure election integrity. Nothing could be more important,” said Jim Condos, NASS President-elect Jim Condos and Vermont Secretary of State in a statement.
The new spending bill also allocates $100 million to start the Technology Modernization Fund, which federal agencies can use towards IT upgrade projects.
The fund, authorized under the Modernizing Government Technology Act, aims to help agencies move away from legacy IT systems carrying known cyber security vulnerabilities.
“After the last two years of falling victim to multiple cyberattacks, it’s time for the United States Government to secure its digital information and infrastructure, and move government into the 21st century. Securing funding for the MGT Act in the FY18 Omnibus is reflective of the overwhelming bipartisan support the bill received in both Chambers of Congress throughout the multi-year initiative to make this a reality,” said Rep. Will Hurd (R-Texas) in a statement.