The House Appropriations Committee’s markup of the Homeland Security FY’15 spending bill made only small cuts to requested cyber funds, but the appropriators remained critical of a major threat detection and information sharing program.
Now in its third iteration, the National Cybersecurity Protection System (NCPS)–more commonly referred to as EINSTEIN 3–has fallen behind its acquisition schedule and left questions of efficacy, the committee wrote in a report attached to the bill. EINSTEIN 3 is a Department of Homeland Security-hosted program that monitors intrusions on the .gov network using signature-based malware detection and shares that information with other agencies. The latest version also seeks to prevent intrusions.
While DHS maintains and implements the program, appropriators warned that the department needs Internet Service Providers to deliver the capabilities to federal agencies. Only one provider has been able to do so, “putting the program in jeopardy,” the report said.
“For this program to be successfully implemented, it is imperative that DHS move hastily to establish effective working relationships with each of the Tier 1 ISPs,” the report said.
DHS Deputy Undersecretary for Cybersecurity Phyllis Schneck has defended EINSTEIN in congressional hearings this year. In March, she said she felt “comfortable” with the progress of deploying the program’s third generation, adding that it protected a third of the seats in the civilian government.
“We’re finally at a point as well where we’re getting enough data and we’re protecting enough agencies,” she said before the Senate Homeland Security and Governmental Affairs Committee.
Schneck said she was even looking toward the program’s future and leveraging .gov data to protect the private sector as well.
The committee directed DHS to respond within 60 days of the bill’s enactment about its progress engaging service providers and research into new forms of intrusion monitoring beyond signature-based detection, including behavioral-based and zero-day discovery. A DHS spokesperson said Thursday that the department did not have an update on EINSTEIN 3’s schedule.
House appropriators also asked DHS to explain how it will integrate capabilities between EINSTEIN and the Continuous Diagnostics and Mitigation (CDM) program. CDM created a $6 billion blanket purchase agreement with 17 companies to provide intrusion detection and remediation tools to federal agencies. Unlike EINSTEIN, DHS does not host the software but facilitates the procurement of network tools from private firms.
The House markup of the DHS spending bill provides $745.5 million for cybersecurity–only $1 million less than requested in the president’s FY ’15 budget. In comparison to FY’14, requested funds for cybersecurity are several million lower. EINSTEIN requested $4.75 million less, CDM $28 million less and US-Computer Emergency Readiness Team Operations (US-CERT) $3.4 million less than FY ’14 appropriations.
The decreases are primarily due to reduced acquisition costs for cyber tools. For example, CDM requested a dramatic budget decline because the program demonstrated greater-than-expected savings. Companies on the purchase agreement offered lower prices for large orders scaled to federal agencies. The first $60 million task order generated a $26 million savings below projected prices, John Streufert, DHS director of federal network resilience, said in May.
Overall, cybersecurity fared well in the markup, while infrastructure protection and communications both received substantial decreases. All three areas are housed under DHS’ National Protection and Programs Directorate (NPPD). Appropriators trimmed $10 million from infrastructure protection, which includes both cyber and physical critical infrastructure, for a total of $262.5 million. Communications, which includes emergency response and National Cybersecurity and Communications Integration Center (NCCIC), decreased $48 million to $131 million due to sequester caps, the report said.