[ISN] White House officials ask for $154 million in new cybersecurity spending

From: InfoSec News (alerts@private)
Date: Tue Nov 06 2007 - 22:22:20 PST


http://www.fcw.com/online/news/150721-1.html

By Jason Miller
FCW.com
November 6, 2007

White House officials today asked Congress [1] for more than $436 
million in new cybersecurity and counterterrorism programs in the 
Homeland Security and Justice departments fiscal 2008 spending bills.

These amendments are necessary to enhance Federal civilian agency 
cybersecurity and strengthen defenses to combat terrorism, President 
George Bush wrote in a letter to House speaker Nancy Pelosi (D-Calif.).

Bush said $386 million of the new spending would be offset by reductions 
in previously requested funding and cancellation of unobligated 
balances, and $50 million would come from funds appropriated in U.S. 
Troop Readiness, Veterans Care, Hurricane Katrina Recovery and Iraq 
Accountability Appropriations Act of 2007.

The House and Senate have passed separate versions of the bills, which 
are awaiting the conference committee so lawmakers can work out their 
differences. The Senate has appointed conferees for both bills, but the 
House has not.

"This is an area that has been severly lacking the administrations 
attention," said Joy Fox, spokeswoman for Rep. Jim Langevin (D-R.I.), 
chairman of the Homeland Security Subcommitte on Emerging Threats, 
Cybersecurity, and Science and Technology. "Chairman Langevin is 
encouraged to see any action from the administration that addresses 
concerns he has repeatedly raised through hearings and through 
announcement of the cybersecurity commission."

It has been rumored that White House officials may announce a new 
cybersecurity initiative, but it is unclear whether this is it or just a 
piece of it.

In the request, the administration asked for $115 million to enhance DHS 
ability to deploy the Einstein program through the U.S. Computer 
Emergency Readiness Team. Einstein monitors about 13 participating 
agencies network gateways for traffic patterns that indicate the 
presence of computer worms or other unwanted traffic. By collecting 
traffic information summaries at agency gateways, Einstein gives US-CERT 
analysts and participating agencies a big-picture view of bad activity 
on federal networks.

"They know monitoring works and they want more monitoring," said Alan 
Paller, director of research at the Sans Institute. "The money will be 
used to get out more monitoring more quickly and do more analysis of the 
data. That is useful and necessary because what they discovered is the 
federal perimeter is broken. One of few ways to find bad guys in [the] 
perimeter is a more intent analysis of traffic coming out of the 
computers."

The extra money would help DHS expand the program more quickly. In an 
interview earlier this year, Mike Witt, US-CERTs deputy director, said 
the office plans to have most Cabinet-level agencies in the program by 
the end of 2008 and then expand participation to more of the midsize and 
small federal agencies later.

DHS requested about $13.9 million for Einstein in 2008, according to 
agency budget documents. There is no cost for agencies to sign up for 
Einstein, but DHS must have the money for people and equipment to set up 
the system on agency routers.

Justice, meanwhile, would receive $39 million to help the FBI 
investigate incursions into federal networks, increase intelligence 
analysis and provide technical tools for investigations and analysis.

"These are two things that are most successful and needed money,"  said 
Paller. "There will be a huge amount of money spent on cyber projects 
and I believe this is the budget for public facing part. The rest will 
be in the black budget."

Bush also requested an additional $282 million to combat terrorism at 
both agencies.

The DHS request would increase the National Protection and Programs 
Directorates budget to more than $653.2 million. The FBIs increase would 
come in salaries and expenses where more than $6.4 billion would be 
available for cybersecurity and counterterrorism work.

"More money for the FBI is essential," Paller said. "The number of cases 
they have to turn down is breathtaking. They dont have the bodies to 
follow up on all cases and as long as bad guys assume they will not get 
caught, they will accelerate their attacks."

To find the extra money, Bush recommends using unobligated funds from a 
number of different DHS offices, including the chief information officer 
($873,000), the Customs an Border Protection automation modernization 
project ($6.1 million) and the Science and Technology Directorate 
($216,000).

Fox said Langevin will follow this request would consider sending a 
letter of support to the appropriations committee.
 
"Hopefully this is the start of a real commitment from the 
administration on cybersecurity across the board," Fox said.

[1] http://www.whitehouse.gov/omb/budget/amendments/amendment_11_6_07.pdf


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com



This archive was generated by hypermail 2.1.3 : Tue Nov 06 2007 - 22:29:00 PST