Congressional cybersecurity leaders say President Biden’s proposal is a good start, but they want more than the $2.1 billion earmarked for protecting Americans from hacking.
“It is not clear that the proposal provides enough resources for the Department as a whole, including … enough of an increase for cybersecurity to address the current risk environment,” Rep. Lucille Roybal-Allard (D-Calif.), chairwoman of the House Appropriations homeland security subcommittee, said in a statement. “I look forward to seeing the details of the full budget request in the coming weeks.”
Other lawmakers agreed that strain on CISA caused by mounting threats including foreign adversaries and financially motivated cyber criminals calls for more funding.
“In the face of growing cyber threats, President Biden has demonstrated a robust commitment to improving our nation’s cyber defenses, and I applaud his recognition of this urgent need,” said Rep. Jim Langevin (D-R.I.) “While I believe the $110 million increase for CISA is a good start, I think we can be even bolder in our vision for the nation’s premier cybersecurity agency.”
Rep. John Katko (N.Y.), the leading Republican on the House Homeland Security committee, said the plan had “modest improvements” in CISA funding and was a “good first step.”
“CISA needs sustained, robust funding to carry out its mission and nimbly respond to evolving threats. Without question, it should be a $5 billion agency in the coming years,” Katko said.
Biden’s budget request also includes $20 million for a “Cyber Response and Recovery Fund” similar to the one used by FEMA for natural disasters.
The funding builds on $650 million received by CISA in the latest coronavirus relief package.
Officials have called the funding a “down payment” on efforts to improve federal cybersecurity defenses in the wake of the months-long Russian hacking campaign that exploited SolarWinds software to infiltrate federal agencies.
DHS Secretary Alejandro Mayorkas said in a statement the funding would allow CISA to “enhance its cybersecurity tools, hire highly qualified experts, and obtain support services to protect and defend Federal information technology systems.”
The budget proposal also includes additional funding for federal cybersecurity improvements and research.
The requests asks for more than a billion dollars for government IT modernization and enhancements and just over $900 million for the National Institute of Standards and Technology to go toward research on cybersecurity and other technology priorities. The request establishes a new directorate for technology development in emerging areas crucial for U.S. technological leadership, including advanced communications technologies and cybersecurity.
A senior White House official told reporters that Friday’s request was just “one piece of the puzzle” when it came to the full budget proposal slated for later this spring. The proposal follows a White House ask for more than $2 trillion in infrastructure funding. Cybersecurity leaders in Congress criticized the infrastructure plan for leaving out funding specifically earmarked for cybersecurity.
Legislators are eying other legislation aimed at boosting cybersecurity.
Rep. Yvette D. Clarke (D-N.Y.), chair of the House Homeland Security cybersecurity subcommittee, announced last week she would soon reintroduce a bill with $500 million in funding for state and local cybersecurity. She and other committee expressed a commitment to getting CISA the funding it needs.
The keys
Biden plans to announce new White House cybersecurity czar today.
The administration will nominate former NSA deputy director John C. “Chris” Inglis, Ellen Nakashima reports. Lawmakers have been pressing the administration to fill the crucial cybersecurity position.
Inglis served for 28 years at the NSA, nearly eight of which he was deputy director. At the NSA, Inglis worked closely with Anne Neuberger, who now serves as deputy national security adviser for cyber at the National Security Council. The two are expected to work closely to create a unified government approach to the nation’s cybersecurity challenges.
Inglis is expected to face a smooth confirmation process though it could take up to two months. The White House declined to comment.
The administration also plans to nominate Jen Easterly to head the Cybersecurity and Infrastructure Security Agency, Ellen reports.
An online testing company agreed to a security audit of its software after a Senate inquiry.
ProctorU, whose software is used by online test-takers including those who take law school entrance exams, agreed to the audit after Sen. Ron Wyden (D-Ore.) raised concerns, Cyberscoop’s Sean Lyngaas reports. The Law School Admission Council (LSAC) confirmed in a letter to Wyden’s office that the company hired an “independent security and privacy consultant to conduct a thorough audit of their remote proctoring services.”
“While the pandemic has forced much of our education system online, that’s no excuse to sacrifice students’ right to privacy and security,” Wyden said. ProctorU did not respond to a request for comment.
Trade groups warned the Biden administration not to overstep on supply-chain security.
Nine groups asked DHS Secretary Mayorkas and Commerce Secretary Gina Raimondo to narrow a Trump administration executive order giving the government the ability to block products or services linked to a “foreign adversary.”
Moreover, they wrote, “the federal government should not attempt to create its own technical demands, nor should it try to supplant private sector leadership in standards bodies.”
The letter comes nearly halfway into a 100-day review of potential vulnerabilities in critical supply chains. It also comes in the wake of the SolarWinds cyberattack, during which hackers exploited the software supply chain to launch attacks.
Clubhouse denied that a trove of user data posted online came from a breach.
Asked about whether the app suffered a data breach, Clubhouse CEO Paul Davison said at a town hall that “we were not hacked. The data referred to was all public profile information from our app. So the answer to that is a definitive ‘no,’ ” the Verge’s Kim Lyons reports. Davison’s comments came after data — including names and social media handles — from 1.3 million user profiles showed up on a hacker forum.
The Clubhouse leak comes on the heels of a leak of 533 million Facebook user records this month. The social media network, which is building an app to rival Clubhouse, has said that it does not plan to notify users about the leaked data, which stemmed from a 2019 breach.
Chat room
Politico Europe tech reporter Vincent Manancourt:
Adobe designer Parker Gibbons:
MIT Media Lab researcher Dazza Greenwood:
Researcher Jane Manchun Wong:
Mentions
- Rob Joyce has begun working as the National Security Agency’s cybersecurity director.
Daybook
- Gen. James C. McConville, the chief of staff of the U.S. Army, discusses Army modernization efforts at a Washington Post Live event today at noon.
- Former president Donald Trump’s acting homeland security secretary, Chad Wolf, discusses the SolarWinds cyberattack at a Heritage Foundation event today at 1 p.m.
- Cybersecurity officials and researchers speak at a three-day symposium hosted by the National Security Agency that begins on Tuesday at 9 a.m.
- Former Cybersecurity and Infrastructure Security Agency director Chris Krebs speaks at an election security event hosted by Georgetown University on Tuesday at 5:30 p.m.
- Acting Assistant Secretary of Energy Patricia Hoffman discusses maritime energy cybersecurity at an Atlantic Council event on Wednesday at 10 a.m.
- U.S. intelligence chiefs testify before the Senate Intelligence Committee on Wednesday at 10 a.m.
- A Senate Armed Services Committee panel holds a cybersecurity hearing on Wednesday at 2:30 p.m.
- U.S. intelligence chiefs testify before the House Intelligence Committee on Thursday at 9 a.m.
- Former Director of National Intelligence John Ratcliffe speaks at a Heritage Foundation event on April 19 at 11 a.m.
