The Trump administration's proposal to reduce funding for the federal agency assigned to protect federal civilian networks and work with state and local governments and the private sector on minimizing cyber security risks will not stand, Democrats and Republicans on a House Homeland Security panel said on Wednesday.
"CISA's work is critical," Rep. Mike Rogers (R-Ala.), ranking member on the House Homeland Security Committee, said at a hearing to review the fiscal year 2021 budget request for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA). "That's why I was disappointed to see this year's budget request for the agency. I'm very concerned that any cuts like this will undermine CISA's ability to successfully carry out its mission, but I do take comfort in knowing from my 18 years here that the president only proposes budgets, we write budgets, and I can tell you these cuts are not going to take place."
CISA is seeking $1.1 billion in FY '21 for its cyber security mission, about $250 million below what Congress appropriated in FY '20.
Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Subcommittee on Cybersecurity, Infrastructure, & Innovation, said that "cutting CISA's budget is not a really good idea at all. In fact, the opposite is true, we need to expand your resources so you can better handle the emerging threats."
Rep. Cedric Richmond (D-La.), chairman of the subcommittee, said he doesn't understand how the proposed reduction to CISA's budget helps governments and communities defend their networks and facilities. The budget request "fails" CISA, he said.
Christopher Krebs, the director of CISA, attributed the proposed spending decline for this agency to timing, highlighting that the budget was crafted before the FY '20 funding level was established last December, more than two months after the fiscal year began. He said the FY '21 request was based on the enacted level for FY '19, which would represent an increase.
Senate appropriators that oversee DHS funding expressed concern in February about the budget proposal for CISA, warning that securing U.S. elections from cyber threats is an ongoing concern.
Wednesday's hearing coincided with the release of the bipartisan Cyberspace Solarium Commission report that produced more than 75 recommendations for improving the nation's cyber security posture, including ensuring that CISA is the nexus for coordinating and integrating federal, state, local and private-sector efforts.
Krebs said one of the most important outcomes from the report is that it isn't focused solely on the Defense Department's needs, "it is also about ensuring that CISA and the rest of the civilian cyber security space, and the private sector have the direction, guidance and resources they need to be able to implement."
Krebs provided three major "takeaways" from the report, including "squarely" establishing CISA "at the central coordination point for civilian cyber security defense." He pointed out that his agency currently operates from nine separate locations around the Washington, D.C., region, adding that the coordination role means it needs a "refresh" to "accommodate regular access" for its private sector partners and "make it an experience that they actually want to participate in. It's a kind of if you build it, they will come sort of approach."
Second, he said, relates to the economic resiliency. Krebs said that CISA has developed a framework to understand supply chain and workforce impacts from crises such as the COVID-19 pandemic.
Third is the need for CISA to grow its workforce operations throughout the U.S., he said.
Asked by Rep. Susan Rice (D-N.Y.), how CISA can invest in its efforts to secure supply chains, election security, and securing advanced wireless networks if it has less money, Krebs replied that "With more I can always do more, so again, whatever you will of course appropriate we'll be able to execute against."