Most of the Cybersecurity and Infrastructure Security Agency's (CISA)'s cyber security investment budget is channeled into two programs, but one area that has been underfunded is outreach to critical infrastructure sectors, and state and local governments, former agency chief Chris Krebs said on Wednesday.
"My biggest regret was that we were not able to plow additional resources into the ability to get out there into the field and engage more critical infrastructure, and state and local partners," Krebs told the House Homeland Security Committee in its first hearing of the year focused on cyber security.
Krebs, who was ousted by former President Trump for maintaining that the 2020 presidential election was secure, said that CISA's investment budget is about $1.2 billion, $800 million of which goes to the National Cybersecurity Protection System (NCPS) and the Continuing Diagnostics and Mitigation program, with the remainder for things like incident response and engaging with the critical infrastructure community. NCPS is better known as Einstein, which performs intrusion detection and prevention on federal civilian networks.
Krebs praised inclusion of a provision in the fiscal year 2021 National Defense Authorization Act that gives CISA authorities to provide cyber security coordinators to states. He said these authorities combined with some funding provided by Congress give the agency "more capability to get out in the field."
CISA has a "distinctive advantage" in that its primarily operates "in the unclassified space," making it easy to work remotely and in the field without need for secure facilities.
Rep. James Langevin (D-R.I.) replied that CISA needs to be "properly resourced" to be effective. "We're not quite there yet," he added.