President Donald Trump’s 2018 budget proposal boosts cyber defense funding at the Homeland Security Department and commits new money to help law enforcement fight cyber criminals and ferret out the communications of terrorists and criminals using cop-proof encryption.
The budget also touts that, for the first time, it aligns federal IT spending with a cybersecurity framework developed by the National institute of Standards and Technology. That was the main requirement of an executive order Trump released earlier this month, which mandated federal agencies adhere to the framework and stated agency leaders would be held personally responsible for lapses in cyber protections.
The budget cuts some cyber research and development funding, however, and entirely zeros out funding for a digital forensics training center for state and local police run by the U.S. Secret Service.
Senate Judiciary Committee leaders introduced legislation to formally authorize the Secret Service’s National Computer Forensics Institute in April, but some House Republicans have sought to roll back the Secret Service’s cyber responsibilities following a series of scandals.
Trump’s budget commits $971 million to Homeland Security Department cyber operations, including a $49.2 million boost for DHS’ cyber operations wing, the National Cybersecurity and Communications Integration Center. That money is aimed at providing additional cybersecurity assistance to government agencies and securing high-value federal systems, according to budget documents.
The funding includes $279 million for DHS’ Continuous Diagnostics and Mitigation program, roughly a $4 million boost from fiscal year 2017 levels, and $397.2 million for the National Cybersecurity Protection System known as Einstein.
That’s a significant drop from the $471.1 million the Obama administration provided for Einstein in 2017, much of which was committed to building out the programs’ third-generation system, which now protects about 93 percent of civilian federal agencies.
The budget includes a $41.5 million hike in cyber spending at the Justice Department, including funding for 20 additional cyber-specialized FBI agents. Other portions of the funding hike will go to improving cyber programs and high-speed networks, according to a fact sheet.
The Justice Department is also requesting an additional $21.6 million to combat the effects of warrant-proof encryption on FBI investigations, a challenge the bureau calls “going dark.”
Justice is also requesting an additional $19.7 million focused on combating insider threats and efforts by foreign intelligence services to steal the department’s data.
The budget also slashes some cyber research and development funds.
The budget cuts R&D funding at DHS’ Science and Technology directorate, which has a significant cybersecurity mission, by 27 percent from $595 million to $437 million. There’s also a 15 percent cut in research and development funding to NIST, the government’s main cyber standards agency, from $762 million to $651 million.
The budget hikes R&D funding at DHS’ main cyber and physical security wing, the National Protection and Programs Directorate, from $5 million to $11 million, an 83 percent increase.
The budget cuts funding to a cybersecurity research and information sharing arm of the Energy Department, the Cybersecurity for Energy Delivery Systems office, from $62 million to $42 million, a 33 percent cut.
The budget commits about $370 million to strengthening U.S. energy infrastructure against cyberattacks, through the Federal Energy Regulatory Commission and other agencies, according to a fact sheet.
Also in the president’s budget:
The Treasury Department is requesting $27 million to be placed in a Cybersecurity Enhancement Account, established last year, as a more centralized program to protect the department’s high-value financial information. That’s a significant dip from about $110 million requested for the account in fiscal 2017.
The State Department budget highlights a $200 million investment to harden its networks against cyberattackers. The State Department unclassified email system was breached in 2014, allegedly by hackers linked to the Russian government.