Congress agreed to eliminate $20 million for network security programs in the major bill to keep the government operating through March 18, as the Republican-controlled House and Democratic-led Senate began negotiations on further cuts for the rest of the fiscal year ending in September.
The short-term continuing resolution signed into law on Wednesday will trim the Homeland Security Department account that safeguards critical networks and facilities far less than the $60 million cut House appropriators had proposed last month. The stopgap bill deleted earmarks -- monies requested by individual lawmakers -- for the DHS infrastructure protection and information security program. The dropped funding had not been allocated for specific projects yet, House aides said.
"Part of Congress' challenge is that a lot of programs and projects get labeled cybersecurity in order to secure funding," said Rep. Mac Thornberry, R-Texas, who oversees coordination of cyber legislation across House committees, in defending the cuts. "Our job is to sort through what is really necessary and try to see that the money that is spent is spent wisely. More money does not automatically mean more security."
Senate aides are still analyzing the effect of the cutbacks. Aides to House Homeland Security Chairman Peter King, R-N.Y., did not respond to requests for comment.
Enacted cyber earmarks have previously funded, among other things, state and local cybersecurity training; the power and cyber systems protection, analysis and testing program at the Idaho National Laboratory; the Cybersecurity Test Bed and Evaluation Center at the RTI International research institute; and a multistate information sharing and analysis center, according to spending legislation for fiscal 2010 and 2009.
Ed White, senior director for business development at security firm McAfee, said the $20 million rollback will hurt certain centers, but should not weaken overall performance within the civilian cyber protection division.
"Since the budget and appropriation bill doesn't explain specifically how they intend to make the cut, it is difficult to understand the total extent of the budget cut impact on any one specific organization's ability to operate," he said. "Do they intend to distribute the $20 million cut evenly across all of the earmarked programs, or is mostly coming at the expense of one organization?"
But, White added, a cut the size of the House Republicans' proposed $60 million decrease would affect the cyber division's ability to function.
"Now instead of operational status quo, we are in a degraded state of operational readiness," he said. "Once you start to degrade operational readiness, you are in the realm of indirectly causing DHS to not be able to perform their mission, which in turn could have far-reaching implications, such as the availability of critical infrastructure or national security."
During a House hearing on Thursday, Homeland Security Secretary Janet Napolitano said that the programs potentially targeted now include the installation of Einstein-3, a system that monitors traffic on federal computer networks and automatically responds to certain threats.
The continuing resolution proposals "will cause significant delay," she said. "I think for the deployment of Einstein-3 we would see that move back at least two or three years in terms of our ability to deploy it. And talk about an area where there's urgency, the cyber area has real urgency associated with it, so we hope we can work with the Congress to revisit that issue."
President Obama is asking for an unprecedented roughly $1 billion fiscal 2012 budget for information security at DHS, which is responsible for governmentwide cyber operations. He has called the cyber threat "one of the most serious economic and national security challenges we face as a nation" and appointed the first-ever cyber czar to coordinate computer security across the public and private sectors.
"If Congress is willing to cut that, then nothing is sacred and it shows the commitment of the Congress to drive spending down even in areas of major concern," White said.
The current and proposed reductions likely will not directly hit federal information technology managers, he said, but IT people should review their relationships with projects earmarked in the past to ensure ongoing partnerships will not be disrupted by any spending changes. The legislation does not rescind remaining fiscal 2010 earmarks.