There’s growing bipartisan skepticism about a planned $400 million-plus Washington, D.C., civilian cybersecurity campus to serve as a central clearinghouse for federal civilian information security professionals.
Sen. John Hoeven, R-S.D., chairman of the Senate Appropriations subcommittee with oversight of the Department of Homeland Security’s budget, expressed Wednesday concern about the feasibility of housing civilian cyber workers under one roof as well as the project’s price tag during a hearing on DHS’ cybersecurity mission.
The Obama administration has proposed spending more than $227 million next year for the first phase of the facility’s construction. DHS, along with the Justice Department, will be one of the “anchor” agencies of the new cyber center.
Andy Ozment, assistant secretary in DHS’ Office of Cybersecurity and Communication, told the committee the center could save money over the long haul because the current cyber workforce is dispersed across numerous other agency facilities, many of them leased.
A central campus could also spark greater cross-agency collaboration, Ozment said.
“Sometimes, there's no substitute for being able to walk down the hall and talk to a person face-to-face,” he added.
The committee’s ranking Democrat, Sen. Jeanne Shaheen, D-N.H., joined Hoeven in expressing concerns about the project.
"Doesn't it though seem sort of counterintuitive that when we're talking about issues around cybersecurity and around communicating virtually on the Internet that the only way we think we can do that is to build a brick-and-mortar campus?” she said.
The total cost for the project is estimated at $443.3 million, according to a GSA prospectus posted online earlier this month. Funding for the project would come out of GSA’s budget. Congress last December authorized GSA to spend an initial $35 million to design the project.
"It would be better to put all that money into improving our IT systems rather than building a new building to put people together,” Shaheen said.
It’s still not clear what types of personnel would actually staff the new center.
DHS Chief Information Officer Luke McCormack, who also testified at the hearing, said he supported the concept of the cyber campus, but that likely none of his employees would be housed there.
“I'm sort of speaking on behalf of any agency -- the internal, traditional cybersecurity organization that's protecting that agency doesn't plan on being in the cyber campus,” he said.
The majority of the hearing Wednesday focused on the suite of network-monitoring and other cybersecurity tools DHS provides to agencies.
The Einstein-3 accelerated program, which acts to detect and repel malicious activity against federal networks in real-time, now has the capacity to monitor about half of all federal Web traffic, Ozment told the committee. Full federal coverage under Einstein 3 is on track for the end of fiscal 2016, he said.
Under the controversial program, DHS has essentially set up guardhouses within Internet service providers -- so far, CenturyLink and Verizon -- to scan the flow of traffic to and from federal networks.
Another effort, the Continuous Diagnostics and Mitigation program, provides agencies with a collection of automated security tools to continuously monitor their networks. That program now covers about 55 percent of the federal government by personnel, Ozment said.