$37 million in emergency OPM funding left out of CISA

The Senate's information-sharing cybersecurity bill cleared a procedural hurdle Oct. 22, but conspicuously absent from the bill was an amendment for $37 million in emergency funding for the Office of Personnel Management's IT modernization efforts.

OPM could use the funding: it is struggling to come up with the money for crucial IT projects worth at least $117 million. The Senate Appropriations Committee in July rejected an earlier request from Sen Barbara Mikulski (D-Md.), the vice chairwoman of the committee, to provide the $37 million in IT funding.

Mikulski also sponsored the CISA amendment to increase OPM's funding, and on Oct. 22 she urged her colleagues to support the provision.

"Some say this funding is premature, and OPM is not ready to deploy it effectively," Mikulski said in a statement. "However, those reports were written before Beth Cobert became OPM acting director.  She is turning OPM around, but she needs the resources to secure OPM's IT systems, and cybersecurity is a critical issue."

The Maryland Democrat added: "We know what OPM needs to do. They have the will, they have a business plan and now they need the wallet."

However, the agency's inspector general has explicitly characterized OPM's lack of a business plan, in the form of a Major IT Business Case, as irresponsible. As of a Sept. 3 update to the IG's flash audit, OPM had yet to determine "the full scope and overall costs" of its Shell modernization project, which is part of the $117 million in projects that the agency is straining to fund.

The Cybersecurity Information Sharing Act to which Mikulski tried to hitch the OPM funding is the latest in a long line of legislative efforts to encourage private firms to share more cyber threat data amongst themselves and with the government. Information-sharing bills in recent years have stalled in the face of privacy concerns, concerns that are again center stage this Congress.

Apple and a trade group representing Amazon, Google and Facebook have come out against the legislation. The powerful U.S. Chamber of Commerce, however, strongly backs the bill.

CISA supporters received a boost Oct. 22 when the White House offered its support for the bill via a Statement of Administration Policy. The statement praised legislators for strengthening privacy protections in the bill with amendments. But the administration nonetheless "remains concerned that the bill's authorization to share with any federal entity, notwithstanding any other provision of law, weakens the bill's requirement that information be shared with a civilian entity," the statement said. "This remains a significant concern, and the administration is eager to work with the Congress to seek a workable solution."

Any bill coming out of the Senate would have to be reconciled with the version of information-sharing legislation that the House passed in April.

A set of seven amendments to CISA is slated for a Senate vote on Oct. 27. That will be followed by a cloture vote and a final vote on the underlying bill.