Senate Committee Wants to Know if OMB Ever Uses its Get-Tough Cyber Power


Since the OPM hack was revealed last summer, the White House has exhorted agencies to tighten their cybersecurity defenses.

Since the massive Office of Personnel Management hack was revealed last summer, the White House has exhorted and encouraged agencies to tighten their cybersecurity defenses.

But lawmakers want to know if the administration has also considered a tougher approach -- using its budget authority to enforce cybersecurity standards.

The Senate version of a 2017 spending bill providing funding for OPM, the Internal Revenue Service and the White House Office of Management and Budget would direct OMB to report annually on how often the administration has tightened agency purse strings to force compliance with federal cyber policies.

Federal law allows the head of OMB to “take any action,” including those related to the budget and appropriations process, to enforce the accountability of agency heads’ for managing information technology. It’s unclear how frequently such action is actually taken.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The Senate bill, approved by the appropriations committee late last week, also called on OMB to submit its cybersecurity implementation plan -- a long-term strategy for shoring up federal cybersecurity procedures -- to the Government Accountability Office for review.

Meanwhile, a competing version of the same bill, approved by the House on June 9, includes a measure requiring OMB to submit an annual report on governmentwide cybersecurity spending.

The two bill split on topline spending for an OMB fund that supports the administration’s cyber policy unit and the White House’s tech fix-it squad, the U.S. Digital Service.

Last year, Congress approved $30 million in spending for the fund, and for 2017, the administration is seeking $35 million.

The Senate’s bill would keep spending for the fund flat, while the House’s would actually trim it back slightly to $25 million.

When it comes to funding cybersecurity improvements at the IRS and OPM, there are few differences between the two bills.

Both bills include an additional $290 million to fund IRS cybersecurity protections. Last year, IRS officials revealed fraudsters had exploited an online application offered by the agency to steal personal information on hundreds of thousands of taxpayers and filing fraudulent returns.

The House bill would reduce overall IRS spending by about $237 million to $10.9 billion, while the Senate version would keep agency spending flat.

The Senate bill proposes halving a Treasury Department request for a $110 million emergency piggybank to pay for cyber fixes and respond to potential hacks. The Senate bill proposes $47.7 million for the effort.

Both bills provide for a $15 million boost to OPM’s budget -- a nearly 75 percent increase -- to help the agency continue to make upgrades to its IT environment. The IT upgrade project, accelerated in the wake of the massive data breach involving background check files, has been harshly criticized by OPM’s inspector general for poor planning and unreliable accounting.