President’s Budget Would Axe NIST Program Meant to Help Small Businesses with Cybersecurity

While the president’s budget proposal for 2021 would largely maintain current funding levels for cybersecurity across the government, it would deliver at least one notable casualty: the Manufacturing Extension Partnership Program at the National Institute of Standards and Technology.

The budget would put $18.8 billion toward cybersecurity across government—with $12.8 million less than the 2020 request—and significantly increase dollars to be spent at select departments, particularly Energy, Treasury and State, according to an analytical perspective the White House released.

NIST runs MEP centers in all 50 states with current efforts focused on assisting small- and medium-sized businesses with cybersecurity, among other things such as innovation, growth strategies, process improvements, workforce training, supply chain optimization and exporting, according to the Congressional Research Service. 

The MEP center in Michigan, for example, developed a network cybersecurity program “that seeks to save companies and jobs while upgrading the value of suppliers to their customers and the skills of their workforce.” 

“The Budget request proposes to discontinue Federal funding for the MEP program,” reads an appendix the White House released breaking down spending estimates within the Commerce Department. 

The White House estimates eliminating the program would contribute to an overall reduction in civilian full-time employment at NIST from 2,486 in 2020 to 2,088 in 2021. 

One source weighing in on the idea of cutting the MEP centers said the program has “absolutely” been helpful to small businesses in the manufacturing sector, but that with a president focused on saving taxpayer dollars, more should be done to show their worth.

“The president is very interested in promoting small businesses, he’s very interested in new jobs in the manufacturing sector,” Charlie Tupitza, who leads cybersecurity efforts at America’s Small Business Development Centers, told Nextgov. “On a regular basis, programs are put on the chopping block, and what that means is that somebody needs to defend what they're doing and show value. If you can't show business value, you can't show empirical evidence associated with an activity, then you've got a problem.”

Tupitza would like the MEPs to work more closely with the Small Business Development Centers. The SBDCs receive funding from the Small Business Administration to help smaller companies access resources to implement programs such as the coming Cybersecurity Maturity Model Certification initiative being established by the Defense Department. 

Under the president’s budget, cybersecurity spending at Commerce would be reduced by $136 million. But total obligations for the department’s Bureau of Industry and Security, which enforces export controls to keep sensitive American technology out of the hands of foreign adversaries, increased slightly with BIS projected to add the equivalent of 16 new full-time employees.

Similarly, the budget for Commerce’s National Telecommunications and Information Administration, which manages the electromagnetic spectrum used for wireless communication, would increase slightly. 

“The Budget proposes to increase the Domestic and International Policies Program to fund NTIA's growing efforts to oversee, mitigate, and manage supply chain risks to our nation's telecommunications infrastructure,” according to the Commerce appendix. “The Budget also proposes an increase to fund NTIA's spectrum research for 5G and other evolving advanced communications innovations. This funding will enable NTIA to execute advanced engineering algorithms; to improve data security and availability.”

Increases in spending on cybersecurity for the departments of Treasury and State are focused on improving operations.

“This appropriation provides resources for overall planning, direction, operations, and critical infrastructure activities for the IRS,” reads an appendix on Treasury’s allotment, which increased cybersecurity spending by $100 million from 2020 to 2021. “These activities

include IT and cybersecurity that keep tax systems running and protect taxpayer data, the financial management activities that ensure effective stewardship of the nation's revenues, and the physical infrastructure.”

A breakdown of expected spending at the State Department, which would receive $82.8 million more in cybersecurity funding next year, references negative results in cybersecurity the department has received from the inspector general’s office. 

The budget proposal says State shall “strengthen cybersecurity measures to mitigate vulnerabilities, including those resulting from the use of personal email accounts or servers outside the.gov domain, improve the process to identify and remove inactive user accounts, update and enforce guidance related to the control of national security information, and implement the recommendations of the applicable reports of the cognizant Office of Inspector General.”

The Energy Department, which would see the highest increase in cybersecurity spending under the budget—$115 million—would put a major chunk of that into protecting the National Nuclear Security Administration. 

The information technology and cybersecurity program there provides continuous monitoring, cloud-based technologies, and enterprise security technologies (i.e., identity, credential, and access management) to help meet security challenges, according to the appendix on Energy Department spending.