One of the Cybersecurity and Infrastructure Security Agency’s (CISA) mainstay cybersecurity protection programs got an extended lease on life, along with $91 million of funding, in the fiscal year (FY) 2023 omnibus appropriations bill released by the House and Senate Appropriations committees on Dec. 20.
That $91 million of funding is targeted to keep CISA’s National Cybersecurity Protection System (NCPS) running through the end of September 2023. NCPS originally was authorized in 2015 for a seven-year period.
NCPS, according to its official description, is “an integrated system-of-systems that delivers a range of capabilities, such as intrusion detection, analytics, information sharing, and intrusion prevention” that helps CISA in its efforts to secure Federal civilian executive branch [FCEB] agencies’ IT infrastructure against cyber threats.
NCPS is more commonly known for its EINSTEIN set of capabilities that “provide the Federal Government with an early warning system, improved situational awareness of intrusion threats to FCEB networks, near real-time identification of malicious cyber activity, and prevention of that malicious cyber activity,” according to CISA.
Text of the appropriations bill says the legislation “provides $91,193,000 for NCPS, including $1,000,000 above the request to enhance the protection of federal networks and expand CISA’s ability to coordinate and execute defenses against nation-state threats and mitigate critical vulnerabilities.”
The EINSTEIN capability and its effectiveness in preventing successful cyberattacks have come into question from some quarters in Congress. Last year, leaders of the Senate Homeland Security and Governmental Affairs Committee queried CISA on the limitations of EINSTEIN following the SolarWinds Orion and Microsoft Exchange security compromises.
As reported yesterday, the FY2023 omnibus funding legislation also contains $331 million of funding for CISA’s Continuous Diagnostics and Mitigation (CDM) program that helps Federal agencies improve cybersecurity, and take steps to comply with President Biden’s cybersecurity executive order and migrate to zero trust security architectures.
The CDM program funding accounts for about 11 percent of CISA’s $2.9 billion FY2023 budget in the omnibus package.
The Alliance for Digital Innovation (ADI), a private-sector trade group whose members include Amazon Web Services and Google Cloud, said in a statement today it was “encouraged by Congress’s funding of several cybersecurity and IT modernization efforts in the 2023 Appropriations bill.”
“We are very encouraged by the continued commitment to cybersecurity as indicated by the additional funding for cybersecurity at CISA. We also support funding for the Technology Modernization Fund, an important program for bringing innovative technology solutions to government, and will encourage additional funding in future years,” ADI said.
“We also support the additional funding for cybersecurity across the departments and agencies – this includes the use of working capital funds at many departments and agencies,” it said. Those provisions and others, the group said, “represent a continued commitment to modernizing our government’s IT infrastructure and to enhancing our nation’s cybersecurity. We look forward to working with the 118th Congress and the Administration on the implementation of these funds.”
