From: FederalNewsRadio.com 1500 AM
By Jason Miller
Legislative and budgetary challenges are hindering the Homeland Security Department’s ability to implement the continuous diagnostic and monitoring program.
Suzanne Spaulding, the nominee to be the deputy undersecretary of the National Protection and Programs Directorate (NPPD), told Senate lawmakers Wednesday that DHS is working toward CDM implementation, but “there are some departments who have legal constraints that get in the way of allowing DHS to move forward with CDM.”
After the Senate Homeland Security and Governmental Affairs hearing, a DHS official offered more details about those legal constraints.
The official said by email that “the authorizing statute for CDM notes that the appropriation of funds ‘shall not apply to the legislative and judicial branches of the federal government and shall apply to all federal agencies within the executive branch except for the Department of Defense, the Central Intelligence Agency and the Office of the Director of National Intelligence.'”
The official said every civilian CFO Act agency has signed a memorandum of agreement with DHS to implement the continuous monitoring tools and software. DHS received $183 million from Congress in 2013 to implement CDM.
DHS in August awarded 17 companies a spot on a blanket purchase agreement to bid on task orders to implement more than 20 tools to improve agency cybersecurity.
The DHS official also said while the law does not let DHS pay for implementation at ODNI, DoD or the CIA, the agencies still can order from the CDM contract.
Sequestration impact
Spaulding, who has been the deputy undersecretary of NPPD since September 2011 and has been acting undersecretary since May, would replace Rand Beers if confirmed by the Senate.
Beers is the current acting DHS secretary and is expected to leave government when a new DHS secretary is confirmed by the Senate. President Barack Obama has yet to nominate a replacement for Janet Napolitano, who left earlier this month to be president of the University of California.
Beyond legal constraints, Spaulding also said the CDM program is facing budget challenges.
In an answer to pre-hearing questions from the senators about how sequestration has impacted NPPD, Spaulding wrote in fiscal 2013, “NPPD delayed the development of new National Cybersecurity Protection System (NCPS) capabilities to address emerging cybersecurity priorities, reduced the number of federal devices that will be covered by the CDM program … .”
She didn’t offer more details in terms of how many devices and which ones DHS had to delay.
The NCPS program is the umbrella program run by the U.S. Computer Emergency Readiness Team (U.S. CERT) that includes the Einstein 3 intrusion detection and prevention program and information sharing capabilities.
Spaulding wrote to senators that DHS will achieve initial operating capability of the information sharing tool in 2015 and full operational capability in 2018.
Leave a Reply