Subcommittee Chairman Garbarino Delivers Opening Statement in Hearing on Federal Civilian Executive Branch Cybersecurity Programs
September 19, 2023
WASHINGTON, D.C. —Today, House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection Chairman Andrew Garbarino (R-NY) delivered the following opening remarks during a hearing to examine the Cybersecurity and Infrastructure Security Agency’s (CISA) Federal Civilian Executive Branch cybersecurity programs, specifically the National Cybersecurity Protection System and the Continuous Diagnostics and Mitigation Program.
Watch the full hearing here.
As prepared for delivery:
One of CISA’s core missions is protection of the Federal Civilian Executive Branch, or FCEB. Although CISA has been pulled in many different directions in recent years, it’s crucial that it continues to focus on its foundational responsibilities, chief among them being the protection of FCEB networks.
Today we will focus on two programs: the Continuous Diagnostics and Mitigation program, or CDM, and the National Cybersecurity Protection System, or NCPS, which includes EINSTEIN.
In recent years, CISA officials have indicated their intent to revamp and improve these programs. We will discuss with industry partners, who participate in and have perspectives on these two programs, some of the successes they have had so far and ways they can improve in the future. CDM provides tools to agencies to defend their networks, which feed data into dashboards to allow agencies to monitor their real-time network security. Conceptually, those agency-specific dashboards send data to a federal government-wide dashboard that CISA uses to monitor the state of FCEB cybersecurity. The current model provides two years of CISA sourced funding for CDM tools at agencies, after which point agencies must pick up the bill.
NCPS is a set of capabilities that includes EINSTEIN, CISA’s intrusion detection and intrusion prevention system. EINSTEIN sensors reside on the perimeter of an agency’s network and detect and block known malicious traffic.
While this perimeter security function is important, it is not sufficient for a cybersecurity program given the current threat landscape and the ability of bad actors to evade many perimeter security mitigations. What’s more, EINSTEIN has faced long-standing downsides, including limitations on detecting and preventing encrypted traffic and focusing only on what we already know is malicious traffic. NCPS’ authorization expires at the end of this fiscal year.
In the President’s FY 2024 budget request, CISA included a $425 million request for the Cyber Analytics and Data System, or CADS, which is meant to take the place of NCPS. CISA intends to transition certain legacy capabilities of EINSTEIN into the new CADS system, and others will be taken over by new CADS capabilities. While CISA has not provided many public details about its plans to build CADS, I am looking forward to hearing from our witnesses their thoughts on how CISA should be approaching this new analytic capability.
As the administrator of Federal cybersecurity requirements, CISA has a broad and important role in ensuring the security of federal networks. While the ultimate responsibility for an individual agency’s security is the head of that agency, through programs like CDM and EINSTEIN, CISA has the potential to make a real impact on federal network security.
The direction CISA takes these programs, and to what extent they are administered as true shared services with CISA covering continued costs, will dictate CISA’s posture toward other federal agencies moving forward. Whether CISA acts as a service provider or an advisor toward other agencies is a fundamental question, and Congress and CISA must both be consistent in how they approach it, across CISA’s many missions and programs.
I look forward to our witnesses’ testimony and to discussing these questions with them in more depth.