US Proposes Funding to Clear Risk Assessment Backlog

America's Cybersecurity and Infrastructure Security Agency (CISA) could soon be on the receiving end of a sizable cash injection to help clear a backlog in state and local vulnerability assessments.

A Senate panel is moving to give the Department of Homeland Security's agency $58m to support the continued reduction of its sizable assessment caseload.

According to an explanatory statement that accompanied the Senate Appropriations Committee's draft annual spending bill for the DHS, the proposed new funding would be used to reduce a "12-month backlog in vulnerability assessments reported to the National Cybersecurity and Communications Integration Center."

NCCIC, which is part of CISA, carries out the task of testing critical infrastructure for state and local agencies. 

The Senate Committee on Appropriations is responsible for legislation allocating federal funds prior to expenditure from the treasury. The committee published its draft spending bills last week.

Federal Computer Week reported that the backlog is outstanding from last year when lawmakers opted to give CISA more money to perform the same task.

The committee's recommendation is that CISA receive approximately $2bn in fiscal year 2021 funding.  This figure exceeds that sought by President Donald Trump's budget request by $270m.

The recent US presidential election placed pressure on CISA to conduct risk vulnerability assessments for state and local election officials. 

Geoff Hale, director of CISA's Election Security Initiative, speaking at a November 17 virtual event hosted by the Cyber Threat Alliance, said: "We started with risk and vulnerability assessments, which are resource intensive teams of six [CISA employees] flying out on location to do an in-depth assessment, but the demand for a more scalable service really drove us to develop remote penetration testing, which the community has embraced in full."

In 2019, the House Appropriations Committee approved a $63.8bn DHS spending package that allocated about $2bn for CISA, $335m more than the amount allocated in 2018 and roughly $400m over the amount that was requested. 

What’s Hot on Infosecurity Magazine?