WASHINGTON, D.C. – Today, U.S. Senators Angus King (I-Maine) and Mark Warner (D-Va.), members of the Senate Select Committee on Intelligence, released a new letter to the Chair of the Senate Subcommittee on Financial Services and General Government calling for the Senate to drop the budget gimmick in the 2016 National Defense Authorization Act that relies on funding from an emergency war account to exceed the budget caps established by the Budget Control Act, and instead, lift across-the-board spending caps to ensure agencies in dire need of cybersecurity upgrades are fully funded to ensure these upgrades can be made.

The Senators’ letter comes in the wake of a massive cyber-attack on the Office of Personnel Management that may have compromised the personal data of about 4 million current and former federal employees.

“This attack clearly highlights how critical it is for our national defense that Republicans and Democrats negotiate another bipartisan sequester relief package. This attack on OPM’s IT infrastructure is not the first and will likely not be the last. The federal government’s analysis of this attack, which occurred in December of last year, has concluded that the OPM is now a target of cyber-attackers,” Senators King and Warner wrote. “[…] we urge you to work towards fulfilling OPM’s full FY2016 funding request so that the federal government has strong and robust cyber defenses against foreign attacks.”

The 2016 NDAA authorizes money from within the Overseas Contingency Operations (OCO) account – an emergency war funding account – as a workaround on the budget caps set by the Budget Control Act. As a result, defense spending in the legislation is increased without violating the limitations in current law. However, national security leaders across military services have said it is not optimal to increase defense spending via a one-year OCO increase to support core military programs that are typically funded using five-year projections of predictable funding.

In remarks on the Senate floor last week, Senator King, who supports the NDAA because of its vital importance to the safety and security of the nation, called on his colleagues to fund the country’s national defense priorities in a fiscally responsible way and to work to address sequestration across the entire government, not only defense, and in a fiscally responsible manner, not by borrowing from the pockets of future generations.

The complete text of the letter can be read below and HERE:

+++

Dear Chairman Boozman,

In light of the recent cyberattack on the Office of Personnel Management (OPM) affecting the personal information of over 4 million federal employees, we are writing to urge you to fully fund the President’s FY2016 request for the Agency’s Information Technology and cybersecurity budget.  OPM's FY 2016 request is $32 million above their FY 2015 appropriation, with the majority of the funds directed towards investments in IT network infrastructure and security.

We appreciate that the current sequester-level Budget Control Act (BCA) spending caps are complicating this year’s Appropriations process. As you know, the Senate Democratic Caucus supports equal relief from sequestration for both defense and non-defense spending.  This attack clearly highlights how critical it is for our national defense that Republicans and Democrats negotiate another bipartisan sequester relief package. This attack on OPM’s IT infrastructure is not the first and will likely not be the last. The federal government’s analysis of this attack, which occurred in December of last year, has concluded that the OPM is now a target of cyber-attackers. 

As the keeper of sensitive data -­ including personally identifiable information for 32 million federal employees and retirees - OPM has a huge responsibility to maintain and consistently upgrade their cybersecurity controls. The funding requested includes $21 million to continue and finish upgrades initiated after a FY2014 attack and represents the recommendations of a comprehensive security analysis meant to protect OPM’s network well into the future. While OPM may need to revise their request further in light of the most recent attack, it is abundantly clear that technology and cyberattackers evolve in real time and the federal government needs more resources and budget certainty to keep their infrastructure current and strong. The request also includes:

• Maintenance for a sustained security operations center (SOC) to provide critical oversight of OPM’s security posture and real-time 24/7 monitoring of network servers to detect and respond to malicious activity

• Support for stronger firewalls and storage devices for capturing security log information used for analysis in the event of cyber-attack

• Additional staff for the SOC to monitor the security of the network and permit faster response time to cyber-attacks

In closing, we urge you to work towards fulfilling OPM’s full FY2016 funding request so that the federal government has strong and robust cyber defenses against foreign attacks. 

Sincerely,

U.S. Senator Angus King

U.S. Senator Mark Warner

                                                                         ###