DC: Shutting down cybersecurity?

This weekend or soon thereafter, if Congress hasn’t managed to pass a stopgap spending measure—never mind an actual budget—the government will run out of money. National parks will close to the public. Passport applications won’t get processed. Government websites won’t be maintained. Heck, the last government shutdown delayed the opening of the 2013 crab season in Alaska.

So what’s the hold-up in Congress? Essentially, Democrats say they won’t vote for a spending measure that fails to resolve the legal status of undocumented individuals who were brought to the United States as children. Republicans, who wish to leave that question unresolved for now, have offered instead to fund the Children’s Health Insurance Program—though President Trump now says he opposes such a move, which throws negotiations into even greater turmoil. Washington logic can be a little tough to follow.

Most folks have heard of the “dreamers” and CHIP; fewer are aware that Congress’s inability to fund government operations in an orderly fashion may be putting crucial agencies at increased risk of cyber attack. As reported by Jessie Bur in the Federal Times, Congress’s bad habit of funding operations through “continuing resolutions”—instead of through budgets that cover entire fiscal years—strains agencies’ ability to make sound decisions about acquiring cybersecurity technology. As a representative of the IT industry—admittedly, not a disinterested observer—recently said in congressional testimony, “Agencies cannot begin to spend dollars until they are appropriated.” If, after a series of continuing resolutions, “only five months are actually appropriated, it’s too short of a time frame to… deploy the activity and get the dollars obligated for a contract.”

Meanwhile, Joe Dunford—chairman of the Joint Chiefs of Staff—makes a similar argument about the Pentagon’s ability to spend wisely. “We want to be good stewards of the taxpayer dollar,” Dunford told Defense News. “When you’re forced to spend all the money in a compressed period of time at the end of the fiscal year, it isn’t necessarily [an] efficient use of the resources.”

With the cyber threat maturing fast, and more established threats requiring sustained attention, it would be nice if Congress could perform its most basic functions without first holding its breath and turning 10 shades of blue. Or red, as the case may be.