(Correction, March 11: This story has been updated to reflect that the Federal Election Commission requested Congress allocate $1.51 million, not “more than $3 million” as originally reported, for computer and IT security enhancements.)
The Federal Election Commission is asking Congress for $1.51 million to address what it says are serious security breaches and an obsolete IT system.
The requests follow an investigation by the Center for Public Integrity that in December revealed Chinese hackers infiltrated the agency’s computer systems.
The investigation also detailed how the FEC is grappling with chronic staffing shortages that have hobbled its ability to execute some of its most basic functions, such as ensuring the accuracy and legality of campaign finance disclosures for political candidates and committees.
The FEC acknowledges to Congress in a 41-page budget request it today submitted to Capitol Hill that it “has recently been subject to high-profile cyber security attacks” and “has become more visible to individuals and groups that pursue such attacks, fundamentally and irrevocably increasing the level of threat to the agency’s systems and data.”
It continues: “Without an appropriation at the requested level, the agency will be required to delay or cancel these projects, placing the FEC’s systems and data at further risk.”
Among the agency’s requests:
- $650,000 for “cyber security related hardware.” The FEC says it now has “limited” its ability to replace computers, servers and other hardware it deems necessary to ensure the security of its IT systems. “As the agency’s PCs become outdated and obsolete, they cease to support the security tools and services the agency has in place to monitor configuration changes, which can indicate a cybersecurity threat, and to protect against viruses and malware,” the agency writes.
- $522,000 for implementation of a “trusted Internet connection.” The funds will help the agency “manage the security requirements for networks and security operations centers” and comply with federal security regulations.
- $178,000 for “website incursion prevention and detection.” These funds, the FEC says, would “support the maintenance of a cybersecurity tool that detects and stops malicious activity on systems and equipment in real time and helps network administrators better understand cyber threats by producing complete forensic details of attempted attacks.”
- $130,000 for a staff member “dedicated to IT security.” A single information security officer is “no longer sufficient” because the “complexity and severity of the threats to the FEC’s website, network and systems have increased dramatically.”
The FEC is also asking for $545,000 dedicated to filling “critical vacancies.”
The agency has reduced its workforce by 8 percent during the past four years, and during fiscal year 2013, left empty 19 of 24 vacant positions.
“These sustained reductions significantly impair the agency’s efforts to manage its human capital and to ensure that it can hire and retain top performers who deliver the FEC’s mission efficiently and effectively,” the FEC tells Congress.
At the moment, it has no general counsel, associate general counsel for litigation, associate general counsel for policy or chief financial officer. Its human resources division is operating with half a staff. Its audit division — critical to determining whether political committees are complying with laws — is down a manager and two staffers.
But it also notes that “unfilled staff vacancies at all levels across the agency have begun to affect negatively the FEC’s ability to provide public services” — particularly its division that reviews and analyses campaign finance reports. To date, about two million such reports have not been checked for errors, completeness and potential illegalities, the FEC notes.
The FEC also wants $100,000 to improve its web site to make it easier to navigate and search for custom information.
Overall, the FEC is asking for $67.5 million for fiscal year 2015 — the same amount the president proposed in his budget and a small increase from its current budget of $65.8 million. It also presumes that the U.S. Senate will begin filing its campaign finance reports electronically, which it estimates would save the agency about $430,000 annually.
FEC commissioners could not immediately be reached for comment.
Update, 8:29 p.m., March 7: FEC Chairman Lee Goodman (R) said in an email that “anybody who seriously supports the FEC’s public disclosure mission must support funding for us to rebuild and fully staff our Reports Analysis Division … The most important priorities reflected in this budget proposal for me are those related to public disclosure of the campaign finance data filed with the FEC.” Goodman added he also believes improvements to the agency’s technology are key.
FEC Vice Chairman Ann Ravel (D) said in an interview that the agency’s budget request is “appropriate” given federal resources and addresses its most pressing IT and staffing needs.
“The agency could be doing more and doing better work with more funding than we’re asking for,” Ravel said. “But you don’t want to overreach.”
Even with a larger budget, the FEC says its fiscal situation is precarious.
“[D]ue to recent funding restrictions, the Commission has been limited to only the most critical of hires,” the FEC writes to Congress.
And anything less than $67.5 million “could jeopardize the FEC’s ability to carry out its mission and will expose the agency to audit risks and findings,” it writes.