Obama Proposes $14 Billion Cybersecurity BudgetContinuous Monitoring, Intrusion Detection Among Priorities
President Obama proposes to spend $14 billion in fiscal year 2016, which starts Oct. 1, to support cybersecurity efforts across the government, including continuous monitoring and intrusion detection initiatives.
"This budget provides the resources we need to defend the nation against cyber-attacks," Obama said in a statement accompanying the Feb. 2 release of the nearly $4 trillion budget. "No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets or invade the privacy of American families."
Obama's budget is a spending and tax plan - think of it as the White House wish list - and no one expects the Democratic president's budget to pass the Republican-led Congress. GOP leaders already have rejected the president's spending and tax plan, though elements of the budget - including those dealing with cybersecurity - could be the basis of appropriations to fund cybersecurity initiatives. Money to fund government programs comes from individual appropriations bills Congress enacts.
The White House Office of Management and Budget could not provide a figure on how much the government expects to spend on government IT security programs in fiscal 2015, which ends Sept. 30. Figures for what was spent in fiscal 2014 also are not yet available. According to OMB's annual report to Congress issued last May, government civilian agencies spent $10.3 billion on IT security in fiscal 2013. Spending levels for classified systems are secret.
Obama's Cybersecurity Wish List
The budget issued this week doesn't provide specifics on all government cybersecurity spending, including the proposed allotments to specific agencies for IT security. Those figures should become available next month.
What's on Obama's wish list for the next fiscal year? One of the biggest proposed outlays - $582 million - would go to the Department of Homeland Security to lead implementation of the continuous diagnostic and mitigation program, commonly known as continuous monitoring, at federal civilian agencies. Continuous monitoring is aimed at identifying systems vulnerabilities in near real time.
"Support at the highest level for continuous diagnostics and mitigation is long overdue," says Franklin Reeder, former chief of information policy at OMB. "While there are no silver bullets that address the many dimensions of the cybersecurity challenge, CDM, if widely adopted, would significantly mitigate cyber-risk."
The proposed allocation to DHS also would fund the latest developments of the National Security Protection System, the intrusion prevention system known as Einstein, which would protect all agencies.
Another $514 million would go to the Justice Department to fund the investigation of cyber-intrusions that pose serious threats to national security and the nation's economic stability and to prosecute the offenders.
Within the Department of Defense, the budget includes proposed funding to continue developing the U.S. Cyber Command to its full strength. According to Reuters, $5.5 billion of the cybersecurity budget would go to the Pentagon. The agency's chief weapons tester last month told Congress that nearly every U.S. weapons program showed "significant vulnerabilities" to cyber-attacks, including misconfigured, unpatched and outdated software, the Reuters report notes.
The budget also would provide continuing support for an across-agency program instituted in 2011 after the unauthorized disclosure of a half-million diplomatic cables by Chelsea Manning to WeakLeaks.
The administration is requesting $149 million for an initiative to help secure critical infrastructure IT operated by private businesses. Another $243 million would be earmarked to support research and development at civilian agencies to support innovative cybersecurity technologies.
Jacob Olcott, a former Senate Commerce Committee counsel who focused on cybersecurity, says the government shouldn't short shrift civilian agencies when funding cybersecurity research and development. "Most classified R&D spending is designed to secure military systems, and does not help protect our national critical infrastructure or our sensitive intellectual property," says Olcott, now vice president for business development at BitSight Technologies, an information risk advisory company. "If these things are important, then we have to budget accordingly."
To support long-term cyber-investments, the budget proposes spending $227 million to fund the first phase of construction of the Federal Civilian Cyber Campus. According to the White House, the cyber campus would co-locate cybersecurity operations of the DHS and the FBI that should help the government collaborate with the private sector on cybersecurity. Another $35 million would be allotted to improve cyber-intelligence integration, analysis and planning within the federal government.
Correction: An earlier version of this story incorrectly stated the outlays in the U.S. federal government's fiscal year 2016 budget. It is nearly $4 billion, not $3.5 billion.