recommended reading

Cyber protections might accidentally tumble down fiscal cliff

Thinkstock

The good news: Government cybersecurity spending could jump by more than 9 percent in fiscal 2013. The bad news: If Congress falls over the fiscal cliff, then across-the-board cuts to federal information technology programs could inadvertently chop off protective components of systems.

President Obama’s budget proposals for military and civilian agency data defenses, combined with warnings about cyberwarfare, ordinarily would increase cyber funding by 9.1 percent annually, with spending reaching $13.3 billion in fiscal 2015, according to market research firm Deltek.

A continuing resolution that funds the government through March 27, 2013, already has banked away $328 million for Homeland Security Department network security deployments, plus $218 million for “continuous monitoring” of federal systems and intrusion detection programs. The military is devoting more than $3 billion annually to cybersecurity, Defense Secretary Leon Panetta said on Oct. 11. And Obama has requested a jaw-dropping 74 percent increase to the Homeland Security cyber budget for fiscal 2013, DHS Secretary Janet Napolitano said Sept. 28.

Despite all this, if Congress fails to broker a deficit reduction deal, then sequestration will near-evenly hack off $109 billion from Pentagon and nondefense accounts at the start of January 2013 -- including cyber elements.

“Generally speaking cyber will be subject to the same kind of cuts that everything else will,” said Trey Hodgkins, senior vice president for global public sector government affairs for trade association TechAmerica. “At best you would see a downturn and then a leveling off” in computer security spending. TechAmerica analysts decided to stop delineating annual dollar figures for cyber programs because, they argued, network protections increasingly are inseparable from IT expenditures. In other words, if an IT program is cut, then the cyber components will be zeroed out too.

Deltek analysts who calculated the spike in spending absent sequestration are more optimistic about cybersecurity clearing the cliff.  “The executive branch will salami-slice virtually every non-exempt account in about the same way. But they have not revealed how the pain will be allocated among the programs within any one account. I think that cyber programs will fare well in that allocation and many of them will grow,” said Ray Bjorklund, chief knowledge officer for Deltek.

Hodgkins agreed that agencies can shelter programs clearly identified as cybersecurity-related, by cutting less important activities inside the same account, but he added most cyber dollars are no longer demarcated that way. “There’s been a very conscious effort to proactively build that security in -- whether it’s a device, or a system or the cloud -- on the front end, not something that’s added on, on the backend,” he said. TechAmerica “did not try to make a forecast for cyber spending this year because the dollars have become so embedded in the programs.”

In October 2011, TechAmerica Foundation expected the accelerating severity of breaches to bolster Defensewide cyber spending -- totaling more than $13 billion annually by fiscal 2016 if the country suffers a cyberattack resembling what Panetta often refers to as the next Pearl Harbor.

Hord Tipton, a former Interior Department chief information officer, said he would be surprised to see much, if any, increase in cyber spending during the next few years. “It is likely that security budgets will remain level or demonstrate a slight increase, with a focus on the more critical areas such as agencies associated with critical infrastructure protection,” or defenses for industrial computers essential to American life, like transportation systems, he said.

Tipton experienced a period of frozen federal assets while serving as a Bureau of Land Management assistant director during a government shutdown that lasted from Dec. 16, 1995, to Jan. 6, 1996.

Under the cliff, “Defense cyber spending will be slightly higher, and civilian spending could actually drop,” said Tipton, currently executive director of (ISC)2, an association that issues cybersecurity specialist credentials. Agencies may be hard-pressed to find additional money for continuous monitoring hardware -- the sensors and other tools that enable real-time tracking of security risks, he said. They also may struggle to find “adequately trained and certified security personnel that come with a high-price tag,” he added.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.