recommended reading

Cyber protections might accidentally tumble down fiscal cliff

Thinkstock

The good news: Government cybersecurity spending could jump by more than 9 percent in fiscal 2013. The bad news: If Congress falls over the fiscal cliff, then across-the-board cuts to federal information technology programs could inadvertently chop off protective components of systems.

President Obama’s budget proposals for military and civilian agency data defenses, combined with warnings about cyberwarfare, ordinarily would increase cyber funding by 9.1 percent annually, with spending reaching $13.3 billion in fiscal 2015, according to market research firm Deltek.

A continuing resolution that funds the government through March 27, 2013, already has banked away $328 million for Homeland Security Department network security deployments, plus $218 million for “continuous monitoring” of federal systems and intrusion detection programs. The military is devoting more than $3 billion annually to cybersecurity, Defense Secretary Leon Panetta said on Oct. 11. And Obama has requested a jaw-dropping 74 percent increase to the Homeland Security cyber budget for fiscal 2013, DHS Secretary Janet Napolitano said Sept. 28.

Despite all this, if Congress fails to broker a deficit reduction deal, then sequestration will near-evenly hack off $109 billion from Pentagon and nondefense accounts at the start of January 2013 -- including cyber elements.

“Generally speaking cyber will be subject to the same kind of cuts that everything else will,” said Trey Hodgkins, senior vice president for global public sector government affairs for trade association TechAmerica. “At best you would see a downturn and then a leveling off” in computer security spending. TechAmerica analysts decided to stop delineating annual dollar figures for cyber programs because, they argued, network protections increasingly are inseparable from IT expenditures. In other words, if an IT program is cut, then the cyber components will be zeroed out too.

Deltek analysts who calculated the spike in spending absent sequestration are more optimistic about cybersecurity clearing the cliff.  “The executive branch will salami-slice virtually every non-exempt account in about the same way. But they have not revealed how the pain will be allocated among the programs within any one account. I think that cyber programs will fare well in that allocation and many of them will grow,” said Ray Bjorklund, chief knowledge officer for Deltek.

Hodgkins agreed that agencies can shelter programs clearly identified as cybersecurity-related, by cutting less important activities inside the same account, but he added most cyber dollars are no longer demarcated that way. “There’s been a very conscious effort to proactively build that security in -- whether it’s a device, or a system or the cloud -- on the front end, not something that’s added on, on the backend,” he said. TechAmerica “did not try to make a forecast for cyber spending this year because the dollars have become so embedded in the programs.”

In October 2011, TechAmerica Foundation expected the accelerating severity of breaches to bolster Defensewide cyber spending -- totaling more than $13 billion annually by fiscal 2016 if the country suffers a cyberattack resembling what Panetta often refers to as the next Pearl Harbor.

Hord Tipton, a former Interior Department chief information officer, said he would be surprised to see much, if any, increase in cyber spending during the next few years. “It is likely that security budgets will remain level or demonstrate a slight increase, with a focus on the more critical areas such as agencies associated with critical infrastructure protection,” or defenses for industrial computers essential to American life, like transportation systems, he said.

Tipton experienced a period of frozen federal assets while serving as a Bureau of Land Management assistant director during a government shutdown that lasted from Dec. 16, 1995, to Jan. 6, 1996.

Under the cliff, “Defense cyber spending will be slightly higher, and civilian spending could actually drop,” said Tipton, currently executive director of (ISC)2, an association that issues cybersecurity specialist credentials. Agencies may be hard-pressed to find additional money for continuous monitoring hardware -- the sensors and other tools that enable real-time tracking of security risks, he said. They also may struggle to find “adequately trained and certified security personnel that come with a high-price tag,” he added.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.