Departing Pentagon official warns against cutting cybersecurity funding

If Congress fails to broker a deficit reduction deal, the Pentagon will be forced to halt information technology upgrades and shrink military forces, but still will have to boost funding for cyberspace security, outgoing Deputy Defense Secretary William J. Lynn III said Wednesday.

The Defense Department faces, at best, upwards of $550 billion in cuts over a decade and at worst -- if lawmakers cannot negotiate a deal -- losses of nearly $1 trillion through automatic spending decreases.

"We need to reduce spending, but it must be done in a careful and considered fashion," Lynn said on his last day in office during remarks at the left-leaning Center for American Progress. "We should bring troop levels down in an orderly manner. . . We need to trim modernization programs, but preserve increases in key areas such as cybersecurity and long-range strikes."

The deputy Defense secretary's comments came on the same day that House Republicans unveiled U.S. network security reforms that propose offsetting all incentives for private network defenses. An estimated 85 percent of the nation's critical infrastructure -- banking, power and transportation systems -- that supports civilians and troops is commercially operated.

"I think the overlay of our fiscal reality is something we were very conscious of" while drafting the agenda, said Rep. Mac Thornberry, R-Texas, who chaired the task force of members from the nine committees with cybersecurity jurisdiction.

The recommendations, which the group delivered to Speaker John Boehner, R-Ohio, urge expanding or extending existing tax credits for companies that invest in cyber technology rather than creating new tax credits. The task force also suggested the federal government use existing grant programs instead of appropriate new funds. For instance, grant proposals for national security funding would be required to include certain network protection activities, such as applying bug patches and scanning for viruses.

The plan calls for studying the cybersecurity insurance market, a nascent industry that proponents say could lessen the government's financial burden. Depending on how it is structured, insurance could bolster network reliability at firms that buy data breach policies, the proposal stated. "Defining the liability will help develop the market for cybersecurity insurance," said task force participant Rep. Steve Stivers, R-Ohio, a member of the Financial Services Committee.

At the Center for American Progress, Lynn said there is now a burning need to guard against truly destructive threats that could wipe out the power grid, transportation networks and military capabilities. "It is important to prepare against those higher levels of threats before they get there," he said. "I think we have a window of opportunity to do that, but it's of uncertain length. There is some urgency to deploy better, more robust defenses particularly around our critical infrastructure sectors."

Some former government leaders said Lynn's concern about a devastating cyberattack bears consideration.

"You could have done almost far greater economic damage on 9/11 by attacking our financial services networks," said Jim Williams, a 30-year veteran of the federal government who served as acting administrator of the General Services Administration under President George W. Bush. "Especially at that time I think we were substantially more vulnerable."

He said the Pentagon must be prepared for a possible cyber battle, even during very austere times.

"You've got to make sure we're not spending ourselves into bankruptcy, but leverage those taxpayer dollars to make sure we're more secure," said Williams, also a former director of the U.S. Visitor and Immigrant Status Indicator Technology program at the Homeland Security Department and now an executive at Daon, a firm that provides identification verification software.