By the end of April, the Pentagon will be devoting less attention and fewer staff to network security under spending cuts set for Friday, according to budget analysts.
Mandatory, across-the-board decreases in funding will spare the salaries of uniformed Cyber Command members, but many of those personnel will be focused on sequester planning rather than operations. Meanwhile, their civilian peers face furloughs. Defense Department officials must reduce every program’s budget by about 8 percent.
"That workload is going to detract from the actual mission work because you know jobs are at stake. Incomes are at stake," said Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments.
Certain contractors will be let go and civilians will be furloughed for one day a week starting mid-April through the end of September, under the 2011 Budget Control Act that resolved a debt-ceiling crisis. The skeletal programming could continue through 2014 because the $10 billion slashing each year won’t sunset without new legislation.
Harrison said he would not rule out the possibility of long-term axe wielding. "I would call it a worst case scenario," he said. The sequester starting on Friday "was put in place as an unthinkable," but it is now likely, he said. "Now, this 2014 unthinkable [scenario] -- we have to start thinking about it."
Adversaries looking for weaknesses in U.S. networks are taking note of the sky-is-falling discourse as Pentagon leaders prepare for the worst, some defense experts say.
Jim Lewis, a researcher with the Center for Strategic and International Studies, who advises Congress and the Obama administration, said in the fall the notion officials are projecting that the military's guard is down could be a greater threat to national security than the reality of the military’s strength. The bigger risk is "to the foreign perception of U.S. capabilities," he said. "They would decide we are more vulnerable and less competent."
Harrison said, “The rhetoric that is being used, our allies and adversaries are listening to that and we may be sending the wrong message.”
Lawmakers could quickly change the course of events -- without sacrificing the fiscal constraints they voted for -- by passing a measure to grant officials a degree of flexibility when making cuts, according to research.
"The big question is whether the agencies can make tradeoffs among programs within each of the thousands of accounts that would be cut," said Ray Bjorklund, chief knowledge officer at market research firm Deltek.
President Obama might have created a loophole to permit tradeoffs by ignoring legislation related to the deficit deal, he said.
"The Sequestration Transparency Act of 2012 required the White House to illustrate the effects of a sequester down to program, project and activity level. The White House did not answer that data requirement under the act," Bjorklund noted. "I think the White House also resisted reporting at [that] level to ensure they will have enough flexibility to do what makes sense for national security."
He estimates that Defense cyber activities will be scaled back by about $600 million to $800 million total. The types of programs targeted, given some flexibility, might include departmentwide training to heighten awareness of the types of cyber assaults deserving of a U.S. military response.
Cyberwar rehearsals or security tests that employ simulations also could be hampered. "Comprehensive fit-out of new CYBERCOM mission facilities," as well as academic research into novel cyber defense and information operations could be dented, Bjorklund said.
Other analysts are optimistic that Congress can cooperate on legislative fixes to tighten America’s national and economic security, especially in cyberspace.
Within the past two months, The New York Times, Apple, Microsoft and security contractor Bit9 have admitted falling victim to breaches that security researchers term "sophisticated" attacks -- a euphemism for nation state-sponsored intrusions. The White House issued an executive order requiring that agencies exchange with industry sensitive information about threats, and asking that industry do the same. The administration also released a strategy to counter cyber espionage, after computer forensic firm Mandiant tied the Chinese military to more than 140 spying operations in mostly English-speaking countries. And the Pentagon announced a planned five-fold uptick in cyber forces at home and abroad.
"I don't expect the across-the-board approach will last very long if at all," said Shawn P. McCarthy, an IDC Government Insights research director. "Given the current state of events, cybersecurity would be the least logical area to cut.”