CYBERCOM to Congress: We Need a Bigger Budget

A Republican challenged the head of U.S. Cyber Command to explain why the force’s proposed budget would rise next year, with trillion-dollar deficits coming back.

CYBERCOM, tasked with coordinating cyberattacks and defending critical U.S. networks, has requested slightly more than $500 million for fiscal 2017, a 9 percent increase over this year's $466 million enacted funding level.

But Rep. Mo Brooks, R-Ala., a member of the Armed Services Committee, wants CYBERCOM chief Adm. Mike Rogers, to stretch each dollar further for the day when the nation has run out of borrowing capacity.

"The reason I bring this up, and I'm not sure if you're familiar with it, but America's financial condition has taken a fairly stark turn for the worst," Brooks said at a Wednesday subcommittee hearing on the command's funding proposal. (The day before, Brooks had warned on the House floor that the United States might turn into Venezuela, a socialist economy in collapse, if binge borrowing doesn't stop.)

Rogers justified what he called "systematic" increases over the last few years with the observation that every American who has gone online is either now a cybercrime victim or has been affected indirectly by higher fees as a result of data thefts. 

The Obama administration last month sent Congress a total $19 billion bill for securing Americans’ data in 2017, a 35 percent increase over 2016 spending.

"This is not a mission set that we are going to efficiency our way out of," Rogers said. "The investments that we are making in cyber reflect the nature of the world we are dealing with from a threat perspective," even though it is understood that money is tight.  

The menace CYBERCOM is up against remains nation-state hack attacks perpetrated by China, Iran, North Korea and Russia, he said. Islamic State also presents "a concern," but mainly for its harnessing of cyberspace as a recruitment and propaganda instrument, Rogers added.

Of note, an incident outlined in his written testimony describes "ISIL-affiliated cyber operators" who last spring posted online the personal details of more than 100 U.S. military members, many of whom were based in the domestic U.S.

The hackers were "urging followers in the United States to assassinate them and their family members," Rogers said, adding that "while there is no direct link between this ISIL posting of personal information on service members and the recent extremist shootings in the U.S. and France, ISIL wants its followers on the Internet to take inspiration from such attacks."

Of the command's 133 Cyber Mission Force teams slated to come online by Sept. 30, 2018, about 27 are fully operational. Meanwhile, about 100 teams or elements of those teams, comprising 4,990 people, are "conducting cyber operations to include teams that are supporting Central Command's ongoing efforts to degrade, dismantle and ultimately, defeat ISIL," Rogers said. 

Late last month, the Defense Department, for the first time, announced the existence of an offensive cyber operation. Conducting cyberattacks is one of three responsibilities under the command’s purview, in addition to protecting military networks and, when asked to, deflecting private sector hacks. 

According to the Pentagon, cyber assaults unleashed against ISIL are aimed at overloading communications networks between Iraq and Syria, so they can't function, as well as causing systems to malfunction in such a way the extremists don't trust their own IT.  

"This is something that's new in this war, not something you would've seen back in the Gulf War, but it's an important new capability and it is an important use of our Cyber Command and the reason that Cyber Command was established in the first place," Defense Secretary Ash Carter told reporters Feb. 29.

CYBERCOM received about $509 million in 2015. In 2014, the command was funded at around $546 million, which included money for one-time purchases “to fit-out and lease facilities” for an eventual 6,200-person force, Pentagon spokeswoman Lt. Col. Valerie Henderson said in March 2015.

CYBERCOM has operated with efficiency in mind since its 2010 inception, testified Rogers, who doubles as the director of the National Security Agency. Defense collocated CYBERCOM and NSA at Ft. Meade so they could share tools and talent.

"The idea was don't replicate the billions of dollars of investment that the nation has made in generating cyber expertise for example at the National Security Agency," Rogers told Brooks.