The Obama administration’s 2015 budget request hints at novel approaches to the cyber threat at civilian agencies and the Pentagon. Funding-related papers released on Tuesday to justify spending for congressional appropriators do not include the details. So, look for officials to color in the picture during House and Senate hearings in the weeks ahead.
1. Deployment of new cyber mission forces
The Defense Department last year reorganized cyber warriors among three "cyber mission force" components. Now comes the challenge of recruiting and retaining personnel to boost the size of each of those components. The quadrennial defense review states, “The Cyber Mission Force will be manned by 2016.” Employees will be positioned among the following groups:
- 13 Cyber Command National Mission Teams with 8 National Support Teams that thwart cyberattacks headed stateside
- 27 Cyber Command Combat Mission Teams with 17 Combat Support Teams that aid combatant commands worldwide
- 18 Cyber Command National Cyber Protection Teams that operate and safeguard the dot-mil domain and internal military networks
- 24 Service-level Combat Mission Teams
- 26 Combatant Command-level and Defense Information Network- level Cyber Protection Teams
2. A federal cyber campus
The administration will design a Federal Cyber Campus to "co-locate key civilian cybersecurity agencies" so they can respond in a united front when cyber incidents are called in, according to the budget. The FBI, U.S. Computer Emergency Readiness Team and Commerce Department have sometimes struggled to coordinate with each other in their response to hacks.
3. Cyber warriors near China and the Korean Peninsula
The Army plans to spend 2015 money on dispatching cyber protection teams to the Pacific region, Maj. Gen. Karen Dyson told reporters on Tuesday. Those teams launch cyberattacks against adversaries and gird America's own military networks.
4. A clearer bill for taxpayers
Over the years, the accounting of cyber funding has not kept pace with the increase in spending, largely due to program labels. For example, Defense requested $2.3 billion to pay for cyber during fiscal 2012. At the same time, the Air Force released a budget that projected spending $4.6 billion on cyber. The reason the part was larger than the whole: The Air Force was improperly counting "things" that are not typically considered cyber in its request. Defense revised its cyber spending estimate and provided a higher total budget -- $3.2 billion.
Now, Defense officials say they plan to spend $5.1 billion on cyber. And this time, they admit the cyber budget is an exercise in creativity. "It's fair to say that there's no -- really no set of program elements that lead to this number," Defense Comptroller Robert F. Hale told reporters on Tuesday. "Maybe there need to be, but there aren't at the moment. So we work with the CIO to come up with this number."
That number largely represents Cyber Command initiatives, as well as contributions from the services; other cyberattack and cyber defense spending outside Cyber Command; overall information assurance; public key infrastructure -- or encryption; and research and development. "We've tried to capture all, but I -- I would say there's a gray area here in exactly what counts as cyber. We're doing a lot of other things that contribute."
Get the Nextgov iPhone app to keep up with government technology news.