recommended reading

Cost of cybersecurity initiative to triple, panel reports

The Bush administration's proposal to defend government networks against cyberattacks will cost $17 billion, nearly three times original estimates, and is so secret that it cuts the public out of the debate on the program, according to a Senate report.

Comment on this article in The Forum.The cost of the National Cybersecurity Initiative, a multiagency effort to defend government information systems with strong defenses against cyberattacks, originally was pegged at $6 billion. Because of the increase in cost, the Senate Armed Services Committee recommended in a report that major elements of the project be scaled back "because policy and legal reviews are not complete and because the technology is not mature."

According to the report, the Bush administration has asked for large sums to field parts of the system as a prototype, a proposal that would not gain approval if held to standards enforced in normal acquisition programs. The Defense Department and the National Security Agency consistently find they are short of funds to develop secure versions of commercial information technology systems, the Senate report said. To increase funding for such systems, the committee suggested Defense and NSA levy a 1 percent "tax" on their budgets for information systems to fund what it called "anticipatory development" to adapt new commercial technologies for government use.

This tax, according to the report, would help Defense and NSA avoid requirements shortfalls, such as NSA's needed high-speed Internet protocol encryption capability, which has been held up because of a lack ofresources.

Committee members added they also were concerned that the umbrella cybersecurity program was designed to support programs outside its core mission, such as foreign intelligence collection and analysis.

The secrecy thrown over the cybersecurity initiative removes the possibility that it would act as a deterrent for potential enemies to attack systems, the Senate report noted. The United States should disclose its cyber capabilities in the same way it divulged its nuclear capabilities during the Cold War, when adversaries knew "what capabilities we possessed and the price that adversaries would pay in a real conflict," the report noted. "Some analogous level of disclosure is necessary in the cyber domain."

The committee also noted a disconnect between the bandwidth requirements of key Defense projects such as the Army's Future Combat Systems, which is intended to create a network of sensors, vehicles and systems on the battlefield, with the increased bandwidth demands of intelligence systems, including unmanned aerial vehicles.

The report directed Defense and the Office of the Director of National Intelligence to conduct a review of the departmentand intelligence bandwidth requirements for the next 10 years and report on their findings within a year. The language also directs the Defense secretary and National Intelligence director to establish a process to ensure that the bandwidth requirements for their major acquisition programs will be met before fielding.

The Senate and House versions of the 2009 Defense authorization bills must be approved by both bodies, with differences between the two bills worked out in a joint conference and then signed by the president before the final bill becomes law.

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.