recommended reading

Sequestration Positions Cyber Command for a Fall

Michael Guggemos/Shutterstock.com

By the end of April, the Pentagon will be devoting less attention and fewer staff to network security under spending cuts set for Friday, according to budget analysts.

Mandatory, across-the-board decreases in funding will spare the salaries of uniformed Cyber Command members, but many of those personnel will be focused on sequester planning rather than operations. Meanwhile, their civilian peers face furloughs. Defense Department officials must reduce every program’s budget by about 8 percent.

"That workload is going to detract from the actual mission work because you know jobs are at stake. Incomes are at stake," said Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments.

Certain contractors will be let go and civilians will be furloughed for one day a week starting mid-April through the end of September, under the 2011 Budget Control Act that resolved a debt-ceiling crisis. The skeletal programming could continue through 2014 because the $10 billion slashing each year won’t sunset without new legislation.

Harrison said he would not rule out the possibility of long-term axe wielding. "I would call it a worst case scenario," he said. The sequester starting on Friday "was put in place as an unthinkable," but it is now likely, he said. "Now, this 2014 unthinkable [scenario] -- we have to start thinking about it." 

Adversaries looking for weaknesses in U.S. networks are taking note of the sky-is-falling discourse as Pentagon leaders prepare for the worst, some defense experts say.

Jim Lewis, a researcher with the Center for Strategic and International Studies, who advises Congress and the Obama administration, said in the fall the notion officials are projecting that the military's guard is down could be a greater threat to national security than the reality of the military’s strength. The bigger risk is "to the foreign perception of U.S. capabilities," he said. "They would decide we are more vulnerable and less competent."

Harrison said, “The rhetoric that is being used, our allies and adversaries are listening to that and we may be sending the wrong message.”

Lawmakers could quickly change the course of events -- without sacrificing the fiscal constraints they voted for -- by passing a measure to grant officials a degree of flexibility when making cuts, according to research.

"The big question is whether the agencies can make tradeoffs among programs within each of the thousands of accounts that would be cut," said Ray Bjorklund, chief knowledge officer at market research firm Deltek.

President Obama might have created a loophole to permit tradeoffs by ignoring legislation related to the deficit deal, he said.

"The Sequestration Transparency Act of 2012 required the White House to illustrate the effects of a sequester down to program, project and activity level. The White House did not answer that data requirement under the act," Bjorklund noted. "I think the White House also resisted reporting at [that] level to ensure they will have enough flexibility to do what makes sense for national security."

He estimates that Defense cyber activities will be scaled back by about $600 million to $800 million total. The types of programs targeted, given some flexibility, might include departmentwide training to heighten awareness of the types of cyber assaults deserving of a U.S. military response.

Cyberwar rehearsals or security tests that employ simulations also could be hampered. "Comprehensive fit-out of new CYBERCOM mission facilities," as well as academic research into novel cyber defense and information operations could be dented, Bjorklund said.

Other analysts are optimistic that Congress can cooperate on legislative fixes to tighten America’s national and economic security, especially in cyberspace.

Within the past two months, The New York Times, Apple, Microsoft and security contractor Bit9 have admitted falling victim to breaches that security researchers term "sophisticated" attacks -- a euphemism for nation state-sponsored intrusions. The White House issued an executive order requiring that agencies exchange with industry sensitive information about threats, and asking that industry do the same. The administration also released a strategy to counter cyber espionage, after computer forensic firm Mandiant tied the Chinese military to more than 140 spying operations in mostly English-speaking countries. And the Pentagon announced a planned five-fold uptick in cyber forces at home and abroad. 

"I don't expect the across-the-board approach will last very long if at all," said Shawn P. McCarthy, an IDC Government Insights research director. "Given the current state of events, cybersecurity would be the least logical area to cut.” 

(Image via Michael Guggemos/Shutterstock.com)

Threatwatch Alert

Network intrusion / Spear-phishing

Researchers: Bank-Targeting Malware Sales Rise in Dark Web Markets

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.