recommended reading

Air Force and Army Disclose Budget for Hacking Operations

aster Sgt. Charlie Sanders (left) and Capt. Lashon Bush work on a Mission Event Synchronization List in the Joint Cyber Control Center at Grafenwoehr, Germany

aster Sgt. Charlie Sanders (left) and Capt. Lashon Bush work on a Mission Event Synchronization List in the Joint Cyber Control Center at Grafenwoehr, Germany // U.S. Army

The Pentagon has for the first time detailed $30 million in spending on Air Force cyberattack operations and significant new Army funding and staff needs for exploiting opponent computers.

Since 2011, top military brass have acknowledged the United States has the capability to hack back if threatened by adversaries in cyberspace. Now, the Defense Department is providing lawmakers and taxpayers with evidence of network assault programs to sustain funding, budget analysts say.

The Air Force in fiscal 2014 expects to spend $19.7 million on "offensive cyber operations," including research and development, operations, and training, according to budget documents circulated this week.

The service estimates needing $9.8 million for new tools to run those offensive cyber operations, including memory storage, local and long-haul communications, and "unique intelligence and analysis equipment," a spending justification stated.   

The Air Force money also would cover products for certain defense operations, described as "counter information” capabilities that protect systems and content against deliberate or inadvertent intrusions, corruption and destruction.

In addition, the account would fund infrastructure for training, exercises and rehearsals "to support real-world contingency missions."

Air Force officials told Nextgov they chose to divulge this information because cyber offense will be a standard line item from now on and the public needs to understand what it is paying for.

"We know the Air Force's capabilities in cyber are going to continue to be touchstones for the whole joint team, the whole of government and for the private sector," Air Force spokesman Maj. Eric Badger said. Cyber Command, for instance, is on track to install by fall a full mission force to deflect incoming assaults on networks powering energy, banking and other critical U.S. businesses.

The Air Force must explain why this additional money is necessary, at a time when the Pentagon is cutting back on other personnel and weapons.

"We are committed to maintaining the right balance of integrated cyber capabilities and forces that are organized, equipped and trained to successfully conduct operations in cyberspace. We're equally as committed to doing so in a way that's respectful of the taxpayers' dollar," Badger said.

Elsewhere in the Pentagon budget, the Army proposes hiring 65 new employees and spending more money -- $4.9 million more -- for "computer network exploitation" and "computer network attack" capabilities.

Some military spending analysts wonder whether the services are wasting money by duplicating hacking investments.

"Do we really want each service going off and developing their own capabilities for these threats?" questioned Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments. "How much redundancy are we building across the services in the areas of cyber? What is unique to the Army?”

It could be more economical for a single component to manage all cyberattack spending, he added.

"Maybe it's time to give Cyber Command more budget authority," Harrison said.

Other military experts said the services might be giving away these details to ward off potential foes on the Internet.

"For some time now, U.S. Cyber Command has advertised it is prepared to conduct full spectrum cyber operations," which include attacking adversary networks, said retired Air Force Maj. Gen. Charles Dunlap, a former deputy judge advocate general.

Dunlap, now executive director of Duke University's Center on Law, Ethics and National Security, added, "It is pretty clear that the U.S. intends to convey the message that it is prepared to fight in cyberspace with cyber weapons."

As for signaling the Air Force’s cyber might with money, Badger said, "Operating with assurance in the cyber domain is a national security imperative,” but “rest assured, the cyber activities of the Department of Defense are always undertaken in accordance with existing policy and law and executed under specific authority."

Harrison quipped, "It’s probably more of a signaling to Congress." 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.