Defense funding for cybersecurity is hard to pin down

Confusion over terminology and agency roles suggests serious procurement challenges, observers say.

How much does the military plan to spend on cybersecurity next year?

The answer depends on whom you ask and when.

In mid-February, the White House proposed spending $2.3 billion on cybersecurity at the Defense Department in the release of its 2012 budget request. Simultaneously, Air Force officials announced their cybersecurity request would be $4.6 billion. The Army and Defense Information Systems Agency referred inquiries about their proposed cyber spending to department-level officials. Navy officials said they could not provide a top-line budget figure, since funding that supports Navy cybersecurity activities is scattered across several line items, as well as multiple programs, organizations and commands.

On March 21, in response to a query from Nextgov , Pentagon officials said the original $2.3 billion figure covers all Defense components. On March 23, officials amended that response and provided a higher total -- $3.2 billion -- to reflect the cost of information assurance "program elements" at individual agencies and services, plus activities typically not defined as information assurance that are critical to the military's overall cyber stance.

"When people can't even agree about the most basic terminology, you know there is going to be a lot of confusion," said Noah Shachtman, a nonresident fellow at the Brookings Institution and a contributing editor at Wired magazine. "The chances there aren't billions of dollars in redundancies are slim to none and slim is out of town."

The area surrounding "cybersecurity" funding is gray, given that procedures to protect computers against attack are constantly changing as technology advances, say some observers. Still, the various interpretations of cybersecurity spending translate into real-world financial and national security costs, budget and technology experts note.

"The flaws in the definitions will follow into the procurement cycle and you will end up with the government buying maybe what it doesn't need," said Robert Burton, who served as the top career federal procurement official in the White House Office of Federal Procurement Policy during the George W. Bush administration. Fuzzy cybersecurity budgets likely will result in contract solicitations that contain ambiguous requirements for safeguarding federal networks, he said.

For instance, according to Air Force budget documents , the service's $4.6 billion cybersecurity funding request includes money "to maintain and sustain critical cyberspace capabilities," such as the development of one combined network that can manage information flow among air, space and terrestrial environments. "These migrations streamline and improve security, lower operational costs and standardize the system so airmen can access the network anytime, anyplace," wrote Maj. Gen. Alfred K. Flowers, Air Force deputy assistant secretary for budget.

Source: Defense Department

For more details about how that money would be spent by the military services and Defense agencies, click here .

Department-level officials explained that the Air Force's cyber figure differs from their own Air Force cyber calculation -- pegged at $440 million -- because the service's estimation includes "things" that are not typically considered information assurance or cybersecurity, a department spokeswoman said.

"This is a perfect example of 'What are we spending money for? It's unclear,'" said Burton, now a partner at the law firm Venable LLP in Washington. "Until that's well-defined, you don't really know what the money is going for." There might or might not be duplication in cyber spending across the department's agencies and services because each is characterizing cybersecurity funding differently, he added.

Defense spokeswoman April Cunningham said in an email, "The Air Force included things that we, [at the department's office of the chief information officer] categorize as IT infrastructure, or other activities -- not directly information assurance." According to the department, information assurance consists of five programs, including public key infrastructure, or digital certificates, as well as defense industrial base cybersecurity for private sector assets that support the military.

Cunningham said activities at the Air Force and other services that Defense considers to be "information assurance-cybersecurity" are captured in the total $3.2 billion figure. Based on this formula, the Army is requesting $432 million and the Navy $347 million. Defense agencies -- including DISA, the National Security Agency and the Defense Advanced Research Projects Agency -- are asking for a cumulative $1.6 billion. Details on proposed cyber spending at all Pentagon components are shared with Congress in a classified budget book, she said.

The department's revised request also includes funding for noninformation assurance activities that are integral to the military's cyber posture, specifically cyber operations, security innovations and forensics, Cunningham said. For example, the budget assigns $159 million to the relatively new U.S. Cyber Command, and distributes $258 million among science and technology investments targeted at cyber tools. In addition, some of the proposed funding goes toward a new partnership with the Homeland Security Department, which oversees civilian cyber operations.

Any way you measure it, Defense funding for cybersecurity dwarfs that of Homeland Security. The fiscal 2012 budget for DHS information security is $936 million.

"All of this stuff is still really mushy," Shachtman said. Further obscuring visibility into the budget is the fact that some cybersecurity funding is classified at Defense components such as the NSA. Meanwhile, Cyber Command presents a new spending variable, he noted.

"Exactly where the NSA ends and the Cyber Command ends is a very open question," Shachtman said. "How the Cyber Command is supposed to interact with the services is still being worked out." He predicted it will take years to untangle the process of budgeting for federal computer security.

One way to align spending a bit might be through so-called strategic sourcing, or consolidating purchases across agencies for certain types of services, Burton suggested. The approach is intended to drive down the cost of commonly purchased items by leveraging the Obama administration's buying power.

"A governmentwide strategic procurement strategy is really what they need to focus on because I do think the taxpayers will benefit greatly," he said.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.