Air Force and Army Disclose Budget for Hacking Operations
Services detail cyber offensive activities and tools for the first time.
The Pentagon has for the first time detailed $30 million in spending on Air Force cyberattack operations and significant new Army funding and staff needs for exploiting opponent computers.
Since 2011, top military brass have acknowledged the United States has the capability to hack back if threatened by adversaries in cyberspace. Now, the Defense Department is providing lawmakers and taxpayers with evidence of network assault programs to sustain funding, budget analysts say.
The Air Force in fiscal 2014 expects to spend $19.7 million on "offensive cyber operations," including research and development, operations, and training, according to budget documents circulated this week.
The service estimates needing $9.8 million for new tools to run those offensive cyber operations, including memory storage, local and long-haul communications, and "unique intelligence and analysis equipment," a spending justification stated.
The Air Force money also would cover products for certain defense operations, described as "counter information” capabilities that protect systems and content against deliberate or inadvertent intrusions, corruption and destruction.
In addition, the account would fund infrastructure for training, exercises and rehearsals "to support real-world contingency missions."
Air Force officials told Nextgov they chose to divulge this information because cyber offense will be a standard line item from now on and the public needs to understand what it is paying for.
"We know the Air Force's capabilities in cyber are going to continue to be touchstones for the whole joint team, the whole of government and for the private sector," Air Force spokesman Maj. Eric Badger said. Cyber Command, for instance, is on track to install by fall a full mission force to deflect incoming assaults on networks powering energy, banking and other critical U.S. businesses.
The Air Force must explain why this additional money is necessary, at a time when the Pentagon is cutting back on other personnel and weapons.
"We are committed to maintaining the right balance of integrated cyber capabilities and forces that are organized, equipped and trained to successfully conduct operations in cyberspace. We're equally as committed to doing so in a way that's respectful of the taxpayers' dollar," Badger said.
Elsewhere in the Pentagon budget, the Army proposes hiring 65 new employees and spending more money -- $4.9 million more -- for "computer network exploitation" and "computer network attack" capabilities.
Some military spending analysts wonder whether the services are wasting money by duplicating hacking investments.
"Do we really want each service going off and developing their own capabilities for these threats?" questioned Todd Harrison, senior fellow for defense budget studies at the Center for Strategic and Budgetary Assessments. "How much redundancy are we building across the services in the areas of cyber? What is unique to the Army?”
It could be more economical for a single component to manage all cyberattack spending, he added.
"Maybe it's time to give Cyber Command more budget authority," Harrison said.
Other military experts said the services might be giving away these details to ward off potential foes on the Internet.
"For some time now, U.S. Cyber Command has advertised it is prepared to conduct full spectrum cyber operations," which include attacking adversary networks, said retired Air Force Maj. Gen. Charles Dunlap, a former deputy judge advocate general.
Dunlap, now executive director of Duke University's Center on Law, Ethics and National Security, added, "It is pretty clear that the U.S. intends to convey the message that it is prepared to fight in cyberspace with cyber weapons."
As for signaling the Air Force’s cyber might with money, Badger said, "Operating with assurance in the cyber domain is a national security imperative,” but “rest assured, the cyber activities of the Department of Defense are always undertaken in accordance with existing policy and law and executed under specific authority."
Harrison quipped, "It’s probably more of a signaling to Congress."