Defense Department cyber leaders explained the 2020 budget request and offered insight into how U.S. Cyber Command is using its new acquisition authority.
The cyber leadership at the Defense Department offered an opaque breakdown of how the services would use the $9.6 billion in funding for cyber defense and operations requested in the president’s 2020 budget proposal.
The Trump administration released an outline Monday of the president’s funding request to Congress, hitting some of the topline numbers, including how much the Defense Department wants to spend on cyber. The $9.6 billion request is about $1 billion more than the administration asked for last year.
The bulk of that funding would go toward cybersecurity, Assistant Secretary of Defense for Homeland Defense and Global Security Kenneth Rapuano, who serves as the principal cyber adviser, told the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities.
“That’s both hardware and software. We have to reduce the risk to DOD information systems,” he told the subcommittee Wednesday. “Then, it really gets to cyber operations,” the offensive side of the coin, which includes hacking tools, training and “all of the elements necessary for us to conduct cyber operations effectively.”
Third, some of that funding will be siphoned toward research and development of new tools—offensive and defensive—“so that we can out-innovate our adversaries,” Rapuano said.
Gen. Paul Nakasone, commander of U.S. Cyber Command, the military’s offensive cyber arm, said $532 million of the total request would go to command headquarters to support cyber operations, while another $1.9 billion would be used to construct buildings and infrastructure to support those operations at four locations.
Approximately 87 percent of the construction and infrastructure funding will go toward the service branches that support CYBERCOM. The remaining funding—about $200 million, according to Nakasone—will be used to support build and infrastructure needs at CYBERCOM headquarters.
In answer to a lawmaker’s question, Nakasone also outlined how the command is using its unique acquisition authority. The command was allocated $75 million in the 2019 budget for rapid acquisition of hacking tools and training. As of Wednesday’s hearing, the command had spent about $44 million during the current fiscal year.
Nakasone said he expects the command to spend a total of $65 million before the end of fiscal 2019.
“That’s not $75 million, and I obviously accept the fact that we fell short of that. But what did we invest it in?” he said. “We invested in tools—significant tools for how we operate with our teams. Secondly, big data analysis. Thirdly, an opportunity for our developers to operate offsite at a facility to look at new networks, new capabilities, new infrastructures. It was done rapidly. It was done, I think, very effectively. And, certainly within the law.”
The command isn’t yet utilizing the acquisition authority fully, Nakasone admitted, but they are happy to have it.
“Our adversaries are rapidly changing, and we see that every day as we operate against them,” he said. “The authorities that you’ve granted our command to be able to do this is a first start for us to be able to operate at their speed.”
Nakasone also noted that CYBERCOM has only filled six of 10 openings for contracting professionals at headquarters. The command expects to fill the last four before the end of the year, which will help expedite future acquisitions.