Sequestration could hurt cyber defense programs

A cybersecurity analyst looks at code in the Homeland Security Department's malware laboratory.

A cybersecurity analyst looks at code in the Homeland Security Department's malware laboratory. Mark J. Terrill/AP

Deep budget cuts will make it difficult for feds to press industry on cybersecurity.

Impending cuts of about $900 million from Homeland Security Department infrastructure and network protection funds and other federal cybersecurity accounts could knock out support for private sector cyberdefense programs, some budget analysts say.

Research and development grants, forensics equipment for prosecuting cybercrime cases and other corporate network security assistance could be scaled back, the experts said. But front-line security of government networks likely would dodge cuts.

The Obama administration on Friday released initial estimates for dollars that could be subtracted from agency accounts in January 2013. Homeland Security infrastructure protection and information security activities are confronting a $911 million cut under sequestration, unless Congress can pass a budget alternative.

“Deep across-the-board cuts will make it hard for the federal government to demand anything regarding cybersecurity out of industry,” said Christopher Bronk, a former State Department diplomat who is now a fellow in information technology policy at Rice University. The victims could be “the national labs that work on securing the grids,” he said. Energy Department support for cybersecurity industrial control systems “would go away,” creating a situation “where the power companies are pretty much on their own.”

Should sequestration go through, agency accounts would be shrink by roughly equal percentages but departments could choose to reduce programs within accounts in proportion to each activity’s importance, said Ray Bjorklund, chief knowledge officer at federal sector market research firm Deltek. For example, funding for Homeland Security emergency communications may face a steeper cut than cybersecurity.

“You just don’t gut the important missions,” Bjorklund said. “But there probably will be some degree of an impact on cyber -- who knows how the agencies are going to go about it.” Perhaps FBI investigators could see money for evidence collecting and travel get the short-shrift, he said.

Another possibility is the National Science Foundation could pare backing for academic research, Bronk said. The funding that goes to the “universities would be tamped down and that’s where much of the innovation goes on,” he said.

And public-private partnerships within the Commerce Department could be delayed, Bjorklund conjectured. One casualty, for instance, could be the National Strategy for Trusted Identities in Cyberspace, a venture aimed at creating a login network similar to the credit card payment system that would let computer users access separate websites without reentering personal information or creating new passwords.

Wartime cybersecurity operations would not be affected, but Cyber Command hiring and long-term development of offensive cyber weapons could be hurt, White House sequestration planning documents suggest.

“While the Department of Defense would be able to shift funds to ensure war fighting and critical military readiness capabilities were not degraded, sequestration would result in a reduction in readiness of many nondeployed units, delays in investments in new equipment and facilities, cutbacks in equipment repairs, declines in military research and development efforts, and reductions in base services for military families,” stated comments accompanying the projected cuts.

Bjorklund postulated that the pace of the Pentagon’s Plan X rollout may be slower than initially planned. Plan X is a broad initiative to lay the foundation for Defense’s activities in offensive computer warfare operations.

That said, the National Security Agency, which has a classified budget, likely would withstand much of the cost-cutting, Bronk said. NSA, a Pentagon branch, conducts cyberespionage and supports Homeland Security, as well as U.S. Cyber Command activities.

Since its activities are so secret, adversaries still may be left with the impression that the United States has its guard down in cyberspace.

“The bigger risk is to all the other programs and to the foreign perception of U.S. capabilities,” said Jim Lewis, a cybersecurity researcher at the Center for Strategic and International Studies, who advises Congress and the administration. “They would decide we are more vulnerable and less competent.”

He doubts the ax would hit Plan X before the military sets aside money for expected research.

Most observers predict Congress, between the November elections and the end of December, will reach a budget deal because neither Republicans nor Democrats want to see sequestration kick in.

“It’s hard to believe Congress would fumble this badly,” Lewis said.

Bjorklund said, “It’s going to be another brinksmanship between the parties and the White House and the Congress.”

Some pessimists say Washington may not broker an agreement until January, which would mean enduring uncertainty “maybe for a week or for a month. I hope it doesn’t happen but it’s entirely possible,” Bronk said.