Obama Proposes $14 Billion Cybersecurity Budget

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.databreachtoday.com/obama-proposes-14-billion-cybersecurity-budget-a-7867

President Obama proposes to spend $14 billion in fiscal year 2016, which
starts Oct. 1, to support cybersecurity efforts across the government,
including continuous monitoring and intrusion detection initiatives.

"This budget provides the resources we need to defend the nation against
cyber-attacks," Obama said in a statement accompanying the Feb. 2 release
of the $3.5 trillion budget. "No foreign nation, no hacker, should be able
to shut down our networks, steal our trade secrets or invade the privacy of
American families."

Obama's budget is a spending and tax plan - think of it as the White House
wish list - and no one expects the Democratic president's budget to pass
the Republican-led Congress. GOP leaders already have rejected the
president's spending and tax plan, though elements of the budget -
including those dealing with cybersecurity - could be the basis of
appropriations to fund cybersecurity initiatives. Money to fund government
programs comes from individual appropriations bills Congress enacts.

The White House Office of Management and Budget could not provide a figure
on how much the government expects to spend on government IT security
programs in fiscal 2015, which ends Sept. 30. Figures for what was spent in
fiscal 2014 also are not yet available. According to OMB's annual report to
Congress issued last May, government civilian agencies spent $10.3 billion
on IT security in fiscal 2013. Spending levels for classified systems are
secret.

Obama's Cybersecurity Wish List

The budget issued this week doesn't provide specifics on all government
cybersecurity spending, including the proposed allotments to specific
agencies for IT security. Those figures should become available next month.

What's on Obama's wish list for the next fiscal year? One of the biggest
proposed outlays - $582 million - would go to the Department of Homeland
Security to lead implementation of the continuous diagnostic and mitigation
program, commonly known as continuous monitoring, at federal civilian
agencies. Continuous monitoring is aimed at identifying systems
vulnerabilities in near real time.

"Support at the highest level for continuous diagnostics and mitigation is
long overdue," says Franklin Reeder, former chief of information policy at
OMB. "While there are no silver bullets that address the many dimensions of
the cybersecurity challenge, CDM, if widely adopted, would significantly
mitigate cyber-risk."

The proposed allocation to DHS also would fund the latest developments of
the National Security Protection System, the intrusion prevention system
known as Einstein, which would protect all agencies.

Another $514 million would go to the Justice Department to fund the
investigation of cyber-intrusions that pose serious threats to national
security and the nation's economic stability and to prosecute the offenders.

Defending Defense

Within the Department of Defense, the budget includes proposed funding to
continue developing the U.S. Cyber Command to its full strength. According
to Reuters, $5.5 billion of the cybersecurity budget would go to the
Pentagon. The agency's chief weapons tester last month told Congress that
nearly every U.S. weapons program showed "significant vulnerabilities" to
cyber-attacks, including misconfigured, unpatched and outdated software,
the Reuters report notes.

The budget also would provide continuing support for an across-agency
program instituted in 2011 after the unauthorized disclosure of a
half-million diplomatic cables by Chelsea Manning to WeakLeaks.

The administration is requesting $149 million for an initiative to help
secure critical infrastructure IT operated by private businesses. Another
$243 million would be earmarked to support research and development at
civilian agencies to support innovative cybersecurity technologies.

Jacob Olcott, a former Senate Commerce Committee counsel who focused on
cybersecurity, says the government shouldn't short shrift civilian agencies
when funding cybersecurity research and development. "Most classified R&D
spending is designed to secure military systems, and does not help protect
our national critical infrastructure or our sensitive intellectual
property," says Olcott, now vice president for business development at
BitSight Technologies, an information risk advisory company. "If these
things are important, then we have to budget accordingly."

To support long-term cyber-investments, the budget proposes spending $227
million to fund the first phase of construction of the Federal Civilian
Cyber Campus. According to the White House, the cyber campus would
co-locate cybersecurity operations of the DHS and the FBI that should help
the government collaborate with the private sector on cybersecurity.
Another $35 million would be allotted to improve cyber-intelligence
integration, analysis and planning within the federal government.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!