U.S. President Barack Obama's proposed budget would bump up spending on cybersecurity as the government seeks to bolster both information sharing efforts and the resources it dedicates to fighting battles in cyberspace.
Inside the budget, which was unveiled by the president Wednesday, is $810 million to support efforts by the Department of Homeland Security's [DHS] National Protection and Programs Directorate to secure federal computer systems from cyber-attacks. The budget also allocates money for expanding the forces of the US Cyber Command, and calls for $44 million in funding for Comprehensive National Cybersecurity Initiative Five (CNCI-5) to develop a comprehensive, coordinated information sharing system to serve as a foundation for sharing cybersecurity data across the government.
"The issue of information-sharing is intensely challenging, not least because organizations face open-ended liability and business risk if they share threat intelligence," said Francis Cianfrocca, CEO of Bayshore Networks. "This problem could be mitigated with appropriate policy and law changes, but after more than a year of effort, nothing convincing has emerged."
Forty-four million dollars is a trivial amount of money compared to the overall DHS cybersecurity budget, he said, and added that the problem with "under spending" on such a critical effort is a strong indication that DHS has not completely figured out the problem and is still experimenting at a low level.
The focus on cybersecurity comes two months after the president signed a cybersecurity executive order in the wake of continued failures to pass legislation on the subject. Lawmakers in the House are however are expected to vote on a number of cybersecurity initiatives next week.
"It's refreshing to see that in the age of sequestration and furlough that cyber defense isn't being lost in the fray," said FireEye Network/Systems Architect Alex Lanstein. "The fact that all the members of government have finally aligned on the importance of cyber defense should be an indicator to the private sector of the nature of the threat."
The focus on hiring more cybersecurity specialists is also important, argued Jody Brazil, president and CTO of FireMon.
In February, a study released by the International Information Systems Security Certification Consortium (ISC)2 found that a shortage of security experts poses a direct challenge to organizations around the globe. According to the report, 56 percent of the 12,000 information security professionals surveyed said their organizations were short-staffed.
"In the physical sphere the U.S. is proud to have the best trained and best equipped fighting force in the world," Brazil said. "This must be our mission in the cyber sphere as well and backed with real resources immune to budget battles. Technology can be used to better optimize the process and procedure of an active cyber defense, and can focus resources to ensure that most effective use of that budget. But in the end, technology can assist in analysis, but can never replace trained analysts."
In a statement, President Obama said that the country must confront dangers in cyberspace that threaten the nation's infrastructure, businesses and people.
"The budget supports the expansion of government-wide efforts to counter the full scope of cyber threats, and strengthens our ability to collaborate with State and local governments, our partners overseas, and the private sector to improve our overall cybersecurity," he said.