As concerns mount about the possibility of a cyber-attack against critical infrastructure, countries are focusing on boosting their security spending to include cyber-defenses.
President Barack Obama signed the executive order in February requiring the National Institute of Standards and Technology (NIST) to create a framework for “reducing cyber-risks to critical infrastructure.” NIST, in collaboration with the General Services Administration, Department of Defense, and Department of Homeland Security, has been holding a series of workshops to identify priority elements and released an initial draft on July 1. The draft will be expanded and refined over the next few weeks to identify the “voluntary” guidelines organizations will have to meet in order to protect their critical networks from cyber-attacks.
The increased focus on cyber-security is translating directly to increased spending.
Just last month, a cyber-security budget from the DoD called for spending almost $23 billion through fiscal year 2018. The budget included initiatives to protect computer networks and to develop offensive capabilities. The budget requested $4.72 billion in fiscal 2015, $4.61 billion in 2016, $4.45 billion in 2017, and $4.53 billion in 2018, according to Bloomberg News, who obtained a copy of the budget document.
In comparison, the White House asked for $4.65 billion for the 2014 fiscal year in the budget proposal sent to Congress back in April. The 2014 figure is an 18 percent increase over this year’s budget.
The Pentagon plans to spend $9.3 billion through 2018 for information-assurance systems that would block attackers and prevent disruptions on DoD’s networks. Another $8.9 billion will be spent on cyber-operations, which would include both defensive and offensive capabilities. The U.S. Cyber Command’s headquarters is projected to receive as much as $1.28 billion through 2018.
The president’s budget proposal requested more than $13 billion for cyber-programs, or about 16 percent of the federal IT budget. Under the proposal, DHS would also receive $300 million to better monitor federal networks, $85 million to the Commerce Department for cyber-network support, and $79 million to help the departments of Homeland Security, Justice and Defense to identify and respond to cyber incidents.
While there is some disagreement on how to approach information-sharing and how to protect government and private networks, there appears to be some consensus that the federal government needs to boost cyber-spending, according to a survey commissioned by Tenable Network Security earlier this year. In the survey, about 92 percent of Americans said public utilities such as power grids, transportation systems, and communications, were vulnerable to state-sponsored cyber-attacks. About 60 percent of respondents said they would be in favor of increasing government spending to train “cyber-warriors,” according to the survey.
The focus on cyber-security spending is not just on this side of the Atlantic.
Late last month, George Osborne, the United Kingdom’s chancellor, outlined spending increases as part of an effort to protect UK interests in cyber-space. The Chancellor said £210 million ($312.9 million) would be invested in the Cabinet Office’s National Cyber Security Programme (NCSP). Cyber security spending will be “ring-fenced,” or separated out as its own category instead of being lumped in with other financial items, Osborne said. He called cyber-security “the new frontier of defense.”
During a cybersecurity debate at the Geneva Press Club on July 15, Hamadoun Toure, secretary general of the International Telecommunication Union (ITU), said the international community must wake up to the reality of cyberwar and strive to find ways to stem it.
“Just like a conventional war, there are no winners, only destruction,” Hamadoun warned.
Ring-fencing the country’s cyber defense spending is “clear evidence” the government considers defending from cyber-threats a priority on, Rob Cotton, CEO at NCC Group told SecurityWeek. The fact that cyber-defense is on the government’s agenda is “a big positive for consumers, businesses and the security industry,” Cotton added.
“What we need now is a clear and long-term strategy for spending, to ensure that we’re investing in skills and security infrastructure that will sustain the country in the years to come,” Cotton said.