Disruptive by Design: Breaking Down the Federal Cyber Budget
President Barack Obama’s cyber-heavy fiscal year 2017 budget recently landed with a thud on the desks of lawmakers. Never before has so much verbiage or dollar emphasis been placed on intelligence, technology and cyber. Overall, this appears to be good news for protecting the homeland. Of course, just how the fiscal request plays out after the markups, cuts and votes remains to be determined. What we do know of the request raises the question: Is the government throwing money around or strategically setting the course for a successful future?
Government plans for information technology and cyber investments amount to nearly $90 billion of the proposed $4.15 trillion overall federal spending request. This covers the realms of energy, medicine, manufacturing, space and agriculture. As a cost analyst for the Defense Department, I am quite concerned with budget changes—especially increases—and seek to know just what, even in generalized terms, contributes to growth, decline or new requirements.
Estimating the cost of information technology and cyber requirements will challenge the most astute of analysts, as the nation procures goods and services that have never before been purchased. As stewards of taxpayer dollars, resource managers have a fiduciary responsibility to know programs, especially how they are funded.
That said, some of the budget details—or lack thereof—are concerning. Some organizations, such as the Office of the Director of National Intelligence, are not required to provide detailed breakouts of classified content for obvious reasons. What little information the agency does share publicly includes plans for “increased intelligence sharing and advancing [intelligence community] integration through continued investment in enterprisewide capabilities and use of cloud technology,” according to a published fact sheet.
The summations seem solid yet light on the necessary detail that would make analyzing pros and cons easier. The lack of in-depth information also does not ease the way for the development of cost estimates. Information technology and cyber are particularly unique specialties with rapidly changing environments that influence cost. For example, the Air Force’s request for offensive cyber operations nearly doubled from $12.8 billion in fiscal year 2016 to $25 billion as noted in the fiscal year 2017 Air Force budget materials. Again, those top-level figures are informative, but so-called “exhibit-level” details would let cost estimators derive the needed information to help reduce spending risks.
As it shifts to a broader focus, the Defense Department seeks $6.7 billion for cyber operations, an increase of $900 million compared with the fiscal year 2016 enacted base budget, which fully supports the department’s defensive and offensive cyberspace operations capabilities and cyber strategy, according to the Office of the Undersecretary of Defense (Comptroller). Other agencies, such as the Department of Homeland Security, provide guidance concerning threat data to support the Cybersecurity Information Sharing Act.
It is refreshing to see that the budget request emphasizes cyber training. Cyber is an obvious area in which to invest, given the escalation of threats and the sophistication of recent attacks. It is equally wise to invest in the work force, regardless of service affiliation. The budget request also hits on several cyber defense options, from funding offensive cyber weapons at tactical levels to earmarking $150 million for a program that conducts cyber exercises across combatant commands.
U.S. Chief Information Officer Tony Scott posited money to expand the CyberCorps: Scholarship for Service program, which aims to increase and strengthen the cadre of federal information assurance professionals. Additionally, a fundamental budget change sets in motion the much-anticipated Cybersecurity National Action Plan (CNAP), a document that focuses on near- and long-term actions to enhance cybersecurity awareness, protect privacy, maintain national security and empower citizens to better control digital security.
The CNAP calls for a $3.1 billion revolving fund so that federal agencies can modernize legacy information technology products. In the Defense Department, about 70 percent of life-cycle costs go toward operating legacy systems—some from the 1960s. The practice no longer makes much sense, especially financially. Creating the revolving fund means recipients will have payback plans—a move that makes sense and cents.
Headline-grabbing cyber attacks evoked calls for action from congressional leaders, such as Sen. Chris Coons (D-DE), who said the nation must do better in contributing to the global proliferation of cyber technology. The administration took a step toward supporting cybersecurity by creating a commission that will propose ways to strengthen cybersecurity over the next decade in both the public and private sectors while “protecting privacy, ensuring public safety and economic and national security, fostering discovery and development of new technical solutions and bolstering partnerships between federal, state and local government and the private sector in the development, promotion and use of cybersecurity technologies, policies and best practices.” It’s a tall order.
The administration has made its move. Now it is up to Congress, whose members have their own fiscal dogs in the budgetary fight.
Jennifer A. Miller, a member of AFCEA’s Northern Virginia Chapter, is a cost analyst and a deputy executive branch chief in the Resource Management Oversight Division of the National Guard Bureau’s Joint Staff. The views expressed here are her own.