This week, President Obama released his annual draft budget for Fiscal Year 2015. The budget calls for reductions in defense, leaving the physical U.S. military at is smallest level since WWII. At the same time, spending levels for cybersecurity could be increasing – or at least they won’t be declining. This reflects a strategic realignment as more threats that face our country come through cyberspace. I had a chance to connect with several McAfee experts to discuss the policy implications of this budget as well as its implications on cybersecurity strategies.
To get an update from a DHS and NIST perspective, I connected with Standards and Technology Policy Director Kent Landfield. Kent’s a new member of my team who brings important insight from his time working with the federal government, most recently in helping develop the NIST framework over the last year or so. Several offices within NIST, and relevant offices within DHS, will see their funding increase, despite the fact that DHS will see a smaller overall budget than it had last year. The program that helps promote and facilitate the framework, known as C3 or C-Cubed, received $8.5 billion. Kent said it’s difficult to know right now how that figure will play out. We should learn more at a March 13 hearing of the House Homeland Security Committee. In other news, Kent noted that implementation of the Continuous Diagnostics and Mitigation (CDM) program, in which McAfee plays a big role, is slated to receive more than $143 million.
For insight on the effectiveness of these investments, I spoke to our VP of Federal, Ken Kartsen. Ken said we have to dive into how this money is actually allocated in the agencies to truly assess whether we’ll be able to defend against damaging cyber-attacks. Having the right technology in place, like our interoperable Security Connected platform, is vital. And even if the budgets for cyber tools stay at current levels or increase, it’s unlikely there will be increased funding for training and personnel – two very important pieces of implementing effective cybersecurity. This means government organizations need to choose tool sets that are smart, integrated and efficient. It only makes sense to go for COTS solutions, as these can deliver a great deal of value at a reasonable price point. Government buyers have to make sure they’re getting as much efficiency and value as possible out of each cyber dollar.
At the same time, Ken emphasized that agencies need to be investing in human capital, because we need more skilled specialists to keep us safe from bad actors on the web. Avoiding a federal government “brain drain” during this time of downsizing will be an important part of making smart cybersecurity investments.
I also connected with Dr. Jarno Limnell, Director of Cyber Security based in Finland, who was in town presenting at a major cyber conference this week. Jarno observed that the growing investments in cybersecurity at a time when traditional defense budgets are shrinking reflect a restructuring of priorities in the United States and other NATO countries. The growing convergence of the digital and physical world, he said, has created a situation where strong cybersecurity assets are as important for protection as physical weapons, vehicles and artillery. As one of the foremost experts on global cybersecurity trends, Jarno noted that we should expect to see cybersecurity growing in the defense budgets of many Western countries, who will follow the US’s lead on matters of national security, especially when it comes to cyber realignment. He echoed Ken’s advice about investing more in training people, not just in purchasing technology.
The budget will of course see many revisions and permutations before becoming a reality. One thing will not change, though: Cybersecurity will become a more important part of our country’s national security strategy over the coming years, and it’s encouraging to see that the government recognizes as much.