Cybersecurity stimulus: $355 million
Posted on | February 27, 2009 | 4 comments
In moves that should help stimulate the economy, the Obama Administration this week took two big steps toward slowing, and perhaps ultimately reversing, the rapid growth of cybercrime. On Wednesday, Admiral Dennis Blair, Director of National Intelligence, told Congress that he will assume a greater role in cybersecurity. Then on Thursday, the President released his proposed fiscal 2010 budget, which included $355 million in funding to make private- and public-sector cyber infrastructure more resilient and secure.
Above and beyond the $800 billion stimulus package approved by Congress, these developments should provide a sustained economic boost for vendors who supply security hardware, software and related services.
Codes of conduct needed
Clearly, the Obama transition team members assigned to security and intelligence have succeeded in getting the White House up to speed very quickly. Prior to addressing Congress, Blair submitted this 46-page “threat assessment,” which makes numerous references to cybersecurity. “The global financial crises has exacerbated what was already a growing set of political and economic uncertainties,” concludes Blair. “We are nevertheless in a strong position to shape a world reflecting universal aspirations and values that have motivated Americans since 1776: human rights; the rule of law; liberal market economics and social justice. ”
To accomplish these lofty goals, the U.S. intelligence arm must take action on, among other things, “developing codes of conduct for cyberspace,” asserts Blair.
That notion is reinforced in an outline of the Obama budget proposal that concludes: “The threat to federal information technology networks is real, serious and growing.”
According to Reuters, one of the last things the Bush Administration did was conduct a two-day “cyberwar” simulation in December; the test found the United States unprepared for a major hostile attack against its computer networks. Bush has been heavily criticized for ignoring cybersecurity, until cyberspies began to conduct major breaches of government and military systems in 2006 and 2007.
Holistic defenses
Obama’s budget includes “substantial” funding to help build “an integrated and holistic approach to address current cybersecurity threats, anticipate future threats, and continue innovative public-private partnerships,” according to the budget overview.
Rob Housman, Executive Director of the Cyber Secure Institute, praised Blair’s grabbing the cyberthreats bull by the horns.
“Blair’s action is an enormously positive step for our nation’s security. We strongly agree with Blair’s approach,” opines Housman. “In fact, we have previously called for action precisely along these lines.”
Houseman was referring to a report issued by CSI on Jan. 6 calling the super-secretive National Security Agency, where Blair now sits, “the laboring oar in the federal government’s technology security certification programs.” Blair has at his disposal, “extensive expertise in reviewing and analyzing the real security of IT systems.”
An insightful excerpt from the CSI report: “The agency also has many of the world’s best penetration experts on staff. This would give the NSA a major leg up in managing a set of carrots or sticks, or both, to drive private sector cybersecurity; they would know which systems meet the mark and which fall short. These capabilities mean that a shift to the NSA could be much more than a bureaucratic reshuffling of the deck chairs.”
Good sign
Meanwhile, the White House is awaiting the results of a 60-day review of U.S. cybersecurity policy being conducted by a highly-regarded military collaboration consultant, Melissa Hathaway. I have a source in the tech industry who is not a regular government supplier. But he very much would like to be. He has developed some innovative security technologies, but was unable to get to square one with the Bush Administration.
By contrast, it took him just one phone call to leave a message for Hathaway. She called him two days later, and spoke directly with him about what he thought he could contribute. Whether he gets anywhere or not remains to be seen. But I take his experience as a good sign that access and transparency are being implemented, not just talked about.
–Byron Acohido
Photo of Admiral Dennis Blair
Tags: cybersecurity > obama > stimulus_package
Comments
4 Comments »
RSS feed for comments on this post.
The $355 million for 2010 reminded me of the scene in the movie Charlie Wilson’s War where the CIA agent played by Philip Seymour Hoffman tells Congressman Charlie Wilson, played by Tom Hanks that doubling the budget from $5-10 million was “nothing” to go fight the Soviet military with.
Don’t get me wrong, I applaud the administration’s efforts to bring more focus and attention to this area, and they seem to have accomplished quite a lot in their first 60 days.
Maybe it’s that hundreds of millions in government spending doesn’t seem all that much these days given the tens of billions going to financial services and auto company bailouts.
$355 million doesn’t seem to me to match the potential impact of the threat (e.g., on the level of a biological terrorist attack)used in speeches by various government officials. A read of the section of the “Threat Assessment” gives you the impression that the government views the threat as significant and real.
A concerted national effort to adequately secure every endpoint connected to the Internet (not just perimeter security of government infrastructure) would certainly cost more than $355 million.
Frankly, I don’t see states devoting any of their share of the $800 billion stimulus to cyber-security; it’s just not going to rank up there with road and bridge repair, extending unemployment benefits and the like.
So, this appropriation, at least for 2010 looks to me like what we’ll get started with to boost our defenses. Any increase is better than none, and we’ve got all of this other money going to lots of other needy programs like keeping banks and auto companies afloat.
Being in the Internet security industry affords me somewhat more visibility as to what the scope and nature of the threats are, and what it’s going to take just to go from “falling behind” to a state of “keeping up,” much less “get ahead of” the bad guys.
Perhaps the best part of all is that various parts of the government are now coming out and stating “Hey, this is really serious and we have to do something about it.”
Comment by Bill Fallon — 3/3/2009 @ 11:42 am
Byron, you’re right in that this is a good sign from the current administration that the cyber security threat is being taken seriously! As you know, we have only to look to the recent stories of the thwarted Fannie Mae Breach, attacks on Monster.com and many other government agencies and companies to realize that this is a growing problem that needs to be addressed. With employee churn, this ‘insider threat’ is very real and steps and guidelines need to be established to help organizations secure their most sensitive data.
We work with many Forbes Global 2000 companies and government agencies around the world, and we keep hearing the same thing – they’ve got a problem, but are unsure how to solve it. We’re wishing Melissa the best of luck on this one; with the global economy as it is, and organizations having so much to lose, we need a strategy and direction to protect our cyber borders.
Comment by Lisa Spencer – www.twitter.com/lisaatcloakware * — 3/3/2009 @ 12:15 pm
Greater visibility is needed to cut through the overwhelming, dull roar of the attacks that are going on. I follow cyber security for a living and have to work hard to connect the dots and keep up. I would like to see an overview of what was lost in 2006 -2007 when an outside party or parties successfully breached govt and military systems in North America and Europe. How does that surge connect to the earlier Titan Rain breaches, and to what’s going on today? I think that kind of detail would get people’s attention.
Comment by Byron Acohido — 3/3/2009 @ 12:40 pm
Byron, that would be some powerful, scary data for sure. Maybe we’ll see some figures from Melissa after she does her review.
Comment by Lisa Spencer – www.twitter.com/lisaatcloakware * — 3/5/2009 @ 7:03 am