FY2019 Budget Sees Cyber Funding Boost, Research Cuts. President Trump’s recently revealed budget for fiscal year 2019 increases #cybersecurity funding across the government, but also includes significant cuts in funding for #cyber #research.


Trump’s 2019 Budget Boosts Cyber Spending but Cuts Research

Nextgov | By Joseph Marks

President Donald Trump’s 2019 fiscal year budget request boosts cybersecurity funding by about 4 percent across the government, including significant hikes at the Homeland Security Department and Pentagon.

The overall increase includes even larger cyber funding spikes at key agencies, including a 23 percent jump at the Energy Department, a 33 percent jump at the Nuclear Regulatory Commission and a 16 percent hike at the Veterans Affairs Department. The budget, however, includes a massive cut of 18 percent to the government’s main cyber standards organization, the National Institute of Standards and Technology. That cut comes as NIST is working on an update to its cybersecurity framework, which is now mandatory for all federal agencies.

The budget also marks a major shift for cyber research and development funding inside the Homeland Security Department. Cyber research was formerly housed primarily in the department’s Science and Technology Directorate. Going forward, that funding, which totals $41 million in the president’s budget request, will be inside the cyber and infrastructure protection division—called the National Protection and Programs Directorate, or NPPD. The move is another blow for the Science and Technology Directorate, which has faced significant budget cuts since the start of the Trump administration.

The shift was made so “operators on the ground have influence over research and development,” a senior administration official said during a press call. The cyber and infrastructure protection division will work closely with the science and technology division on research priorities, the official said.The budget also calls for a small spike in government-wide information technology spending.

The president’s budget request is as much an ideological document as a budgeting one. The request lays out the executive branches’ funding priorities, but those numbers are only a rough starting point when Congress begins its own budgeting process and they’re often ignored entirely. Funding Hikes at Homeland Security and Defense, Homeland Security cyber spending overall will stay roughly flat at about $1.72 billion.

The cyber division of the department’s cyber and infrastructure protection wing, however, will get a 7 percent spike from $665 million in the 2018 fiscal year to $712 million this year.

In addition to protecting federal civilian government computer networks, that division is also helping states secure their election systems against cyberattacks.

The budget includes $238 million for Homeland Security’s continuous diagnostics and mitigation program, which delivers a suite of cybersecurity tools to federal agencies and will eventually track federal computer systems on a government-wide dashboard. That’s down from $279 million in last year’s request.

The budget commits $407 million for a government-wide intrusion detection program called Einstein. That’s up from $397 million in last year’s request.

At the Pentagon, total cyber funding jumps to $8.5 billion in this year’s request, a 4.2 percent hike over the prior year.

That jump comes as U.S. Cyber Command, which was elevated last year to a unified combatant command, is in the process of reaching full operational capability.

The budget released Monday also:

  • Includes $8 million for the White House Office of Management and Budget’s cybersecurity oversight responsibilities, down from $19 million last year.
  • Includes $25 million for a cybersecurity enhancements account at the Treasury Department, which will help upgrade high-value Treasury computer systems that rely on outdated technology. The fund will also help the department respond more nimbly to cyber incidents. Overall cyber funding at Treasury will drop from about $529 million last year to $500 this year.
  • Raises funding for the Justice Department’s national security division, which prosecutes cyber crimes, from $95 million to $101 million. Overall Justice Department cyber funding is at $721 million, up from $704 million last year but down from $735 during the final year of the Obama administration.
  • Includes $10 million for cyber upgrades at the Transportation Department.
  • Hikes Veterans Affairs Department cyber funding 16 percent from $360 million last year to $418 million this year.
  • Raises cyber funding at the Office of Personnel Management 18 percent, from about $39 million to about $46 million.
  • Hikes Nuclear Regulatory Commission cyber funding 33 percent, from about $24 million to about $32 million.

Hikes Energy Department cyber funding 23 percent, from about $379 million to about $465 million.

DHS: More Fed Cyber Services Could Be Outsourced

Barry West, the Department of Homeland Security’s senior accountable official for risk management, believes that federal agencies may pursue outsourced cyber security services from contractors more frequently, due to the ongoing global shortage of and competition for cyber talent.

Government Could Shift to Security-as-a-Service, DHS’s West Says
Fedscoop | By Carten Cordell

With cyber talent in high demand, Barry West said Thursday that the government may soon to lean more heavily on the private sector for cyber security help.

West, the Department of Homeland Security’s senior accountable official for risk management, said that an ongoing global shortage of cyber talent could soon push agencies to more frequently pursue outsourced cyber security services from contractors rather than try to compete with the private sector.

“When I look at a visionary view of cyber, I think this is really where we are headed,” he said at ATARC’s Federal CISO Summit. “This would have been far-fetched probably five years ago, saying you were going to have a private sector company perform your security.”

West pointed to research from Gartner that predicted that there would be a global cyber shortfall of 1.8 million by 2022 — with the federal government struggling to compete with the private sector for talent, it may be more beneficial for agencies to contract for it, he said.

“This isn’t to say that there’s not going to be government oversight; there’s still not going to be a [chief information security officer] in charge,” he said, “but I really think we are headed for a model where we are going to see security-as-a-service and you are going to see [security operations center, or SOCs] as a service.”

West added that DHS is already in talks to consolidate 12 to 13 “disparate SOCs” — which help monitor cyber security posture from across the agency’s networks — saying that it is a key priority for Secretary of Homeland Security Kirstjen Nielsen.

“She really wants to see that happen,” he said. “It really shows when you have a major incident — when we had the WannaCry incident last year, it became real clear some of the disorganization we had around reporting.”

Consolidation would precede SOC-as-a-service, West said, with DHS beginning to merge SOC operations in the National Capital Region.

“I think it’s the way we’re headed. I think you will hear more of the SOC consolidation at DHS next year. That’s going to be a big focus for us,” he said.

After that, West said, DHS would likely craft some prototypes to test the SOC-as-a-service model over the next three to four years.

“I think we have to start thinking about it now and planning, but I think it’s the way of the future,” he said.