Cybersecurity Priorities Unveiled in FY 2015 Budget'Whole-of-Government' Approach to Incident Response Proposed
President Obama's fiscal year 2015 budget outlines a set of priorities - a wish list - of programs the administration hopes to pursue, including a federal cyber campus where civilian agencies can collaborate on cyber-incident response.
Collaboration is among the major cybersecurity themes in Obama's proposed budget for fiscal year 2015, which begins Oct. 1.
"Cyberthreats are constantly evolving and require coordinated, comprehensive and resilient plan for protection and response," according to the 212-page budget document issued March 4. "The budget identifies and promotes cross-agency cybersecurity indicatives and priorities, including improving cybersecurity information sharing while protecting privacy, civil liberties and enhancing state and local capacity to respond to cyber-incidents."
The budget proposes $35 million for the design of a federal cyber campus to co-locate key civilian agencies in the Washington area to promote a "whole-of-government" approach to cybersecurity incident response.
At a press briefing, GSA Administrator Dan Tangherlini says the initiative - to shift about 600,000 square feet of leased space to a federally owned building - is in the early planning stages. "We're spending substantial amounts of resources on rent to maintain multiple, separate activities that we think could provide value if they were consolidated and co-located in single state-of-the-art campus, recognizing that this is the type of work that we're going to need to do in a collaborative way going forward," he says.
Reaction to President's Plan
Franklin Reeder, who chairs the Council on Cybersecurity, a not-for-profit that promotes a secure Internet, says co-locating situational awareness and response operations makes sense. "They need to collaborate but they have very different roles, and I would be concerned about promoting group-think," says Reeder, a former senior manager at the Office of Management and Budget.
Larry Clinton, CEO at the Internet Security Alliance, also says the federal cyber campus concept could prove beneficial because a major challenge the federal government faces in securing its information assets is territorial battles, rather than ideology, money or politics.
"Anything that can break down turf barriers will inevitably help improve process," Clinton says. "This is all the more important in an area like cyber where decisions need to made at light speed. Having experts co-located should help tremendously in facilitating sharing and, most importantly, building relationships among the people in the room."
Clinton envisions such an initiative as leading to the creation of informal networks of experts who will cut through red tape and improve the information sharing process well beyond the formal ties.
Intel Agencies' Goals
Among intelligence agencies, the budget proposes funding enhanced information sharing through expanded use of cloud computing to facilitate greater efficiency and improved data security across the intelligence community.
Improving the security of intelligence networks against intrusion and counterintelligence threats will require the government to adapt to evolving cyberspace capabilities to help protect federal networks, critical infrastructure and America's economy, the budget says.
In discussing the intelligence community, the budget points out that cyberthreats constantly evolve and require a coordinated and comprehensive way of thinking about cyberspace activities.
The budget notes: "No U.S. sector, network or system is immune from penetration by those who seek to make financial gain, to perpetrate malicious and disruptive activity, or to steal commercial or government secrets and property. The IC's [intelligence community's] goal is for relevant pieces of information to be available - to those with appropriate access - in order to connect the dots in identifying cybersecurity threats while protecting individual privacy and civil liberties."
The administration, in the budget, pledges to increase the Defense Department's ability to effectively address the security challenges and opportunities of cyberspace by continuing to invest in research and development to feed innovation in the military and civilian sectors.
Other cybersecurity investments found in the budget include:
- $549 million for DHS to support the Einstein intrusion detection and prevention system and continuous diagnostics and mitigation, key administration cybersecurity initiatives to address threats and vulnerabilities against federal computer systems and networks. "These initiatives conducted through [DHS's] National Protection and Programs Directorate, which protects federal computer systems and networks from cyber-attacks, disruptions and exploitations, strengthen state and local government cybersecurity capacity and support private sector efforts to protect critical infrastructure," the document says.
- $514 million for DHS to support research and development in a number of disciplines, including cybersecurity.
- $680 million for National Institute of Standards and Technology laboratories to accelerate advances in a variety of critical areas, including cybersecurity. A NIST spokeswoman says it would be at least a week before the agency could provide a breakdown on the proposed funding.
In the budget, the administration says the consolidation of federal government data centers makes its IT more secure. Since agencies began executing their data center consolidation plans in 2011, more than 600 of more than 2,000 data centers have been closed, leading to a net reduction in data centers for the first time in over a decade. "Closing these facilities increases agency IT efficiencies, strengthens our cybersecurity posture and decreases the government's energy and real estate footprint," the budget says.