RealTime IT News

Obama Proposes Millions for Cybersecurity

Cybersecurity and Obama budget proposal

Although critics are savaging the Obama administration's proposed budget over its unprecedented deficit spending, industry observers are hailing its plans to set aside $355 million for cybersecurity efforts.

In its fiscal 2010 budget proposal, released today, the White House said it aims to put the money toward making government and private-sector network infrastructure more resilient and secure.

"The threat to federal information technology networks is real, serious, and growing," the budget proposal read. "To address this threat, the President's 2010 Budget includes substantial funding for cybersecurity efforts; such activities will take an integrated and holistic approach to address current cybersecurity threats, anticipate future threats and continue innovative public-private partnerships."

A large portion of the financing -- which will go into effect Oct. 1 -- will land at the Department of Homeland Security (DHS). The outlay includes money for the DHS National Cyber Security Division (NCSD), which works with public, private and international entities to secure cyberspace and America's network assets.

It also will allocate funds to DHS's Comprehensive National Cybersecurity Initiative (CNCI), an effort to reduce the number of potentially vulnerable government Internet access points, improve DHS monitoring technology and encourage government vendors to sell hardware and software only in secure configurations.

While the president's cybersecurity proposal also mentions plans to fund efforts in other areas -- like intelligence and the military -- the budget did not break out this spending, which is typically classified.

The proposal marks a step toward addressing concerns among security experts that the national cybersecurity infrastructure is badly in need of repair. In the wake of a slew of attacks, security lapses and data breaches in several U.S. government agencies and businesses, the Center for Strategic & International Studies (CSIS), a bipartisan think tank, called for the Obama administration to take action on cybersecurity.

Earlier this week, CSIS also joined with a number of U.S. departments to issue guidelines aimed at helping businesses and government agencies enact tighter security.

Supporters of those efforts now see the Obama plan bearing out a number of their key recommendations.

"The good news is that the Department of Homeland Security in previous years had seriously underfunded research in cybersecurity, which was never a priority for the previous administration, and now something's being done," James Lewis, policy director at CSIS, told InternetNews.com.

The current fiscal year's budget, drawn up during the Bush administration, set aside $242 million to maintain and expand the capabilities of one cybersecurity unit within NCSD, the United States Computer Emergency Readiness Team (US-CERT).

While the funding enabled US-CERT to develop additional network defense measures and increase its malware and intrusion analysis capabilities, that portion of the 2009 budget (available here as a PDF document) did not provide for additional cybersecurity measures elsewhere.

Avoid throwing money away

The current administration's proposed budget for fiscal 2010 instead directs IT security spending to the NCSD itself. (That portion of the budget is available here in PDF format.) As a result, DHS initiatives like CNCI will also receive funding.

[cob:Special_Report]"This budget is a positive sign that the new administration will continue to invest in and emphasize cybersecurity," Shannon Kellogg, a member of the CSIS commission that compiled its report, told InternetNews.com.

But Kellogg, who is also director of information security policy at RSA, the security division of storage giant EMC (NYSE: EMC), also warned that the work's far from over.

In particular, he said the White House needs to devise effective short-, medium- and long-term strategies to deal with U.S. cybersecurity, rather than simply throw money at the problem.

Page 2: U.S. network security under attack