US president Barack Obama’s last budget proposals include $19bn for cyber security, but critics say this is still not proportionate to the threat.
Although the US cyber security budget allocation for 2017 represents a 35% increase on the previous budget, it is still a small fraction of the overall US defence budget.
Jeff Hill, channel marketing manager at security firm STEALTHbits Technologies, said that in absolute terms, the $19bn is encouraging and “nothing to sneeze at”.
But he pointed out that the federal government spends about $700bn on defence, intelligence and homeland security, so the spending on cyber security represents only 2.7% of the total defence budget, up from 2% previously.
“This budget priority reality begs the question: do cyber attacks – from organised state actors to well-heeled crime syndicates, to independent hackers looking to make a name for themselves – represent a mere 2% or 3% of the risk to the US economy and the safety of its citizens?” he said.
“A 2.7% priority might be progress – but we’ve got a long way to go.”
The budget proposals come just days after a data breach at the US Department of Justice again put the spotlight on the cyber security of US government systems, which has been under increased scrutiny since the massive data breaches at the Office of Personnel Management in 2014 and 2015.
The budget plans coincide with Obama’s announcement of a Cybersecurity National Action Plan (CNAP) that is aimed at helping the US to stay ahead of rapidly evolving cyber threats.
The CNAP’s top priority is to improve cyber security across the government and it includes a proposal for a $3bn fund to kick-start an overhaul of federal computer systems.
“It is no secret that, too often, government IT is like an Atari game in an Xbox world,” Obama wrote in an article published in the Wall Street Journal.
“The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way,” he said.
Read more about UK government initiatives on cyber security
- Government has announced a £250,000 programme to increase the rate of cyber security startup development in the UK.
- Demand for people with the right mix of skills to keep organisations in Australia safe from cyber attack is far in excess of supply.
- The government and the CIPD have launched a free e-learning module to help HR professionals protect sensitive HR data and educate the wider workforce about cyber security.
- The UK government has granted the information security industry a £1.1bn defence fund that includes initiatives aimed at fighting cyber threats.
The CNAP requires federal agencies to increase protection for their most valued information and make it easier for them to update their networks.
Obama said he was creating a new federal position of chief information security officer to drive these changes across government.
The CNAP proposes a $62m fund to increase US efforts to build a corps of cyber professionals across government to promote best practices at every level.
Obama has proposed offering scholarships and forgiving student loans to recruit the best talent from Silicon Valley and across the private sector.
The CNAP aims to strengthen US government partnerships with the private sector to deter, detect and disrupt threats, including to the nation’s critical infrastructure.
Obama said the newly-established cyber security Center of Excellence will bring together industry and government experts to research and develop new cutting-edge cyber technologies.
Other related initiatives include setting up a national testing lab, where companies can test their systems’ security under simulated attacks, and offering cyber security training to more than 1.4 million small businesses and their staff.
The CNAP is also aimed at helping US citizens to protect themselves online. Obama said that in partnership with industry, the government is launching a new national awareness campaign to raise awareness of cyber threats.
Finally, the CNAP includes establishing a bipartisan Commission on Enhancing National Cyber Security to focus on long-term solutions.
“Working together, my administration and congressional leaders will appoint top business, strategic and technology thinkers from outside government to provide specific recommendations for bolstering cyber security awareness and protections across the public and private sectors over the next decade,” said Obama.