Obama's cyber security budget increase not enough, say critics

US president proposes increasing the country’s cyber security budget by 35% to $19bn, but security experts suggest more is needed

US president Barack Obama’s last budget proposals include $19bn for cyber security, but critics say this is still not proportionate to the threat.

Although the US cyber security budget allocation for 2017 represents a 35% increase on the previous budget, it is still a small fraction of the overall US defence budget.

Jeff Hill, channel marketing manager at security firm STEALTHbits Technologies, said that in absolute terms, the $19bn is encouraging and “nothing to sneeze at”.

But he pointed out that the federal government spends about $700bn on defence, intelligence and homeland security, so the spending on cyber security represents only 2.7% of the total defence budget, up from 2% previously.

“This budget priority reality begs the question: do cyber attacks – from organised state actors to well-heeled crime syndicates, to independent hackers looking to make a name for themselves – represent a mere 2% or 3% of the risk to the US economy and the safety of its citizens?” he said.

“A 2.7% priority might be progress – but we’ve got a long way to go.”

The budget proposals come just days after a data breach at the US Department of Justice again put the spotlight on the cyber security of US government systems, which has been under increased scrutiny since the massive data breaches at the Office of Personnel Management in 2014 and 2015.

The budget plans coincide with Obama’s announcement of a Cybersecurity National Action Plan (CNAP) that is aimed at helping the US to stay ahead of rapidly evolving cyber threats.

The CNAP’s top priority is to improve cyber security across the government and it includes a proposal for a $3bn fund to kick-start an overhaul of federal computer systems.

“It is no secret that, too often, government IT is like an Atari game in an Xbox world,” Obama wrote in an article published in the Wall Street Journal.

“The Social Security Administration uses systems and code from the 1960s. No successful business could operate this way,” he said.

The CNAP requires federal agencies to increase protection for their most valued information and make it easier for them to update their networks.

Obama said he was creating a new federal position of chief information security officer to drive these changes across government.

The CNAP proposes a $62m fund to increase US efforts to build a corps of cyber professionals across government to promote best practices at every level.

Obama has proposed offering scholarships and forgiving student loans to recruit the best talent from Silicon Valley and across the private sector.

The CNAP aims to strengthen US government partnerships with the private sector to deter, detect and disrupt threats, including to the nation’s critical infrastructure.

Cutting-edge technologies

Obama said the newly-established cyber security Center of Excellence will bring together industry and government experts to research and develop new cutting-edge cyber technologies.

Other related initiatives include setting up a national testing lab, where companies can test their systems’ security under simulated attacks, and offering cyber security training to more than 1.4 million small businesses and their staff.

The CNAP is also aimed at helping US citizens to protect themselves online. Obama said that in partnership with industry, the government is launching a new national awareness campaign to raise awareness of cyber threats.

Finally, the CNAP includes establishing a bipartisan Commission on Enhancing National Cyber Security to focus on long-term solutions.

“Working together, my administration and congressional leaders will appoint top business, strategic and technology thinkers from outside government to provide specific recommendations for bolstering cyber security awareness and protections across the public and private sectors over the next decade,” said Obama.

Read more on Hackers and cybercrime prevention