Cybersecurity endures as a top priority for federal agencies, the Trump administration, and Congress. So whatever other budget battles that might lie ahead, cyber will remain an important opportunity. In fact, two recent reports ought to scare the heck out of not just agency managers but pretty much every American.
In January the intelligence community released its 2019 worldwide threat assessment. You need turn no further than page 5 to see the litany of cyber threats ⎯ cyber actions, in reality, coming at the federal assets from Russia, China, Iran, and North Korea. Then, just the other day, the Navy leaked a report to the Wall Street Journal. Commissioned by Secretary Richard Spence, the report basically concluded the Navy and its contractors and partners, are overwhelmed by cyber attacks, has lost unknown amounts of classified data, and have no idea how to deal with it.
Once again, ensuring cybersecurity of the nation, including the government’s own networks, adorned the Government Accountability Office’s biennial list of high risk programs. It’s a particularly troublesome one in the eyes of Comptroller General Gene Dodaro, because it threatens everything else the government does.
So, there’s an incentive to keep investing in cybersecurity.
In its “skinny” budget proposal for 2020, the administration didn’t give too many numbers beyond its top line wants. However, one it did include was $9.6 billion for cybersecurity, which compares to $8.5 billion estimated spending for fiscal 2019.
Homeland Security would get $1 billion, partly to increase the number of assessments of civilian agency networks. That’s a couple of hundred million dollar jump from 2019 spending for the continuous diagnostics and mitigation program and for various activities and purchases by the newly named Cyber and Infrastructure Security Agency (formerly the NPPD).
How will the money be spent?
The administration wants further development of the CDM program and of the Einstein 3 network, including the acquisition tools to be deployed to other agencies.
Each agency, of course, will have its own IT allocation for 2020, but those numbers aren’t out yet.
There’s growing concern about the oft-cited shortage of skilled cybersecurity people, and about how government and industry seem to be pursuing the same talent pool. Perhaps, but it’s leading to growing acceptance of the idea of shared services. That can take the form of shared security operations centers, cloud-hosted cybersecurity services, and even people exchanges if the bureaucratic rules can be overcome. Further ahead, the cybersecurity industry players promise artificial intelligence and machine learning will counter the growing volumes and complexity of data connected to cybersecurity.
For vendors, this all suggests an approach of emphasizing how tools and services amplify cyber staff productivity. Moreover, interoperability will be a more important selling point because cyber practitioners worry about ending up with an array of tools that itself becomes hard to manage. A third buying consideration will be how tools support the buying agency’s risk management strategies. These, in turn, are often driven by the National Institute of Standards and Technology frameworks.
Finally, information sharing will continue to grow not only among agencies but also between agencies and their sector-specific industry counterparts. Think the Department of Energy and the electrical generating industry. Support of privacy along with robust cybersecurity will, therefore, become more important considerations.