Although President Bush's proposed budget for fiscal 2007 (starting Oct. 1, 2006) increases spending for key cybersecurity programs, it is not clear how that money would be spent, raising concerns in the information security industry.
One of the biggest security-related boosts would be a $35 million infusion to the "critical infrastructure outreach and partnerships" initiative within the Department of Homeland Security. The goal of that effort is to increase cooperation and information sharing among DHS, state and local governments and infrastructure providers. Thirty million dollars of that allocation would go toward implementing partnership plans for private industry verticals like information technology, finance and electrical utilities.
The 2007 DHS budget also includes a $25 million increase for its National Cyber Security Division (NCSD), which is responsible for issues such as software assurance and computer security in federal agencies and, by extension, the private sector.
John Sabo, director of security and privacy initiatives for Islandia, N.Y.-based vendor CA Inc. (Formerly Computer Associates International), said budget increases for cybersecurity and industry-specific partnerships are important. Sabo is the new chair of the Information Sharing and Analysis Centers Council, the umbrella organization that oversees a dozen vendor groups that advocate cooperation with DHS, including one for information technology firms.
While he is happy to see the $30 million proposed allocation for NIPP implementation, Sabo doesn't have the foggiest idea how the DHS would spend it; officials have yet to reveal how that money would be allocated. Sabo thinks some of it should go to industry since companies will be forced to shoulder some of the expenses of national security, in accordance with the National Infrastructure Protection Plan.
John Papa, a DHS spokesman, said no one is available to comment on these issues.
Other federal agencies with cybersecurity programs also prosper in the proposed 2007 budget, which otherwise keeps a tight lid on domestic spending. The National Science Foundation's Office of Cyberinfrastructure (OCI), would get a whopping 43.5% increase that would boost its bottom line to $182.42 million.
The OCI houses programs such as Cyber Trust, an effort fund research efforts that advance hardening of the nation's computer systems against Internet infrastructure attacks, which would get a $10 million increase in 2007 to $35 million. Last June it awarded two five-year grants to university consortiums for the creation of cybersecurity infrastructure centers. Karl Levitt, the Cyber Trust director, did not respond to phone calls or e-mails.
Even backstage federal agencies with cybersecurity portfolios received budget increases. The National Institutes of Standards and Technology (NIST) stands to receive an additional $2 million over its $18.5 million 2006 budget. The money would be used to expand what NIST already is doing to identify the level of vulnerability of IT systems, assess the effectiveness of cybersecurity controls, address potential vulnerabilities and mitigate attacks.
The House and Senate won't decide on final appropriations numbers until late summer or early fall. But cybersecurity increases may be met with skepticism. Rep. Harold Rogers (R-Ky), chairman of the House Subcommittee on Homeland Security that handles DHS appropriations, has already criticized the president's 2007 proposed DHS budget for favoring borders/immigration security and nuclear detection programs while scrimping on first responders, transit security, research and development, federal air marshals and the U.S. Secret Service, meaning funding for NIPP and NCSD may be reallocated to first responders and the like before the final budget is approved. Likewise, Rep. Sherwood Boehlert (R-N.Y.), chairman of the House Committee on Science, would like more funding for education programs at the NSF.
Stephen Barlas is a freelance writer based in Washington D.C.