Cyber, IT Bright Spots in Defense Budget

The Pentagon’s budget proposal for fiscal year 2015 includes $5.2 billion for cyber security. But when intelligence agencies are added to the mix, the amount nearly doubles, according to new estimates.

“Cyber and business IT systems are among the few bright spots in the Defense Department’s investment budget plans,” says Douglas Berenson, budget analyst at The Avascent Group. The firm estimated that military spending on cyber security amounts to about $3.6 billion, and $6.3 billion goes to the intelligence community. That includes the CIA, Defense Intelligence Agency, National Reconnaissance Office, National Security Agency, National Geospatial-Intelligence Agency, Office of the Director of National Intelligence and other small civilian intelligence organization at the departments of State, Energy and Homeland Security.

Agencies such as DIA, NRO, NSA, and NGA draw a significant share of their budgets from the Pentagon top line, Berenson said, so his figures are consistent with the Department of Defense estimate of $5.2 billion.

Beyond these agencies, civilian federal cyber security spending is about $2.5 billion, which results in total federal government investment of about $12.4 billion.

The cyber security budget consumes only a small piece of the Pentagon’s $37.7 billion pot of money allocated to information technology. But it receives disproportionate attention because of an increased incidence of network intrusions in the United States. The military is particularly vulnerable because it owns 15,000 networks that are difficult to monitor, said Army Gen. Keith Alexander, the outgoing director of the National Security Agency and chief of U.S. Cyber Command.

“Defense Department systems are scammed by adversaries about 250,000 times an hour on average for vulnerabilities,” Alexander told members of the House Armed Services subcommittee on intelligence, emerging threats and capabilities during a hearing March 12.

With 15,000 networks, he said, “It's very difficult to ensure that one of those doesn't get penetrated. And if they get into one, they're free to roam around all of them. And that creates a problem.”

Much of the Defense Department’s cyber funding will be spent on security technologies, workforce training and command-and-control systems to monitor networks. “You've got to be able to see what's going on in cyberspace,” Alexander said. “If you ask anybody to draw a diagram of what the attack looks like, get four different people, have them sit at different desks, you'll get four different pictures. That means you have no coherent defense. We've got to have a common picture that people can see to defend it.”

Berenson said Defense Department spending on information and intelligence systems (C4ISR in military-speak) is the only portion of the budget that is growing in 2015. C4ISR procurement is up 6.9 percent from $10.1 billion in 2014 to $10.8 billion in 2015. Research and development would grow by 0.9 percent, from $9.2 billion to $9.3 billion.

Topics: C4ISR, Cybersecurity