Federal InfoSec Budget Calls for $14 Billion, Jumps 12 Percent
The Fiscal Year 2015 Budget of the U.S. Government (PDF) was recently released by the White House, calling for $14 billion for government cyber efforts, as Reuters reported. That’s a 12 percent increase from last year’s $12.5 billion budgeted for information security, which also jumped from $10.3 billion in 2013.
Now, according to an editorial note from the SANS Institute’s NewsBites newsletter, cybersecurity spending is at 16 percent of the overall federal IT budget, set at $86 billion. This makes the U.S. government’s cybersecurity spending add up to more than twice the average budget of the private sector.
The increase in cybersecurity spending reflects the government’s desire to strengthen executive branch oversight of intelligence activities in order to address cyber threats, including those that have hit the financial and critical infrastructure industries.
Likewise, the Pentagon’s cybersecurity budget calls for $5.5 billion to update U.S. weapons programs that are vulnerable to attacks, citing issues such as misconfigured, unpatched and oudated software, according to Reuters. The funding would benefit several small and medium-sized businesses that contract with the government, including weapons makers and major technology and science research companies.
The cybersecurity budget also proposes funding for:
- $680 million for the National Institute of Standards and Technology (NIST) labs to advance cybersecurity, forensic science, advanced communications, disaster resilience and more, including expanding lab-to-market technology
- $6 million for NIST expansion of technology innovations and knowledge transfer across the Federal Government
- $549 million to support the federal EINSTEIN intrusion detection and prevention system, including continuous diagnostics and mitigation to protect against cyber attacks
- $514 million for research and development activities in homeland security, including funding for cybersecurity, explosives detection, nuclear detection and chemical and biological detection
- $125 million for a cyberinfrastructure initiative by advancing high performance computing to create new research networks and data repositories, and by developing new systems for data visualization
- Protecting $11.5 billion investments in basic and applied research and advanced tech development
- Protecting $2.9 billion for Defense Advanced Research Projects Agency for more technological and scientific research
Other cybersecurity initiatives and priorities include:
- Information-sharing and increasing State and local capacities to respond to cyber incidents
- Supports the design of a Federal Cyber Campus to co-locate key civilian cybersecurity agencies to promote their approach to cybersecurity incident response
The budget also addresses the consolidation of unnecessary federal data centers across the nation, part of a 2011 Federal Cloud Computing Strategy (PDF) that urged agencies to move business functions to the cloud. By consolidating data centers, the government estimates a 30 percent reduction in infrastructure costs.
With this move of agency functions to the cloud comes the need for effective security solutions, which the increase in budget hopefully reflects in its execution. Cloud services can be accessed anywhere with just a web browser and Internet connection, meaning your password is the key to troves of critical data, available at any moment.
Employing security solutions to strengthen cloud access security is good practice for any organization, not just the federal government. Two-factor authentication provides an additional layer of security on to usernames and passwords. By requiring a second factor of authentication that necessitates the use of a personal device, such as a smartphone, a remote attacker is unable to access cloud services armed only with a password.
Recent research from ABI Research estimates that the two-factor authentication (also known as multi-factor authentication) software and service market will be worth $1.6 billion by the end of this year, reflecting the demand for an answer to credential-based exploits, as InfoSecurity-Magazine.com reports.