Growth in cyber threats reflected in budget

Easy access to cyber tools have made the cyber domain a fairly cheap way to attack the United States, whether attacks are made on behalf of nation states, rogue groups or individuals. But that doesn’t mean defending against those attacks is cheap, U.S. cyber officials have told Congress recently.

Defense Secretary Ashton Cater has asked for $6.7 billion in overall Defense Department cyber operations for fiscal 2017. Cyber Command has asked for slightly over $500 million, its commander Adm. Michael Rogers told a subcommittee of appropriators – a 9 percent increase from last year.

Some in Congress are pushing back. Rep. Mo Brooks (R-Ala.) took notice of the incremental increases in Cybercom’s budget requests the past few years and asked if there are any efficiency measures Cybercom can instill. “I would phrase it as, our funding has increased in a systematic way over the last few years,” Rogers retorted. 

Brooks, sounding the alarm of many fiscal conservatives in Congress regarding the growing budget deficit, asked Rogers about the request for more money in light of budget efficiencies Cybercom has implemented, such as leveraging investments in the National Security Agency, which Cybercom is co-located with. If we’re improving efficiency, Brooks asked, and getting more done for the same or fewer dollars, then why the request for the increase in spending?

“Because I would argue, sir, look at the world around you. The enemy gets a vote as well,” Rogers responded, citing a common military adage. “This is not a mission set that we are going to efficiency our way out of. I just don’t believe that’s achievable. In no way should you take from that comment ‘so admiral, are you telling me that you don’t have a responsibility to the citizens of this nation to execute your mission in an efficient and effective way?’ That’s not what I’m saying. But my only point is the investments that we are making in cyber reflect the nature of the world we’re dealing with from a threat perspective. Even as we acknowledge that that threat picture is occurring in an environment in which resources are very tight.”

Director of National Intelligence James Clapper, in Congressional testimony last year, described the formation of Russia cyber command at one example to the growing threat in the cyber domain—at threat to both the public and private sectors.

“In terms of Russia establishing a cyber command, that speaks more to policy, which is not my strong suit but I think it just shows that nation states in general are going to continue to see the cyber realm as a realm of engagement similar to any other military or economic political forum and that’s going to continue,” Jennifer Kolde, lead technical director at security company FireEye, told lawmakers last month. “They’ve clearly stated their intent to keep playing in that world and they have the skill and resources to be a very powerful player.”