Last week, we saw the release of the US’s 2018 budget blueprint.
Before I even read the document, I did a random search on some security-related keywords within the 2018 budget to see how many times each one showed up. I found the results rather revealing. Make of this what you will:
And then I did a quick high-level check to see who’s budget was increased and whose decreased as compared to 2017.
Apart from the three listed below, every single department (labor, agriculture, education, health, energy, justice, etc) is facing cutbacks.
From the introductory pages for this 2018 budget blueprint, cybersecurity is called out as a top concern to be addressed: “The President’s Management Agenda will set goals in areas that are critical to improving the Federal Government’s effectiveness, efficiency, cybersecurity, and accountability.”
Two big cybersecurity budget blueprint take-aways
So, let’s take a quick look at some of the statements made in this 2018 budget blueprint. Here are the two biggies:
ONE: Safeguard cyberspace with $1.5 billion for DHS activities that protect Federal networks and critical infrastructure from an attack. Through a suite of advanced cyber security tools and more assertive defense of Government networks, DHS would share more cybersecurity incident information with other Federal agencies and the private sector, leading to faster responses to cybersecurity attacks directed at Federal networks and critical infrastructure.
In other words, federal agency systems will be overhauled to improve monitoring and security. They will also invest into interoperability with outside organizational systems so they can crack down on intrusions more efficiently and effectively. The number direct federal employees (including military) is around the 4.3 million mark, so that’s a very approximate $350/head investment.
TWO: The FBI would devote resources toward its world-class cadre of special agents and intelligence analysts, as well as invest $61 million more to fight terrorism and combat foreign intelligence and cyber threats and address public safety and national security risks that result from malicious actors’ use of encrypted products and services.
Many reports are saying that cybersecurity will get a $61M cash injection, but that’s not how we see this. This money is shared shared among three big key concerns for this administration’s hot topic, national defence, namely fighting terrorism, intelligence and cyber threats.
Everything else outlined seems a bit too wishy washy at this stage to make any educated statements, though they do tangentially suggest that investments needs to be made in these areas to improve communication, interoperability and security. Take these for example:
And on another related point on this topic…The Hill reported that he Trump administration will use standards set up by the National Institute of Standards and Technology (NIST), who’ll use a report to keep the White House informed on cybersecurity policies and implementation in federal agencies and departments.
Trump adviser on homeland security and counterterrorism Thomas Bossert said the report will be used as a ‘scorecard’ to assess cybersecurity efforts:
“We’re going to go through a thoughtful approach that requires federal departments and agencies to adopt and implement cybersecurity framework developed by NIST and any subsequent iteration of that document.”
Where will they get the cyber talent?
And this brings us back to our problem of not having enough cybersecurity experts available to even meet today’s requirements. You can get your bottom dollar that these systems upgrades and security crack-down will take a lot of expertise to get done. Where will they find them?
Bright students who haven’t chosen a major yet might want to consider focusing on cybersecurity. Looks like there will be a lot of continued job security in the industry.
In the interim, if you are needing guidance on cybersecurity implementations, take a look at our brand new TBG Security Services Matrix. We can help you with unravelling the regulatory requirements to pen testing to providing you a CISO on demand.