NIST budget request could more than double cybersecurity spending
Obama Administration requests $43.4 million for cybersecurity, more than doubles NIST R&D funding in this area.
In its fiscal 2012 budget, the Obama Administration requested the National Institute of Standards and Technology’s receive $43.4 million for cybersecurity programs, an increase that would more than double the funding for NIST research and development programs in this area, according to NIST officials.
The NIST budget for research and development in cybersecurity and information assurance is $28.9 million, assuming a fiscal 2011 full year continuing resolution, NIST officials said.
The NIST budget request would also allot $22.8 million for interoperability and emerging technologies with a focus on the Smart Grid, health IT and cloud computing.
The increase in funding represents the administration’s recognition of the growing importance of and need to strengthen the nation’s cyber infrastructure, said Pat Gallagher, director of NIST.
As threats to the security and reliability of cyberspace increase, the need for more sophisticated techniques, technology and standards to protect online transactions and the nation’s physical infrastructure that rely on a complex array of computer networks is paramount, he said.
“Overall this was a very tough budget,” with a focus on belt-tightening, Gallagher said. “We are pleased [with the budget request] but very humbled that this is occurring during a very tough budget environment,” he said.
There is a substantial increase for cybersecurity-related activities that include accelerating and promoting NIST’s core cybersecurity responsibilities under the Federal Information Security Management Act (FISMA) such as cryptographic technologies, security automation and standards, Gallagher said. However, there is also funding to support NIST’s lead in several federal interagency efforts, he added.
The Administration’s 2012 budget focuses on strategic spending areas and “cybersecurity is certainly one area where investment is warranted,” said Dan Chenok, chairman of the Information Security Advisory and Privacy Board. ISAP, chartered under FISMA, advises the Commerce Department, NIST and the Office of Management and Budget and reports to Congress on federal civilian security and privacy issues.
“We need to understand how cybersecurity will scale” to meet emerging threats to the nation’s cyber infrastructure, Chenok said.
NIST guide tackles security challenges of public cloud computing
NIST's how-to on securing virtual machines
The Administration’s total request for NIST is $100 billion divided into three appropriations -- Scientific and Technical Research and Services, $678.9 million; Industrial Technology Services, $237.6 million; and Construction of Research Facilities, $84.6 million.
- Ensuring a secure cyber infrastructure falls under the Scientific and Technical Research and Services category. As a result, the $43.4 million would be distributed in three areas:
- Scalable Cybersecurity for Emerging Technologies and Threats, $14.9 million. The focus is on improving security techniques, supporting the creation of security standards, increase interoperability of security technologies and speed up the adoption of emerging technologies.
- National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the NSTIC Grant Program, $24.5 million. The focus is on coordinating the execution and implementation of a national strategy to improve both the privacy and the security of sensitive online transactions. Also, NSTIC would provide $17.5 million in grants and other funding programs for pilot projects of trusted authentication systems for government services, e-commerce, and health IT.
- National Initiative for Cybersecurity Education, $4 million. The goal is to expand this program from one that trains the federal workforce to a larger national education program focused on identifying gaps in cybersecurity education and developing metrics to determine the effectiveness of cyber training efforts.
Funding for the National Program Office and grant program would support activity around how people identify themselves online and ensure that they are protected when they conduct business online, said Chenok. Efforts to boost cybersecurity education will extend beyond government and contractors to ensure that the general public is aware of proper norms of behavior they can learn to better secure their online activities.
Concerning support from Congress, he said, “Congress is also very interested in and supportive of cybersecurity initiatives. You see a lot of interest on the [Capitol] Hill around potential legislation this year,” he said.
The growing concern for protecting the nation’s cyber infrastructure will be taken into consideration when Congress deals with resource spending in the fiscal 2012 budget, he said.