Cybersecurity budget request is smaller, but adequate, says DHS official

Despite President Obama's request for a slight decrease in cybersecurity spending for fiscal 2011, the budget is enough "to move the ball forward" and will emphasize preventing and responding to cyberattacks rather than tracking down where they originate, a Homeland Security Department official said Tuesday.

The president's request for $866 million to protect computer networks and data for fiscal 2011 is nearly a 4 percent decrease from fiscal 2010. Of the total, $379 million will be allocated to DHS' National Cyber Security Division to limit vulnerabilities in the .com and .gov domains -- a slight increase from the $355 million Obama requested in fiscal 2010. Of that, $162 million would not be obligated to the division until the Senate and House appropriations committees approve a plan for the program's goals, milestones and planned expenses.

"There is funding for the programs that we think is necessary to move the ball forward, and we will do our best at executing against those funds to achieve as much progress as we can," said Greg Schaffer, assistant secretary for cybersecurity and communications, during a keynote speech at the Black Hat conference on cybersecurity in Arlington, Va. "Considering the economic environment we are in, we're glad to have the budget we have."

The division provides analysis of cyber threats and vulnerability analysis and early warnings. It also assists public and private groups in responding to attacks. The division is responsible for carrying out many of the mandates of the Comprehensive National Cybersecurity Initiative, established by the Bush administration.

The budget also includes $10 million for proposed staff increases and information sharing initiatives at the National Cyber Security Center. Former DHS Secretary Michael Chertoff formed the center in March 2008 to coordinate efforts to monitor and track cyberattacks, and improve collaboration among federal agencies.

Central to achieving better data management and security "is an awareness that networks and systems need to be correctly configured and operated by people who are well trained [and are] capable and qualified individuals for managing risk," said Schaffer. He is responsible for coordinating efforts involving the public and private sectors and international partners to prevent and respond to cyberattacks on the nation's key computer networks and communications systems.

Identifying the source of cyberattacks, however, is not central to Homeland Security's mission, he said. "The DHS role is to defend the federal civilian, executive branch networks," Schaffer said. "There's been a lot said over the last weeks and months about attribution," following cyberattacks against China's largest Internet search engine and an attack on Google. "But our role is to make networks as resilient and secure as we can. The military has its own role and responsibility with respect to the .mil space and larger ecosystem."