White House wants $19B for cyber in FY 2017

President Barack Obama is looking to cement a legacy of action on cybersecurity with a fiscal 2017 budget request that calls for over $19 billion in cyber investments, a 35 percent increase from funds enacted the previous year. Obama also is taking a series of actions -- from creating a new federal chief information security officer position to setting up an inter-agency privacy council -- designed to leave his imprint on cybersecurity policy for years to come.

Despite the administration policy efforts to date, "the cyber threat continues to outpace our current efforts," Michael Daniel, the White House's top cybersecurity adviser, told reporters on a Feb. 8 conference call.

Obama's budget proposal calls for $3.1 billion for a fund to replace IT legacy systems, and $62 million for bolstering the federal workforce through scholarships and other educational initiatives.  

The $3.1 billion IT Modernization Fund would bankroll projects that target agencies with the biggest IT woes, and also look to capitalize on shared services, said federal CIO Tony Scott.

"We have a broad surface area of old, outdated technology that's hard to secure, expensive to operate," Scott told reporters. "And on top of all that, the skillsets needed to maintain those systems are disappearing rather rapidly."

The General Services Administration would administer the fund, which would allot money in increments "rather than the big glob of money that is typical in the federal government today for system upgrades," Scott said. He argued that the revolving fund would help engage senior agency executives and is consistent with the governance approach taken by the Federal IT Acquisition Reform Act.

Scott also defended the Department of Homeland Security's intrusion detection system, known as Einstein, which a recent audit took to task for its limitations in cyber defense.  

"People can be critical, but anybody who thinks any one thing is the absolute defense is probably mistaken," Scott said. "We think Einstein is a good piece, but not the only piece" of cyber defense.

The White House's Feb. 9 budget announcement comes two days after a hacker apparently began dumping the personal information online of 20,000 Justice Department employees and 9,000 Department of Homeland Security employees.

"Clearly, our current system for governing and managing how we do both IT and cybersecurity across the federal government is not as effective as it needs to be," Daniel said, adding that the DOJ/DHS data breach "exemplifies…the challenge we face."

The Office of Management and Budget also announced plans to hire the new federal CISO in the next two to three months. The new hire will report to Scott. The CISO is a popular position in the private sector, and Scott said it was high time for the federal government to carve out such a role on a governmentwide basis. The new hire will coordinate with civilian agencies across the federal government, and also work closely with military and intelligence officials, Scott added.

Of the $19 billion in cybersecurity requested by Obama in fiscal 2017, more than a third of a it --$7 billion -- will go to the Pentagon. Defense Secretary Ash Carter said last week that the president's budget would help his department hone offensive cyber tools and build out the workforce needed to defend DOD networks. 

Obama also is establishing the Commission on Enhancing National Cybersecurity, which the White House said would be made up of technologists and entrepreneurs tasked with making recommendations on how to strengthen IT security over the next decade.

The broader set of cyber measures known as the Cybersecurity National Action Plan, which includes the commission, "is intended to go after the underlying causes of our cybersecurity challenges, not just the symptoms," Daniel said.

The president is also signing an executive order Feb. 9 that sets up a "permanent" Federal Privacy Council, which the White House said would help carry out "more strategic and comprehensive federal privacy guidelines."