The president's annual budget request almost never gets approved as is by Congress, something that is expected again this year given the two-year bipartisan budget blueprint President Donald Trump signed earlier this month that differs significantly from the administration's stances. However, the budget serves as a way for the White House to signal its priorities, and when it comes to IT, the message is clear: cybersecurity is critical.
The president's fiscal year 2019 budget request, prepared by the Office of Management and Budget, for the first time has a separate breakdown of its cybersecurity funding proposals, as Federal News Radio reports.
Under the proposed budget, total cybersecurity funding would increase to $14.983 billion in fiscal year 2019, up from an estimated $14.4 billion in fiscal year 2018 and $13.1 billion in fiscal year 2017. That is not surprising given how much emphasis the administration has put on protecting federal networks and high-value assets within agencies' networks and IT systems.
At the same time, as Nextgov and FedScoop both report, the proposed budget would make significant cuts to research and development programs outside of the Defense Department, potentially impacting research into emerging technologies.
Cybersecurity Funding Gets a Major Boost
Cybersecurity is an important component of the administration's IT modernization efforts, the budget notes. An assessment of the federal government's overall cybersecurity risk, as ordered by the administration's executive order on cybersecurity, "found the federal enterprise to be at risk."
As a result, the budget notes, "cybersecurity budgetary priorities will continue to seek to reduce this risk based on data-driven, risk-based assessments of the threat environment and the current federal cybersecurity posture."
The 2019 budget proposal includes $15 billion of budget authority for cybersecurity-related activities, representing a $583.4 million (4.1 percent) increase above the fiscal 2018 estimate.
"Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget," OMB notes. The Defense Department was the largest contributor to this total. In particular, the budget says, DOD reported $8.5 billion in cybersecurity funding in fiscal year 2019, a $340 million (4.2 percent) increase above the 2018 estimate.
Overall, civilian cybersecurity spending increased 3.9 percent in the 2019 budget request, and most of this change was among the civilian CFO Act agencies, where cybersecurity spending increased 4.1 percent from the 2018 estimate. While some non-CFO Act agencies reported significant increases in their cybersecurity spending, non-CFO Act agencies as a whole reported a less than 1 percent change in cybersecurity spending from the 2018 estimate.
The administration's budget request for the Homeland Security Department's National Protection and Programs Directorate includes an increase in cybersecurity funding to $712 million, up from an estimated $665 million in fiscal year 2018 and $650 million in fiscal year 2017.
According to Nextgov, the budget includes $238 million for DHS' Continuous Diagnostics and Mitigation program, down from $279 million in last year's request. CDM allows agencies to monitor their IT systems and then respond almost instantaneously to vulnerabilities. The program enables agencies to prioritize the risks based on how severe they might be in an effort to let cybersecurity personnel mitigate the most significant problems first. CDM offers commercial off-the-shelf tools — hardware, software and services — that agencies can access via a central fund.
DHS is finalizing plans with agencies to have them feed cybersecurity threat information captured by CDM into a federal dashboard, which will give DHS a broader view about IT security threats across the government.
The budget also commits $407 million for a governmentwide intrusion detection program called Einstein, Nextgov notes, up from $397 million in last year's request.
Research Outside of DOD Gets Slashed
Despite OMB Director Mick Mulvaney's comments that the budget request increased federal R&D spending, FedScoop reports that some agencies charged with leading R&D efforts could take a hit.
For example, the National Institute of Standards and Technology — which sets technical standards for civilian agencies for everything from cybersecurity to Internet of Things and identity management — would see its budget fall 25 percent, from $750 million in 2017 to $564 million next year. The National Science Foundation, which FedScoop notes supports a range of technology and cyberinfrastructure research, also would see its research funding cut by the request, falling 28 percent from $5.3 billion to $3.8 billion.
Meanwhile, as Nextgov reports, the Pentagon would get an additional $13.5 billion in R&D spending under the budget proposal.
Additionally, cybersecurity research that has been housed in DHS's Science and Technology Directorate, totaling, $41 million in the president's budget request, would be moved inside the National Protection and Programs Directorate, according to Nextgov.
The shift was made so "operators on the ground have influence over research and development," a senior administration official told reporters during a call earlier this week, according to Nextgov. NPPD will work closely with the science and technology division on research priorities, the official said.