Cybersecurity runs deep in fiscal 2012 budget request


Cybersecurity gets robust attention in the fiscal 2012 budget request released Feb. 14 by President Obama, with federal agencies requesting billions of dollars dedicated to cyber.

The Homeland Security Department wants $936.48 million for "infrastructure protection and information security," considerably more than the $836 million it got for that line item in fiscal 2010, but less than the $1.07 billion it's projected to spend during the current fiscal year. This line item funds, among other activities, the National Cyber Security Division, the National Communications System and the Office of Emergency Communications.

The majority of the nearly $1 billion request would go toward cybersecurity and emergency communication efforts, according to detailed information contained in the department's congressional budget justification document (.pdf)

Specifically, nearly $614.21 million, or about 66 percent of the line item, would go toward cybersecurity and communications. Einstein, the governmentwide network intrusion detection system spearheaded by DHS, would receive a $233.6 million chunk of that money (38 percent), likewise a marked increase over years past. In fiscal 2010, Einstein received $193.67 million, and DHS is projected to spend that much on it this year.

Already in the current fiscal year, DHS plans to initiate procurement and commence development of Einstein 3 capabilities in partnership with the National Security Agency, the justification document says. The end of fiscal 2012 should see deployment of the first set of five Einstein 3 sensors and five of the 15 "nests" (Internet traffic aggregation points) the security program intends to have fully operational in fiscal 2016, the document adds.

"This deployment will represent the first enablement of active defense capability to prevent and/or limit malicious activities from penetrating the .gov environment," it states.

The National Institute of Standards and Technology requests $678.94 million to be available until expended for scientific and technical research and services, a notable increase in new budget authority from the $515 million Congress gave NIST in fiscal 2010 and the $515 million the agency is projected to spend this year.

Part of that bump is due to NIST's cybersecurity program (what NIST is calling "Ensuring a Secure and Robust Cyber Infrastructure") which would receive a $43.3 million increase. $24.5 million of that would go to the National Strategy for Trusted Identities in Cyberspace, while the National Initiative for Cybersecurity Education would get $4 million.  A new effort also called the Scalable Cybersecurity for Emerging Technologies and Threats would get $14.9 million.

The Defense Department, meanwhile, wants to spend $2.3 billion on improving its cyber capabilities.

Included in that amount is $500 million over five years for the construction and equipping of a Joint Operations Center for Cyber Command at Ft. Meade.

The Defense Advanced Research Projects Agency would also get $500 million to invest in cyber technologies.

According to DARPA budget justification material, DARPA would spend $10 million on the Comprehensive National Cybersecurity Initiative, a 12 point multiagency program started in January 2008. The $10 million would fund a national cyber range for testing software in a simulated Internet. The requested amount is less than the $49.79 million DARPA spent on the CNCI in fiscal 2010 and the $10 million it's projected to spend this fiscal year.

The research agency would also continue to fund an effort known as Cyber Genome, increasing its fiscal 2012 budget to $24 million, more than the $8.5 million the program received in fiscal 2010 and the 413 million it's projected to receive this year. Cyber Genome is meant to develop "breakthrough cyber-forensic techniques to characterize, analyze, and identify malicious code" allowing for the automatic detection of even previously unknown malicious code.

DARPA would also fund new cyber programs, including $6.5 million to develop "crowd-sourced approaches for verifying the correctness of software systems" in an effort called, straightforwardly, Crowd-Sourced Cyber.

It would also give $4.67 million for Cross-Layer Network Security, a program that would develop "novel approaches for enhanced network security that involve multiple networked layers" that has the potential of defeating distributed denial of service attacks, at least in wireless networks. DARPA contrasts this potential new approach with typical standard Internet protocol security implemented in just the network layer. A cross layer approach in a wireless network could use emerging path diversity technologies to introduce route diversity as a cybersecurity mechanism, the budget justification says.

A new Cyber Reserve Corps program would get $20 million under the request. The effort would "develop technologies and tools to enable and educate private citizens to participate in the defense of cyberspace."

A likewise new effort called Resilient Networks would also get $20 million to develop routing/switching software for commodity processors for use in responding to cyber attacks. "Such software-defined routers/switches will enable far greater agility in responding to exploits than is presently possible and provide the basis for highly reactive networked defense capabilities," the DARPA budget justification document states.

DARPA also wants $15.83 million start a program for a cybersecurity program that would allow systems to "mimic camouflage concealment, and deception in the physical world." The effort, Cyber Camouflage, Concealment and Deception, would look to create a way for network resources such as switches, servers and storage to be virtually replicated to confound enemy targeting.

Hacker Peiter "Mudge" Zatko's effort to detect inside threats by identifying certain system and network activities would gain $12 million for another year of funding. The program, Cyber Inside Threat, aka CINDER, received $5 million in fiscal 2010 and is projected to spend $10.5 million this fiscal year.  

For more:
- download .pdfs of the DHS fiscal 2012 budget in brief, or the congressional budget justification, or fact sheet
- go to a NIST webpage on its fiscal 2012 budget request
- go to a DoD webpage with links to its fiscal 2012 budget request material
- download DARPA's fiscal 2012 budget justification (.pdf)

Related Articles:
our fiscal 2012 budget request coverage
also read our cybersecurity coverage