On Thursday, March 16, 2017, President Trump unveiled his “America First” budget blueprint. One of the most important quandaries for those in the cybersecurity world is how the proposal to reorganize the executive branch to improve “the Federal Government’s effectiveness, efficiency, cybersecurity, and accountability” will impact our nation’s cyber defenses since overall spending in this area will decrease from the prior administration.
The President’s budget proposes to (i) support “the Office of Electricity Delivery and Energy Reliability’s capacity to carry out cybersecurity and grid resiliency activities”; (ii) safeguard cyberspace “with $1.5 billion for [Department of Homeland Security] activities that protect Federal networks and critical infrastructure from an attack”; (iii) strengthen cybersecurity in the Department of the Treasury “by investing in a Department-wide plan to strategically enhance existing security systems and preempt fragmentation of information technology management across the bureaus, positioning Treasury to anticipate and nimbly respond in the event of a cyberattack”; and (iv) strengthen “NASA’s cybersecurity capabilities, safeguarding critical systems and data.” Those are excellent goals, all designed to increase cybersecurity. But the President’s request for $1.5 billion for DHS’s “continued development of strong cybersecurity defenses” is also less than 8% of the $19 billion requested by the Obama administration last year to address the same cybersecurity concerns.
The goal of the budget in this area relies on increased efficiency – federal agencies doing more with less. The focus on efficiency in addressing cybersecurity concerns was underscored by White House advisor Thomas Bossert’s statement the day before the blueprint’s release, that the administration would be scoring agencies on implementation of a cybersecurity framework. The administration plans to require federal agencies to adhere to the cybersecurity framework developed by the National Institute of Standards and Technology (NIST). Bossert said the administration will require agencies to submit a report to DHS, the Office of Management and Budget, and the White House, which will serve as the basis for the administration’s evaluation and scoring of the agencies’ efforts. Only time will tell if the goal of increased efficiency will be effective against the increasing prevalence of cyber attacks, but America will be watching closely.