GAO: Hard to Define DoD Cybersecurity Spending

July 29, 2011
FedCyber Wire, Spending
No Comment

via Gov Info Security

The Obama administration estimates the Defense Department will spend at least $3.2 billion on cybersecurity in fiscal year 2012, which begins Oct. 1, or so it thinks, according to an analysis by the Government Accountability Office issued Thursday.

Reps. Mac Thornberry, R-Texas, and James Langevin, D-R.I., chairman and ranking member of the House Armed Services Subcommittee on Emerging Threats and Capabilities, requested GAO to examine DoD’s cyber and information assurance budget for the coming and future fiscal years.

The letter points out that DoD does not have an overarching budget estimate for full-spectrum cyberspace operations including computer network attack, computer network exploitation and classified funding.

In February and March, DoD provided Congress with three different views of its cybersecurity budget estimates for FYI 2012 – $2.3 billion, $2.8 billion and $3.2 billion – that included different elements of DOD’s cybersecurity efforts.

Semantics could prove to be one reason for the differences. “DOD’s ability to develop an overarching budget estimate … has been challenged by the absence of clear, agreed-upon departmentwide budget definitions and program elements for full-spectrum cyberspace operations,” the GAO letter states.

GAO says DOD has defined some key cyber-related terms but hasn’t yet fully identified the specific types of operations and program elements that are associated with full-spectrum cyberspace operations for budgeting purposes. “In the absence of such definitions, there are differing perspectives on the elements that constitute cyberspace operations in DOD,” the auditors says.

The absence of a central DoD cybersecurity organization or a methodology for collecting and compiling budget information on cyberspace operations represents another reason DoD’s spending plans can’t be more precise, GAO says.

Last October, DoD operationally merged defensive and offensive cyberspace operations with the creation of U.S. Cyber Command (Military Stands Up CYBERCOM as Its Latest Command), but the department does not have a designated focal point or methodology to collect and compile budget information on full-spectrum cyberspace operations across the department, the letter states.

Continued here.