The President’s FY 2016 budget includes $14 billion for cyber security funding across all federal agencies, including $5.5 billion for the Department of Defense (DoD). The proposed budget would increase cyber defense spending by ten percent over the enacted FY 2015 budget levels, which is higher than the overall proposed DoD budget increase of seven percent. The increased cyber defense funding within the FY 2016 budget is part of a larger effort by the Federal Government to bolster the nation’s cyber defenses. Other steps taken toward this goal include: the development and integration of new software and systems, increasing the staff of US Cyber Command, Executive Order 13691, and the establishment of the Office of the Director of National Intelligence's new Cyber Threat Intelligence Integration Center (CTIIC).
The FY 2016 budget request would allocate $582 million towards the integration of the Continuous Diagnostics and Mitigation (CDM) program across federal agencies. CDM stores and catalogues information related to individuals who have network access, and enables network managers to diagnose potential cyber vulnerabilities (Boyd, 2015). Another program to strengthen the cyber defenses of federal agencies is the DHS’s EINSTEIN internet monitoring intrusion prevention program. The increased pace of cyber-attacks has accelerated the deployment of the EINSTEIN Phase 3: the original goal was to implement the program in 2018, but it has now been pushed to a 2015 deployment.
“Einstein 3 is designed to quarantine emails and block malicious Web domains that ‘spoof’ legitimate sites, according to CenturyLink. The service defends the perimeter of federal civilian networks. It senses aberrant activity using threat ‘signatures,’ or tell-tale signs of a hacker derived from U.S. intelligence and private research. These indicators can include certain email headers or IP addresses... DHS ultimately expects to deploy phase 3 across all federal agencies. The new system consists of commercial technologies and government-developed software.” – Sternstein, 2014
The FY 2016 budget request would set aside $587.5 million for DHS cyber operations, including the integration of EINSTEN across federal civilian agencies.
US Cyber Command is has met only half of its staffing requirements for its original goal of maintaining 6,000 personnel by 2016. A total of 780 personnel would be tasked with defending vital industries under the National Mission Teams, 2,700 would be responsible for defending military domain systems, and 1,620 will support combat operations (Sternstein, 2015). Despite its difficulty to fully meet its 6,000 personnel requirement, US Cyber Command has grown rapidly from deploying two cyber mission units to twenty five over the course of 2014. Lt. Gen. Edward Cardon, Commander of US Army Cyber Command, recently indicated the need for more integration between DoD agencies with Cyber Command, as well as for increased collaboration with the private sector (Golden, 2015). Both Executive Order 13691 and CTIIC will foster deeper cooperation between the federal government and the private sector with respect to cyber security issues.
On February 13th 2015, the President issued Executive Order 13691 with the intent of fostering information sharing through Information Sharing and Analysis Organizations (ISAOs) created by the DHS.
“…the development of information sharing organizations that may include industry-specific ISACs but also broaden further to create organizations that may share information in geographical regions or even in response to a particular threat. It also directs the U.S. Department of Homeland Security to work with participants to identify baseline standards and practices to guide information sharing.” – King, 2015
The Office of the Director of National Intelligence’s CTIIC was created with objective of promoting intelligence sharing and coordination between federal agencies on cyber security threats. Under the current system, the DHS, National Security Agency, and US Cyber Command have had somewhat conflicting roles with respect to defending against cyber-attacks (Sanger, 2015). CTIIC will receive a small initial budget of $35 million and is expected to be staffed by roughly 50 personnel from several federal agencies. Overall, the Obama Administration is undertaking a series of robust cyber security measures over the next two years which will significantly mitigate the damage of future cyber-attacks.