Even with disclosures, cyber-spending tough to track
Spending on cybersecurity is tucked away in many different budget line items, not always clearly labeled, and has come to pervade spending accounts and areas of attention throughout varying agency levels.
As the Edward Snowden-National Security Agency scandal continues to unfold, new details from the Washington Post are emerging on sums secretly spent by the intelligence community under the so-called black budget. The figures in the $52.6 billion classified budget cover, like the unclassified federal budget, a wide range of accounts. One of the more ambiguous is cyber funding.
Spending on cybersecurity can be difficult to nail down – it is tucked away in many different line items, not always labeled cyber, and has come to pervade spending accounts and areas of attention throughout varying agency levels. For example, in fiscal 2014 the Defense Department is set to receive nearly $5 billion in cyber funding, up from $3.4 billion in 2013, but that money is scattered across the four services and the multitude of agencies and offices comprising the military.
It is even more difficult to see how the intelligence community spends its black-budget money on cybersecurity, even with the release of the documents. Still, there are a handful of clearly discernible figures: According to the Post's documents, $4.3 billion was spent on "conducting cyber operations," both offensive and defensive.
"The CIA and the NSA have begun aggressive new efforts to hack into foreign computer networks to steal information or sabotage enemy systems, embracing what the budget refers to as 'offensive cyber operations,'" the Post story noted.
In another of the clearer examples of cyber spending, the National Security Agency received $1 billion for "computer network operations." It is not clear what exactly that money is used for, but by comparison, the Homeland Security Department received almost the same amount in fiscal 2014 – specifically for the protection of federal computer and networks against malicious cyber activity.
That $1 billion in DHS funding comes in addition to billions more for areas such as critical infrastructure protection, the National Protection and Programs Directorate and cybersecurity research and development.
A closer look at some of the leaked National Intelligence Program budget documents reveal more specific, but not necessarily transparent, cyber funding. Under the NSA's Consolidated Cryptologic Program, roughly $139 million in fiscal 2013 went toward cyber analysis activities, a decrease of $7.3 million from 2012. A separate account under the CCP, cyber cryptanalysis, received a $4 million boost to $115 million in fiscal 2013.
In the Defense Foreign Counterintelligence Program, the Defense Cyber Crime Center received $19.3 million, a boost of roughly $1.4 million over fiscal 2012.
While the intelligence community remains focused on traditional types of terrorism, the increasing focus on cybersecurity is clear, even if exactly what is being bought and carried out is not.
"The United States has made a considerable investment in the intelligence community since the terror attacks of 9/11, a time which includes wars in Iraq and Afghanistan, the Arab Spring, the proliferation of weapons of mass destruction technology, and asymmetric threats in such areas as cyber-warfare," Director of National Intelligence James Clapper said in a written response in the Post. "Our budgets are classified as they could provide insight for foreign intelligence services to discern our top national priorities, capabilities and sources and methods that allow us to obtain information to counter threats."