Cyber Security Spending: Protecting Systems or More Spying?


Coverage of government cyber security initiatives is a bit disconcerting because there isn't a lot of information available. The big budget numbers in the news and federal press releases mean little without knowing precisely what the money is being spend on.


Thus, it is important to read between the lines of this Washington Post story. The largest request for funds in the 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative (CNCI). The administration calls CNCI its "most important initiative," but details remain sketchy. Comments from the administration are general, and focus on the idea that cyber security must switch from finding intrusions quickly to proactively preventing them. The Post says a House intelligence committee report approved 90 percent of the request.


This Wired story on a report by the Senate Armed Services Committee raises many of these issues. The story quotes from a New Yorker piece from January, in which the United States Director of National Intelligence laid out a number of goals of the project -- examining e-mails, file transfers and Google searches -- that are at best tangentially related to improving cyber security.


Of course, this is an election year, and the aggressiveness with which cyber security initiatives are carried out will be the responsibility of an Obama or McCain administration. This Network World post suggests a subtler approach. The writer says big expenditures aren't necessary to improve security and advises the next president to avoid creating huge spending programs or passing a bunch of redundant laws mandating security. The reality is much simpler: If the government follows simple security practice, things will improve.


Government cyber security is a complex arena. The current administration is said by many to only have gotten religion about the subject recently. Now, however, many agencies are in the mix. The problem is that the administration is working with a Congress held by the opposition party and that it is entering its final months, hardly the time for bold initiatives. The public picture is further clouded by the fact that much of the most meaningful planning must be done in secret. This all is a bit disturbing, especially if it is assumed that cyber terrorists are smart and able to take advantage of such confusion.


It appears that many of the most contentious social and political issues of the past couple of years are reflected in the government's largely secret cyber security initiative. In addition to the questionable strategy of throwing money at a problem, many suspect that the level of secrecy surrounding CNCI is unduly high and that much of the program is aimed at spying as opposed to protecting system.


At the end of the day, however, the precise direction of the program will not be determined by the current administration. The good news is that both John McCain and Barack Obama have spoken about the need for improved cyber security. The key will be if the candidate who ends up in the Oval Office actually delivers on his rhetoric.