White House Official: Attacks are Risk of Doing Business

Thursday, April 28, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

The cost of cybersecurity events continues to escalate, and regardless of whether the breach is in the public or private sector, consumers/taxpayers ultimately foot the bill in the form of price increases and tax dollars spent in order to safeguard sensitive information.

Consumers/taxpayers also bear the expense when it is their data that has been compromised, especially if they in turn become the victim of identity theft or are targeted by other criminal schemes.

In the wake of several substantial consumer information breaches such as those at Sony and Epsilon, White House cybersecurity coordinator Howard Schmidt sought to downplay the level of concern in stating that cybersecurity events are simply a business-side risk like any other.

“It’s still a situation where specific incidents make it something it’s not. Things make headlines that are just the risk of doing business in many cases," Schmidt said.

That cost of doing business in the information age is quickly becoming one of the single largest expenditures in both the public and private sectors, and cyber security now accounts for over ten percent of all federal spending.

According to Information Week, "federal spending for cybersecurity will reach $10.5 billion by 2015, according to the report, The U.S. Federal Cybersecurity Market Forecast 2010-2015. That number represents an 11.3 percent share of all estimated federal spending in 2015, an increase from 10.5 percent in 2010."

That is just the federal budget for cybersecurity, and does not account for spending at the state, county and municipal levels, nor do the figures take into account spending by the military or the private sector.

Examination of cybersecurity spending at just the Department of Homeland Security demonstrates the tremendous amount of resources being committed to addressing problems associated with network security.

The DHS is currently charged with taking the lead to secure systems both in the public and private sectors, and the agency has initiated multiple strategies to help mitigate cyber security risks.

The following is a small sample of federal dollars being committed to cyber security initiatives through the DHS alone:

  • Federal Network Protection: $233.6 million is requested to expedite the deployment of EINSTEIN 3 to prevent and detect intrusions on computer systems and to upgrade the National Cyber Security Protection System, building an intrusion detection capability and analysis capabilities to protect federal networks.
  • Federal IT Security Assessments: A total of $40.9 million in requested funds will support the Department’s efforts to strengthen Federal Network Security of large and small agencies by conducting an estimated 66 network assessments to improve security across the Federal Executive Branch.
  • Cybersecurity Workforce Needs: $24.5 million is proposed to provide high-quality, cost-effective virtual cybersecurity education and training to develop and grow a robust cybersecurity workforce that is able to protect against and respond to national cybersecurity threats and hazards.
  • Cyber Investigations: The FY 2012 Budget continues to support cyber investigations conducted through the Secret Service and ICE, targeting large-scale producers and distributors of child pornography and preventing attacks against U.S. critical infrastructure through Financial Crimes Task Forces.
  • Cyber Mission Integration: The FY 2012 request includes $1.3 million to enable DHS to coordinate national cyber security operations and interface with the U.S. Department of Defense’s (DOD) National Security Agency (NSA) at Fort Meade, Maryland. This funding will support a landmark memorandum of agreement signed by Secretary Napolitano and Secretary of Defense Robert Gates that aligns and enhances America’s capabilities to protect against threats to critical civilian and military computer systems and networks.
  • Cybersecurity Research: The FY 2012 request includes an increase of $18 million for the Comprehensive National Cybersecurity Initiative to support research and development projects focused on strengthening the Nation’s cybersecurity.

The funny thing (peculiar, not humorous) about the nature of security and security spending is that there is no point at which proactive defense preparation ever overtakes the risk of data loss.

The choice is simply to either spend tremendous amounts of money to improve system security and still suffer losses from breaches and lapses, or not commit adequate resources to system defense and suffer even more losses from breaches and lapses.

Again, all of these costs are ultimately borne by the consumer/taxpayer. The question remains, how can we achieve equilibrium?

Possibly Related Articles:
6983
Network->General
Budgets Government Cyber Security Headlines Network Security Enterprise Costs
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.