October 1, 2019

by Larry Clinton
I have opined in the past, somewhat tongue in cheek, that Cyber Security Awareness Month may be a bit outdated—is there really anyone unaware that we have a cyber security problem in 2019? Perhaps Cybersecurity understanding month is a bit timelier and more needed.

However, in the spirit of the cyber season I’d like to suggest an important area of cyber issue where we appear to have very limited awareness, namely the enormous disparity between what is acknowledged as the top security issue of our time and the relative pittance of funding we are devoting to addressing the issue.

No less an authority than our Acting Director for National Intelligence verified cyber’s status as our top threat just last week in Congressional testimony when he declared cyber to be the “number 1 threat” to our nation. His view is neither unique nor new. Last year then-Secretary for Homeland Security said “On the top of my list of threats—the word CYBER is circled, highlighted, and underlined.” These quotes echo similar assessments that go back several years.

Yet, in FY2019, the federal government spent approximately $16.6 billion on cybersecurity activities, according to a White House estimate. In comparison, total Department of Defense spending for FY2019 was $685 billion, according to the White House’s 2020 budget proposal. So, the federal government’s overall spending on cybersecurity (16.6 billion) is about 2.5 percent of what is spent by the Department of Defense. –

That’s 2.5 % of our spending on our number 1 threat. Is everyone aware of that?
This comparative level of under spending might be understandable if we were just becoming aware of the cyber threat, but we are no longer a novel discipline. Awareness of the cyber threat is well into its third decade (the Internet Security Alliance Alone is 19 years old – and we did not discover the cyber threat).

And the impacts of this inattention, beyond the rhetorical level, are all too obvious, and have been for years. Not only was Russia able to compromise the most fundamental element of our democracy through cyber-attack, China been stealing massive amounts of our intellectual property to stimulate their own economic growth for years through cyber-attack. The cyber crime situation is reaching crisis proportions, with estimates ranging from $750 billion in losses to $2.5 trillion. The recent McAfee Cybercrime report concluded “Cybercrime is relentless, undiminished and unlikely to stop. It’s just too easy, rewarding and the chances of getting caught are far too low.”

The reason we are not making progress in the ongoing cyber conflicts with Russia, China or even the cyber mobsters is not a lack of awareness, it’s a lack of effort. We don’t have enough people. We don’t have modernized digital legal structures. We are not valuing – by which I mean we are not spending – enough on cyber security at all areas.

October is not only Cyber Awareness Month; it is also the start of the government’s new fiscal year. Maybe November ought to be designated cyber spending month.