Government spending on cybersecurity is likely to grow in both fiscal 2019 and fiscal 2020, even as transparency around the spending declines.
Fewer details are available this year than in the fiscal 2019 budget, but the analytical perspectives section on cybersecurity funding released in the fiscal 2020 budget request shows that President Donald Trump is seeking $17.4 billion for cybersecurity at defense and civilian agencies, an increase of 5 percent from the projected $16.6 billion in fiscal 2019 agency spending, projected in the Sept. 28 continuing resolution.
That number is even higher than the fiscal 2019 budget request of $15.1 billion. That means agencies will have more than initially expected to spend on cyber-related programs this year. The budget reports only requested funding that isn’t classified, so fiscal 2020 budget numbers in the cybersecurity funding section are lower than the overall cyber budget.
A larger fiscal 2020 budget will go toward activities that fulfill requirements in the executive order for Cybersecurity of Federal Networks and Critical Infrastructure; the report to the president on federal IT modernization; and the National Cybersecurity Strategy, according to the analytical perspectives chapter. Some of those priorities include securing IT systems, networks, and information; securing critical infrastructure; and improving incident reporting.
A comparison of actual spending and projected figures from fiscal 2017 through 2020 with contract obligations during the same period shows that an average of 44 percent of the cybersecurity budget goes to contract obligations.
With that percentage in mind, BGOV expects at least an additional $5.5 billion to be spent on cybersecurity in fiscal 2019 and at least $7.7 billion in fiscal 2020.
Agency Ups and Downs
Of the agencies considered “CFO agencies,” meaning that they have a chief financial officer, 13 expect funding increases from the fiscal 2019 estimate to the fiscal 2020 budget. The remaining 11 would receive lower amounts than in FY 2019.
CFO agencies are required to report progress on information technology improvements as part of the Federal Information Technology Acquisition Reform Act (FITARA). They are also typically the agencies with larger cybersecurity budgets.
The Defense Department’s fiscal 2020 cybersecurity budget is $9.6 billion, more than the $7.8 billion combined 2020 cyber budget of all civilian agencies. The Pentagon’s budget is expected to increase by $909 million from its fiscal 2019 estimate.
The top civilian agencies by cyber budget are the Homeland Security, Justice, and Energy departments.
DHS’s fiscal 2020 cyber budget request of $1.9 billion is expected to remain roughly steady compared with fiscal 2019 actual levels, but it is an increase from the fiscal 2019 budget request of $1.7 billion.
The DHS bureau with the largest expected increase is the National Protection and Program Directorate (renamed the Cybersecurity and Infrastructure Security Agency, or CISA) which requested an additional $30 million for a total of $1 billion. The largest decrease is the Office of Science and Technology, with an expected drop of $76 million for a total of $28 million. It’s unclear why S&T funding will drop so dramatically, but it’s possible that some of S&T’s cyber responsibilities have transferred to other DHS bureaus or offices.
The Justice and Energy department fiscal 2020 budgets surpass fiscal 2019 estimates by $57 million and $38 million respectively, the largest increases for CFO agencies after the Pentagon.
The largest cyber budget decrease is expected at the Agriculture Department, with a proposed drop of $170 million, or 35 percent. Most of the budget decrease would be in USDA’s Departmental Management Bureau.
The second- and third-largest cuts are much more modest. The Agency for International Development expects a $24 million reduction, and the Social Security Administration a decrease of $20 million.
It’s difficult to directly compare fiscal 2020 cyber funding data to that of fiscal 2019 because the budget reported the data differently this year. The fiscal 2020 budget removed two agencies and added six agencies to the cyber funding section, and the data isn’t as detailed as it was in fiscal 2019.
At most, this year’s budget provides agency and bureau data. It doesn’t include the extra level of account detail included in the fiscal 2019 documents. Some agencies, such as the Pentagon, excluded all or some bureau data that they included last year. The analytical perspectives chapter states that DOD exclusions are due to the sensitivity of the information.
To view and analyze this data, use Bloomberg Government’s updated Cybersecurity Budget dashboard to view the fiscal 2020 cyber budget by agency and bureau. Clients can also view the data from fiscal 2019 in the second tab.
To contact the reporter on this story: Laura Criste in Washington, D.C. at firstname.lastname@example.org