When US President Barack Obama called on the Congress for laws that would protect the country’s citizens, businesses and infrastructure from various cyber threats, it sounded like a welcome (if overdue) call to arms. Unfortunately, what most people didn’t immediately realize is that cyber defense is likely to cost a huge amount of money.
As Jerry Brito and Tate Watkins point out, currently over 50 cybersecurity bills are being introduced in Congress, and a lot of them are aimed at defending the infrastructure that is deemed critical for the functioning of the nation and the uninterrupted everyday lives of its citizens.
As the outline for the 2013 budget requests have shown, the President would like to allocate $769 million to the Department of Homeland Security for starting and effecting information security initiatives.
Also, it is wise to remember that the Department of Homeland Security is not the only one saddled with this type of responsibility – the Department of Defense, the Secret Service and the U.S. Cyber Command are also tasked with defending both both military and civilian targets from cyberattacks or disruptions, and that will require additional piles of money.
“Cybersecurity is a big and booming industry,” explain Brito and Watkins. “The U.S. government is expected to spend $10.5 billion a year on information security by 2015, and analysts have estimated the worldwide market to be as much as $140 billion a year. The Defense Department has said it is seeking more than $3.2 billion in cybersecurity funding for 2012. Lockheed Martin, Boeing, L-3 Communications, SAIC, and BAE Systems have all launched cybersecurity divisions in recent years. Other traditional defense contractors, such as Northrop Grumman, Raytheon, and ManTech International, have invested in information security products and services.”
The lucrative business of defense has always threatened to gobble up a great part of the US national budget. This shouldn’t come a surprise to anyone given the country’s propensity to enter wars every decade or two, and it was surely a well-known tendency to former US President Dwight Eisenhower, who warned in 1961 about the danger of the “military-industrial complex” and its inclination to spend great amounts of money for unnecessary technologies.
Pointing out that the whole “cyberwar” rhetoric so popular in the last couple of years can be easily equated with a similar one that finally led to the war against Iraq, Brito and Watkins believe that the notion of cyberwar must be disentangled from those of cybercrime and cyberespionage, and that “private network owners may be best suited and have the best incentives to protect their own valuable data, information, and reputations.”
Hot on the heels of this particular idea comes the news that a new bill has been introduced in the US Senate – a bill that would make the DHS tasked with determining which systems run by government agencies and private sector companies are critical to national and economic security, and would require businesses to spend a lot, lot more on technologies and devices deemed necessary by the DHS for assuring the security of those systems.
Needless to say, the companies who would fall into that category are not happy about the proposal for the legislation. The US Chamber of Commerce also says that incentives, not rules, are the right way to improve the cyber defense posture of businesses.