The Office of Management and Budget (OMB) said today that cybersecurity-related spending is due to rise by five percent in FY2020 on a government-wide basis under President Trump’s FY2020 budget proposal.
The budget proposal was released last week, but OMB followed up today with a longer-form analysis of the FY2020 proposal.
According to that analysis, government-wide “cybersecurity-related” spending will come in at $17.4 billion, up $790 million above the FY2019 estimated total spending.
However, OMB also readily admitted that number itself is not the true figure for proposed Federal government cybersecurity spend in FY2020, as other portions of that spending category are secret. “Due to the sensitive nature of some activities, this amount does not represent the entire cyber budget,” the agency said.
Among Federal agencies for which proposed cybersecurity spending was disclosed, the lion’s share of the FY2020 funding – $9.6 billion – would go the Defense Department, representing a $1.1 billion increase from the agency’s estimated FY2019 spend.
In second place is the Department of Homeland Security (DHS) with a proposed $1.91 billion for FY2020, down very slightly from the $1.92 billion estimate for FY2019. OMB noted that while most other agency cyber budgets focus on their own needs, the DHS budget also includes its Continuous Diagnostics and Mitigation (CDM) program that provides security tools and capabilities to other agencies.
Down the line of other CFO Act agencies, some would see substantial cuts to their cybersecurity-related spending in FY2020, some would jump, and others would remain close to FY2019 estimates.
Non-DoD gainers include:
Department of Energy – up 7 percent, to $557 million;
Department of Justice – up 6.9 percent, to $881 million;
Department of Labor – up slightly, to $94 million;
Department of State – up 10 percent, to $400 million;
Department of Interior – up 7.7 percent, to $111 million;
Department of Treasury – up 3.3 percent, to $522 million;
Department of Transportation – up 3.5 percent, to $232 million;
Environmental Protection Agency – up 2.2 percent, to $45 million;
General Services Administration – up 1.2 percent, to $80 million;
National Aeronautics and Space Administration – up 1.1 percent, to $171 million;
Office of Personnel Management – up 4.4 percent, to $47 million;
Agencies with lower proposed FY2020 cyber budgets are:
Department of Agriculture – down 35 percent, to $311 million;
Department of Commerce – down 2.2 percent, to $392 million;
Department of Veterans Affairs – down 3.2 percent, to $513 million;
National Science Foundation – down 6.2 percent, to $224 million;
Nuclear Regulatory Commission – down 9.3 percent, to $29 million;
Social Security Administration – down 8.8 percent, $205 million; and
U.S Agency for International Development – down 35 percent, to $44 million.
The Small Business Administration proposed FY2020 cyber spend came in at $16 million – flat with the FY2019 estimate.
NIST Framework Spending Tracks
OMB also tracked the proposed FY2020 cyber spending to phases of the National Institute of Standards and Technology’s (NIST’s) Cybersecurity Framework, and found that of the $7.4 billion of non-DoD proposed spending:
$2.25 billion is devoted to the “identify” phase;
$2.67 billion is for the “protect” phase; $962 million is for the “detect” phase;
$1.31 billion is for the “respond” phase, and;
$213 million is for the “recover” phase.