Increased security budgets are usually a sign that senior management and budgeters agree there may be an increased priority for security issues. But this begs the question: for what security programs are these funds actually intended? It is difficult to tell from aggregate budget numbers how these budget increases are being applied or what consequent impact they will have on federal information security systems.
As noted, the DOT alone accounted for this lion’s share of this year’s increases, but that increase is not in any way explicitly related to the relative security posture of DOT’s IT environment. It takes a search through the esoterica of DOT’s budget line items to identify what security priorities are being addressed, and they do not appear at a glance to be related to current federal ISS mandates, such as FISMA or HSPD-12.
Partly to address this problem, a new Line of Business (LOB) was added to the federal IT budget last year: the Information Systems Security LOB. But OMB itself has yet to work out how to identify systems security spending in the departments that should be allocated to the ISS LOB, so it is still too early to try and assess federal security spending and security posture improvements. But one hopes the OMB’s establishing the ISS LOB portends more coherent budgeting of security investments in the future.
However, since most current federal security spending is related to either government-wide mandates such as FISMA and HSPD-12, and department-specific operational requirements there is as yet no mature federal strategy for national cybersecurity. The Department of Homeland Security has responsibility for formulating this strategy, so the assignment of DHS as the “Managing Partner” of the federal ISS LOB presents the opportunity to harmonize federal security spending with a strategy, once one is established.