Everybody talks about cybersecurity, but does anybody spend $28 billion to do something about it?
Well, yes, the U.S. government spends about that much, according to budget watchdog group Taxpayers for Common Sense. That organization recently unveiled its cyber spending database, which breaks down in detail all unclassified government cyber spending.
“Until now, there hasn’t been an easy way to track this information,” according to the organization’s blog. “Furthermore, the fragmented nature of cybersecurity programs means there is no central authority for tracking amounts or efficiencies of spending.”
To build its database, the group pored over publicly available federal budget submissions to Congress and budget justification documents. Researchers sought to identify individual budget lines that contain programs that the government acknowledges relate to cyber spending. “In cases where budget documents were not available in a searchable format, we relied on congressional bills and reports for dollar figures. We reviewed only public documents. We did not seek out nor did we review any classified or ‘Sensitive but Unclassified’ documents,” according to the site.
At the top line, the group finds cyber spending rose from $7.5 billion in 2007 to $28 billion in 2016.
That’s slightly higher than others have suggested. Market Research Media, for instance, reports cyber spending at the federal level would have to grow at 12 percent a year just to hit $22 billion in 2022. Even at that level, “the annual cybersecurity spending of the U.S. federal government is larger than entire national cybersecurity spending of the most countries in the world,” the analysts note, adding that the government sector “is under constant pressure to boost investments in cybersecurity technologies.”
Where does the money go? Visitors to the database can select an agency to get a high-level overview of the cyber budget from 2007 to 2016. A click drills down to the sub-agency level, where the top cyber costs are broken out in detail.
The Department of Interior, for instance, spent almost $209,000 on cyber in 2016, with telecommunications, hosting services and end-user services consuming the most. Homeland Security and its many component agencies by comparison spent about $1.7 million.
Absent classified spending figures, it’s hard to know how much of the federal cyber budget actually is represented here. Still, the developers of the site are calling it a needed start.
“Bottom line: We, the taxpayers, don’t really know where the federal government is spending cyber dollars, how they are being spent, why, or when,” they write. “So how are we to know what’s working, duplicative, or inefficient?”