The end of the year means budget negotiations are in everyone’s focus here in DC, and the National Defense Authorization Act (NDAA) is one of the more important budget policy vehicles. After being vetoed and sent back to Congress this fall, the NDAA, authorizing defense policies and spending for Fiscal Year 2016, was signed into law the day before Thanksgiving. Over the past few years, cybersecurity has received more attention in NDAA-authorized spending, and this year is no exception as cyber becomes a top national security concern.
Among the cyber provisions in NDAA is renewed support for innovative government programs that keep DoD, DHS and civilian agencies protected. HBSS, the DoD’s secure endpoint management protection solution, receives new support in the bill in the form of provisions that offer improved monitoring and alert technologies that can detect, identify and remediate cybersecurity threats from internal and external risks. This is important and is great to see.
The growing role of cyber in the NDAA points to a broader story about government’s overall leadership position in cybersecurity. Whereas in other technology verticals government has often learned from the private sector, in cyber government has taken a very active partnership role with industry. Programs like EINSTEIN and Continuous Diagnostics and Mitigation (CDM) provide strong best practices that private sector organizations can take to gain better awareness of their cyber posture and ultimately better protect themselves. The cyber provisions of the NDAA will continue this leadership trend.
Overall, defense spending in recent years has actually declined as a piece of the overall budget pie, but cyber spending has increased proportionally and in real dollar terms. We should expect this trend to continue for two primary reasons:
- Cyber is one of the most bi-partisan issues, with major support for at least increased attention on both sides of the aisle, and
- There is growing awareness that the threat landscape is getting more dangerous at an exponential rate and now has the potential to cause real harm to government agencies and citizens alike.
Increased attention in the NDAA and across government isn’t a silver bullet, but this bill is an encouraging sign that government is making meaningful steps to make our country safer against cyberattacks.
The cyber investments in NDAA are part of a broader strategy for our country to pay down its cyber debt. For more information on that, please click here.