Monday, April 29, 2013

UK likely to outsmart Obama on cyber security? Think again

In the April 26th article for V3 titled "UK government likely to outsmart Obama on cyber security", +Alastair Stevenson opined:
"While the US [cyber security] spending does dwarf that of the UK, I'm still convinced the British government will get more bang for its buck, thanks mainly to its more measured focus on education and collaboration.
Obama is yet to release the full details about where the US money will go, but given the nation's track record when dealing with new threats to its borders or citizens, it's unlikely much of it will reach the country's education system. "

In Stevenson's cursory analysis of U.S. cyber security spending, I believe he has made a number of mistakes. First, he states that "Barack Obama followed suit" in increasing cyber security spending after the U.K. announced its Cyber Strategy in November of 2011. In fact, Obama's focus on cyber security goes back to at least May of 2009, when the White House published its "Cyber Space Policy Review". This 30-page document focuses almost exclusively on cyber security, summarizing the administration's policy and proposing action plans to improve cyber security across both the public and private sectors. Federal funding for cyber security has been increasing steadily year-over-year according to the plans laid out in the policy review.

Stevenson seems to focus exclusively on the increase in cyber security funding within the U.S. Department of Defense including the Air Force and DARPA, while ignoring the significant increases in funding for other cabinet-level agencies, including the Department of Justice, the Department of Homeland Security, and the Department of Commerce (which includes NIST). No wonder, then, why Stevenson doubts that "much of [the funding] will reach the country's education system".

In the U.S., the Department of Defense isn't responsible for cyber security education. That job falls more to NIST and DHS. In my blog post last week, I broke down the NIST cyber security spending and provided an overview of NIST's already significant cyber security mission. Both NIST and DHS play significant roles in cyber security education and collaboration - this has recently expanded to include NIST's National Initiative for Cybersecurity Education (NICE) and the DHS's National Initiative for Cybersecurity Careers and Studies (NICCS).

The U.S. is already years ahead of the U.K. when it comes to public-private cyber security coordination and education. What remains to be seen is which efforts (in both countries) end up being worth the investment of tax payer dollars.