More from: Technology

Concern – and Money – for Cybersecurity is Spreading Through the Federal Government

Partially because of the looming presidential election, and assertions of hacking-spawned leaks, cybersecurity is on the tip of many people’s tongues and, it turns out, on the receiving end of the government’s wallet. More funding and awards are going towards protecting government department’s and digital assets than ever before, and not just in obviously sensitive areas, like the Department of Defense (DoD) and Department of Homeland Security (DHS). By doing searches specifically on cybersecurity funding awards, we found something interesting happening in the federal government: interest in funding cybersecurity is spreading throughout the government, far beyond traditional centers.

The DHS and DoD talked a fair amount about funding awards for cybersecurity in 2016, mentioning it 31 times including at least 10 specific funding contracts.

dhs-and-dod-2016-cyber

The National Science Foundation (NSF), which administers a great deal of government science funding, also frequently mentions and awards funding for research into cybersecurity, such as the 74.5 million announced in October of 2015 (NSF link). More recently, however, funding has started to spread to other areas of the federal government, which might not be so obviously interested in cybersecurity.

For instance, the Department of Health and Human Services announced its first award ever to fund cybersecurity upgrades on October 4, 2016: HHS awards funding to help protect health sector against cyber threats (HHS Link).

Overall, the number of different federal departments, agencies, and sub-agencies talking about cybersecurity funding has increased by 113%  from 2011 to 2015 (from 29 to 62). In 2015, departments ranging from the National Credit Union Association to the Federal Emergency Management Agency issued grants or calls for funding.

While some funding is going to bolstering the government’s aging and outdated cybersecurity infrastructure – in the case of the HHS award above a previous report of testimony by the Chief Information Officer of HHS warned of possible security vulnerabilities back in May of 2016 – other funding sources are going towards general education and training about possible dangers. The National Institute of Standards and Technology (NIST) is funding a new education program through the National Initiative for Cybersecurity Education (NICE) to create job training programs so employers will have a wide pool of cybersecurity professionals to use for hiring.

As you can see in our other post about cybersecurity and the Internet of Things, interest is also growing in Congress for action, and funding, to deal with cybersecurity. The HHS example above demonstrates, that when the government starts talking about cybersecurity (as the agency did in May) that can lead to valuable funding of cybersecurity opportunities for well-informed businesses and contractors.


The Internet of Things and Cybersecurity

The recent passing of H.Res 847 ‘Expressing the sense of the House of Representatives about a national strategy for the Internet of Things to promote economic growth and consumer empowerment‘ is a significant one. Through this resolution, Congress is making progress towards development of a comprehensive strategy to encourage safe, new, technologies while fostering economic growth.

A key item within H.Res 847 recognizes the need to “implement reasonable privacy and cybersecurity practices and protect consumers’ personal information to increase confidence, trust, and acceptance of this emerging market”, but thus far cybersecurity practices for general consumers have remained firmly in the hands of private companies and has been generally considered as an abstract concept. Cybersecurity has long been a buzzword; but it has generally been removed from its context. The fact that the relationship between cybersecurity and the Internet of Things is now being explored indicates the growth of a broader understanding of cybersecurity as being enmeshed within the daily lives of individuals.

This understanding has been slow to build momentum. Agencies have consistently discussing IoT for several years, but it is only within the past two years that this topic has started gaining traction among members of Congress. For example, the following timeline drawn from voxgov shows the discussion of IoT in 2013.

chart-7

As of 2016, however, use of the term ‘internet of things’ is starting to gain some momentum among members of congress, and the contrast between what they are saying and what the agencies are saying has become less pronounced.

chart-10

By using voxgov to provide a window into the growing federal government conversation around the IoT and cybersecurity, users can interrogate U.S. Federal Government documents to gain new insight into the government conversation. Using the data presented above, for example, it is obvious that the IoT is increasingly becoming part of the cybersecurity discussion; a fact which is verified by the recent passing of H.Res.847 as well as through a review of recent releases related to IoT. Viewing the data in this way indicates a new trend: that Congress is beginning to contextualize cybersecurity as an everyday consideration – that it understands its context within the Internet of Things.