Cybersecurity Implications of the Rebuilding the U.S. Armed Forces Presidential Memo
Published: February 09, 2017
President Trump and Defense Secretary Mattis issued memoranda that could spur growth in funding for Defense cybersecurity.
On January 27, 2017 President Trump released a Presidential Memorandum on Rebuilding the U.S. Armed Forces that requires Defense Secretary Mattis to conduct a 30-day readiness review focusing on current readiness conditions – including training, equipment maintenance, munitions, modernization, and infrastructure – and to submit actions that can be implemented within the current fiscal year (FY) and necessary to improve readiness conditions.
A few days later on January 31, Secretary Mattis issued a memorandum providing implementation guidance to address the budget directives included in the White House Memorandum, including an amendment to the Department of Defense’s (DoD) current fiscal year (FY) 2017 budget, due March 1, and the DoD’s FY 2018 budget request, due May 1.
According to reports on the Mattis memo, the rebuilding efforts will focus on three key areas: improving warfighting readiness, achieving program balance by addressing pressing shortfalls, and building a larger, more capable, and more lethal joint force.
The forthcoming FY 2017 budget amendment is focused on addressing “urgent warfighting readiness shortfalls” and new requirements driven by increased efforts to fight ISIS. Efforts to achieve program balance in the FY 2018 budget request focuses on critical munitions, facilities sustainment, and R&D for advanced capabilities.
What might be the potential impacts on cybersecurity at the DoD? Given that the president made cybersecurity a major campaign issue and has been considering issuing an executive order on federal cybersecurity, it is probably a fair guess that the DoD rebuilding and readiness efforts will have some positive implications for immediate cybersecurity spending for the remainder of FY 2017 and beyond.
Looking at the FY 2017 Defense budget request across all components and all budget areas (procurement, RDT&E, etc.) for programs that have a cyber-related component provides a snapshot into DoD spending on cyber. The DoD budget also provides some projections into future years from FY 2018-2020, which also sheds some light on the Pentagon’s plans, given current program investments. (See chart below.)
The FY 2017 DoD budget projected a significant decrease in cyber-related program spending in FY 2018, either due to completed investments or for other reasons, and fairly steady projections from FY 2018-2020. Whatever the case, given the president’s and secretary’s memos it is likely that we will see the FY 2017-2020 numbers revised upward in the FY 2018 budget. The big question is, how much.
Of the $3.41 billion in FY 2017 budget cyber- spending $3.3 billion is allocated among seven components and agencies. (See chart below.) Depending on the Secretary's rebuilding priorities and how much cyber is brought to bear on joint warfighting capabilities, we may likely see these relative allocations change in future budgets.
Assuming that the Trump Administration follows through on its pledges to make cybersecurity a high priority at the Defense Department and across the government, previously passed legislation could support these efforts, especially the FY 2017 National Defense Authorization Act (NDAA).
The FY 2017 NDAA elevated CYBERCOM to full combatant command, so the rebuilding effort could mean a higher profile for CYBERCOM and more full-spectrum warfare integration across the joint force. The FY 2017 NDAA also provided DoD with special emergency procurement authority to facilitate the defense against or recovery from a cyber attack. So any major cyber-readiness issues could conceivably be addressed through this provision.
If Secretary Mattis determines that improved readiness requires more support for current Cyber Mission Forces (CMF) then the last NDAA provided interim authorities to the SECDEF to enhance the DoD’s ability to hire and retain high-skilled civilian personnel to provide critical technical support to the CMF. The provision also directed the DoD to develop training standards and capacity to train civilian cyber personnel to develop tools and weapons for the CMF.
If Trump's and Mattis’ efforts are well received in Congress we could see additional supportive cyber-specific provisions in the FY 2018 National Defense Authorization Act (NDAA). Time will tell.
For additional GovWin analysis on the potential federal market implications of the DoD memos, please see the following articles: