Observations on Defense Agencies Cybersecurity Investments in the FY 2019 Budget
Published: June 13, 2018
Analysis of the Defense Agencies FY 2019 budget request indicates that they intend to spend about $1.2 billion on programs using cyber technologies.
Each spring when the Office of Management and Budget and the Pentagon release the federal budget, Deltek’s Federal Market Analysis team thoroughly reviews the Department of Defense’s Procurement and Research, Development, Testing, and Evaluation (RDT&E) budget requests for the upcoming fiscal year to identify what information technology investments are planned. Using a set of targeted keywords, FMA identifies programs that invest in certain technologies of interest to industry contractors. These technology “verticals” include cloud computing, big data analytics, cybersecurity/weaponry, and others.
FMA’s analysis of the DOD’s fiscal 2019 budget request reveals that the United States Defense Agencies together intend to spend about $1.2 billion in fiscal year (FY) 2019 on programs which use cyber technology in one way or another. (See Table below.)
Identifying the specific cyber- spend in each individual program is a bit imprecise due to the ambiguous way that the Army and the DOD report budget request data. Therefore, as you consider the following information please keep in mind that the numbers presented here are the requested budget amounts for programs that plan to use cyber technology for a specific purpose (e.g., security, information assurance, battlespace capabilities, modeling, training, etc. etc.).
The numbers presented here should not be considered the Army’s entire cyber capabilities budget (defensive and offensive) for FY 2019. In fact, since many of these capabilities will fall within the classified side of the DOD budget the numbers here are likely a significant understatement. They are best viewed as indicators of how and where Army program offices intend to use cyber-related technologies and services and the potential amounts they could spend on them.
Identifiable Cyber Programs
The table below lists the Defense Agencies programs with a cyber component that we could identify arranged largest to smallest in dollar terms for FY 2019. The top five programs represent more than 77% of the total and the top ten account for nearly 90%. The FY 2019 budget amounts provided are from the Defense Agencies Procurement and RDT&E budget requests, so the related efforts may include new work that could be available to industry if a contract for related products or services is competed.
Summaries of Top 5 Programs
- Information Assurance and Survivability – ($259.4M for RDT&E) – FY 2019 funding for developing the core computing and networking technologies required to protect DOD's information, information infrastructure, and mission-critical information systems. The technologies will provide cost-effective security and survivability solutions that enable information systems to operate correctly and continuously while under attack, and to be rapidly recovered/reconstituted in the aftermath of an attack. Technologies developed by this project will enable the creation of secure, survivable, network-centric information systems.
- Trusted & Assured Microelectronics – ($233.1M for RDT&E) – FY 2019 funding for improvements to the core Joint Federated Assurance Center (JFAC) technical capability, through the procurement of laboratory equipment, IP, analysis tools, such as imaging software, and highly skilled tradecraft, and its capacity to perform microelectronics assessments. Additional plans include enhancement of automation and standard processes needed to increase the throughput of information produced by individual JFAC laboratory tools as well as to facilitate information sharing across the families of tools used for analysis and testing.
- Information Systems Security Program-Operational System Development – ($229.3M for RDT&E) – This particular program resides within the National Security Agency (NSA) and as such the DOD provides little public information in the FY 2019 RDT&E budget beyond a reference to “see NIP and MIP Justification Books,” i.e. it is classified. If it is anything similar to the DISA’s ISSP (at an FY 2019 budget of $19.611M in the table above) the NSA’s program will focus its activities on developing enterprise cybersecurity capabilities to ensure critical agency mission execution in the face of cyber-attacks. Saying much more here would be pure speculation.
- Intelligence Capabilities and Innovation Investments (ICI) – ($109.5M for RDT&E) – FY 2019 funding for Rapid prototype sprints to field increasing amounts of automation to Full Motion Video (FMV) ground exploitation stations for Tactical Unmanned Aerial Vehicles (TUAVs), Medium Altitude and High Altitude ISR platforms. Project Maven will use artificial intelligence, deep learning, and computer vision algorithms to detect, classify, and track objects within FMV images (e.g., person, vehicle, and weapon).
- Operational Test Activities and Analyses – ($71M for Operational Test & Evaluation) – FY 2019 funding for Joint Counterair Integration Joint Test for developing and testing TTP for counterair shooter and C2 operators to effectively integrate joint defensive counterair resources in a contested, degraded, and operationally limited environment to protect defended assets from expected threats. FY 2019 funding is also for the Joint Cyber Insider Threat Joint Test for developing and testing procedures to proactively detect and respond to cyber insider threats before they have an adverse impact on military operations.
The Department of Defense Agencies support a wide variety of defense activities and their cybersecurity and related cyberspace efforts are equally divers – ranging from traditional information assurance and computer network security activities to leveraging emerging technologies to advance both defensive and offensive cyber operations. The budget request across these agencies reveals the demand for both hardware and software tools as well as diverse skillsets that enhance both the DOD cyber-workforce and the hardening of networks and platforms across the Pentagon and beyond.