FY 2023 Cyber Operations and Maintenance Investment at the Defense Information Systems Agency

Key Takeaways

• DISA broke out its cyber-related O&M budget request for the first time.
• Nearly 100% of cyber-related O&M contract dollars will go to Equipment Maintenance. 
• DISA eliminated Management & Professional Support Services and Engineering & Technical Services from its FY 2023 cyber O&M request.

The Defense Information Systems Agency (DISA) recently posted a summary of its planned cyber security spending for the 2023 fiscal year. As a reminder for those in the cyber field not familiar with DISA, but interested in working with the Department of Defense, the agency provides combat support for warfighters across the globe, including communications capabilities, network transport, cloud services, and a host of other services. This year’s separate breakout of the cyber budget is a first for DISA, which previously reported all cyber-related budgetary investments in the formal Defense-Wide Operations and Maintenance request. DISA’s not the only agency to provide cyber-related budget data, either. Seven other Defense Agencies, part of what is commonly called the Fourth Estate, also posted cyber breakouts of their own that can be accessed here.

According to the summary, DISA requested an additional $52M for cyber-related activities in FY 2023, an increase of $50M vs. the amount received in FY 2021. The comparison to FY 2021 is made because the late passage of a budget in FY 2022 means the total dollars slated for various activities (including cyber) is estimated.

The funding DISA has requested is broken into four categories: Civilian Personnel Compensation, Travel, Transportation, and Other Purchases. It is the Other Purchases category I’ll be focusing on here because it provides some interesting details and because it is largely the contractor-addressable portion of DISA’s O&M Cyber budget.

The table below shows DISA’s cyber-related Other Purchases request for FY 2023.

What’s interesting about this table is that the agency broke out what it spends on certain categories of contracted services. These include Equipment Maintenance and Facilities Sustainment. Why the agency elected not to break out other categories such as Management & Professional Support Services and Engineering & Technical Services is not explained in the summary even though DISA is typically heavily dependent on contractor support for those services.

Observations

The data shows the following:

• Spending on contractor-provided Equipment Maintenance accounts for 98% of DISA’s cyber O&M spending.
• Spending on contractor-provided Equipment Maintenance has risen 21.3% since FY 2021.
• Spending since FY 2021 has fallen in all other areas of DISA’s cyber O&M budget except the undefined “Other Services” category, which is up almost 2,300%, but dropped to $8M from an estimated high of $10.6M in FY 2022.
• Spending on Contracted Facilities Sustainment, Restoration, & Modification, Management & Professional Support Services, and Engineering & Technical Services has disappeared completely from the FY 2023 request. Again, no explanation is provided why this is the case although presumably in-sourcing of the work to DISA employees could be responsible for part of it.

Parting Thought

All of the growth in DISA’s O&M cyber budget falls under the category of Equipment Maintenance. Companies providing this type of support work will therefore find funding for the work they perform. Contractors working in other cyber-related O&M areas will have less to work with.