Fourth Estate Cyber Operations and Maintenance Budgets for FY 2023

A new set of documents appeared this year when the Department of Defense (DOD) Comptroller began posting the department’s budget request for the 2023 fiscal year. These documents provide summaries of the Operations and Maintenance (O&M) funding that 8 Defense Agencies requested for fiscal year 2023. This is the first time that any agency at the DOD has posted a separate breakout of funding requested specifically for cyber-related activities. For several previous years, the DOD has posted a broad summary of cyber activities funding, but that document has yet to appear so far. 

According to the summaries, the 8 agencies listed requested $825.9M for cyber-related activities in FY 2023, an increase of approximately $100M vs. the budgets enacted in FY 2022.

The table above shows that each of the agencies listed hopes to receive an increase in its cyber O&M funding, with the Defense Contracts Management Agency (DCMA) and the Defense Information Systems Agency (DISA) requesting the largest increases. For further details on DISA’s request, I’ve written on it  here. As for the DCMA, the increased budget requested is required for the agency’s Cybersecurity Maturity Model Certification-Defense Industrial Base Cybersecurity Assessment Center (CMMC-DIBCAC). DCMA requires additional workforce to staff the CMMC-DIBCAC, which will be conducting “vulnerability assessments – to include Level 2 assessments of candidate third-party assessment organizations and Level 3 assessments of DIB companies. Additionally, this increase supports travel required by the workforce to perform assessments at various assigned locations.”

Highlights from the other agencies requesting increased cyber O&M funding (excluding DISA) include the following:

Office of the Secretary of Defense (OSD)

• Cybersecurity Maturity Model Certification (CMMC). The DOD’s Chief Information Officer requested $464K to hire 2 full time employees and to provide associated funding for the CMMC assessment program.
• Zero Trust. The DOD CIO requested $4.6M to establish a Portfolio Management Office for the development, implementation, and sustainment of the Zero Trust architecture across the DOD.

Defense Threat Reduction Agency (DTRA)

• Cyber Security and Information Assurance. Requesting $3.4M, DTRA is incorporating Artificial Intelligence/Machine Learning capabilities for the cybersecurity analysis of network and system logs and user activity. It is also conducting vulnerability testing and assessments for mission infrastructure and systems that provide services to mission partners on the Joint Worldwide Intelligence Communication System (JWICS), the Secret Internet Protocol Router Network (SIPRNet), the Non-Secret Internet Protocol Router Network (NIPRNet), and at Joint Force Headquarters Cyber Operations.

Defense Human Resources Activity (DHRA)

• Defense Manpower Data Center (DMDC) Identity Credential Management (ICM). A key part of zero trust architecture, the DHRA requested $6.4M to transition from the DOD Information Network Core to a zero trust implementation.

Defense Counterintelligence and Security Agency (DCSA)

• Cyberspace Activities. A requested increase of $179K will help enable the continued use of the National Industrial Security Program Central Access and Information Security System (NCAISS), providing CAC-based authentication for business support applications.

Defense Contract Audit Agency (DCAA)

• Requested a small increase of $113K to account for changes to the price of cybersecurity capabilities/services.

Office of the Inspector General (OIG)

• An additional $53K is requested to increase the compensation of several civilian employees.