This letter discusses the Department of Defense’s (DOD) cyber and information assurance budget for fiscal year 2012 and future years defense spending. The objectives of this review were to (1) assess the extent to which DOD has prepared an overarching budget estimate for full-spectrum cyberspace operations across the department; and (2) identify the challenges DOD has faced in providing such estimates. The President has identified the cyber threat as one of the most serious national security challenges that the nation faces. In February 2011 the Deputy Secretary of Defense said that more than 100 foreign intelligence agencies have tried to breach DOD computer networks, and that one was successful in breaching networks containing classified information. To aid its efforts in countering cyberspace threats, DOD established the U.S. Cyber Command in 2010 and is currently undertaking departmentwide efforts to defend against cyber threats. DOD has defined some key cyber-related terms. Cyberspace operations is defined as the employment of cyber capabilities where the primary purpose is to achieve military objectives or effects in or through cyberspace. Such operations include computer network operations and activities to operate and defend the global information grid. U.S. Cyber Command defines full-spectrum cyber operations as the employment of the full range of cyberspace operations to support combatant command operational requirements and the defense of DOD information networks. This includes efforts such as computer network defense, computer network attack, and computer network exploitation. Computer network defense is defined as actions taken to protect, monitor, analyze, detect, and respond to unauthorized activity within DOD information systems and computer networks. Computer network attack is defined as actions taken to disrupt, deny, degrade, or destroy information resident in computers and computer networks, or the computers and networks themselves. Computer network exploitation is defined as enabling operations and intelligence collection capabilities conducted through the use of computer networks to gather data from target or adversary automated information systems or networks. Information assurance is defined as measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and nonrepudiation. This includes providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.
