The US government has proposed a budget that calls for the public sector to spend one out of every 10 IT dollars on information security.
In total, the White House said this week that it will seek authorization for more than $71bn (£35.5bn) in IT spending during the financial year which begins 1 October. The request represents a 3.8% increase, or $2.6bn, over what Congress approved last year.
The budget proposal earmarks $7.3bn for information security, a 9.8% increase over what was budgeted for the current financial year. If approved as is, security spending would account for 10.3% of the entire federal IT budget.
The proposal also would continue a trend in which security spending has been increasing at a rate that's greater than the growth of the overall IT budget. The White House, in its budget analysis (download PDF), said that if Congress accepts the fiscal 2009 figures as proposed, IT security spending will have increased 73% over the past five years, up from a starting point of $4.2bn in 2004. By comparison, the overall IT budget will have risen 20% during the same period.
Karen Evans, administrator of e-government and IT at the White House Office of Management and Budget, said that the proposed spending levels aren't being allocated toward any particular aspect of security within federal agencies.
"The focus isn't investment-specific -- it's making sure they are managing the risk associated with the services that they have," said Evans, who is the federal government's de facto CIO.
She added that as more and more government services become available online, "the agencies are very well aware of what the risks are."
McConnell testified before a Senate panel yesterday and a House committee today on his annual threat assessment report to Congress. As part of the report, he issued a broad warning about the cyberthreats faced by both the government and the private sector, saying that potential vulnerabilities are only increasing because of globalization and the growth of computer networks.
McConnell cautioned in the report that Russia, China and other countries "have the technical capabilities to target and disrupt elements of the U.S. information infrastructure." And he said that terrorist groups such as al-Qaeda, Hamas and Hezbollah "have expressed the desire to use cyber means to target the United States."