Hey @suehalpernVT this is actually wrong.

I’ve seen similar claims elsewhere too, so I thought it might be useful to explore this.

https://www.newyorker.com/news/daily-comment/after-the-solarwinds-hack-we-have-no-idea-what-cyber-dangers-we-face
In the piece cited, @Jason_Healey actually juxtaposes spending for just one component of CISA (not total federal spending on cyber defense) to the DoD cyber operations budget (not a giant pot of money to develop “cyber weapons” with kinetic effects)

https://www.lawfareblog.com/reexamining-solarium-commissions-proposal-national-cyber-director
In the piece cited, @Jason_Healey actually juxtaposes spending for just one component of CISA (not total federal spending on cyber defense) to the DoD cyber operations budget (not a giant pot of money to develop “cyber weapons” with kinetic effects) https://www.lawfareblog.com/reexamining-solarium-commissions-proposal-national-cyber-director
In the piece cited, @Jason_Healey actually juxtaposes spending for just one component of CISA (not total federal spending on cyber defense) to the DoD cyber operations budget (not a giant pot of money to develop “cyber weapons” with kinetic effects) https://www.lawfareblog.com/reexamining-solarium-commissions-proposal-national-cyber-director
As @robknake notes in CFR, much of the DoD’s cyber budget isn’t necessarily spent on offensive cyber missions. And offensive cyber operations encompass a range of activities, contrary to NYer piece.

https://www.cfr.org/blog/no-united-states-does-not-spend-too-much-cyber-offense
Healey’s article is an interesting exploration of spending on cyber within the US Govt. But, like Rob noted here, NCCIC or even CISA as a whole is only a small part of US gov’t spending on cyber defense, which is spread across the federal government. https://twitter.com/robknake/status/1348661961001676801
This includes DoD & NSA. While fair to argue (as Healey does) that more funding is needed for defense by domestic civilian agencies like CISA, this is still an important part of cyber defense spending - e.g. NSA develops standards and partners with CISA

https://www.washingtonpost.com/national-security/nsa-launches-new-cyber-defense-directorate/2019/09/30/c18585f6-e219-11e9-be96-6adb81821e90_story.html
This includes DoD & NSA. While fair to argue (as Healey does) that more funding is needed for defense by domestic civilian agencies like CISA, this is still an important part of cyber defense spending - e.g. NSA develops standards and partners with CISA https://www.washingtonpost.com/national-security/nsa-launches-new-cyber-defense-directorate/2019/09/30/c18585f6-e219-11e9-be96-6adb81821e90_story.html
This includes DoD & NSA. While fair to argue (as Healey does) that more funding is needed for defense by domestic civilian agencies like CISA, this is still an important part of cyber defense spending - e.g. NSA develops standards and partners with CISA https://www.washingtonpost.com/national-security/nsa-launches-new-cyber-defense-directorate/2019/09/30/c18585f6-e219-11e9-be96-6adb81821e90_story.html
And federal cyber defense spending doesn’t even account for private sector spending. Like @HostileSpectrum points out, offensive spending is uniquely concentrated in a way that defensive is not. Comparing offensive to defensive spending is hampered by the inherent asymmetries. https://twitter.com/hostilespectrum/status/1348663069237510144
While a large part of the defensive mission of the US gov’t is to defend US private sector (which is important) it can’t ultimately be responsible for defending computers it doesn’t own/operate, hence why private sector spending is relevant. Whereas all offense is done w/ gov’t $
While a large part of the defensive mission of the US gov’t is to defend US private sector (which is important) it can’t ultimately be responsible for defending computers it doesn’t own/operate, hence why private sector spending is relevant. Whereas all offense is done w/ gov’t $
While a large part of the defensive mission of the US gov’t is to defend US private sector (which is important) it can’t ultimately be responsible for defending computers it doesn’t own/operate, hence why private sector spending is relevant. Whereas all offense is done w/ gov’t $
To its credit, the New Yorker article discusses this
This isn’t to suggest that we shouldn’t increase spending and focus on cyber defense, especially on the civilian side of the house. @alexstamos argues for that here

More defensive spending is imperative, but it doesn’t have to be at the expense of offense https://www.washingtonpost.com/opinions/2020/12/15/enough-is-enough-heres-what-we-should-do-defend-against-next-russian-cyberattacks/
Opinion | Enough is enough. Here’s what we should do to defend against the next Russian cyberatta...

The latest Russian cyberattacks clearly show we need to upgrade our defenses.

https://www.washingtonpost.com/opinions/2020/12/15/enough-is-enough-heres-what-we-should-do-defend-against-next-russian-cyberattacks/
You can follow @perribus.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.