Cybersecurity is critical to a prosperous and safe future. In the U.S. alone, e-commerce totals about $200 billion annually. Transactions previously conducted only face-to-face—everything from banking to renewing a driver's license—are increasingly done online. At the same time, the nation's physical infrastructure, airlines, railroads, mass transit and other transportation systems, the electric power grid, factories, and telecommunications depend on a complex array of computer networks.
The vast interconnectedness of the modern Internet is both its prime benefit and its central vulnerability. Threats to the security and reliability of cyberspace come from many quarters—hackers, sophisticated organized crime groups, terrorists, even nations engaged in cyber warfare.
Costs to the nation from these threats are large and growing. A national survey by Consumer Reports estimated that spam, viruses, spyware, and phishing cost U.S. consumers almost $5 billion in 2010. In a study of 45 medium and large organizations (those with more than 500 employees), the Ponemon Institute found cyber crime cost them an average of about $3.8 million annually. This figure does not even include routine practices such as purchases of antivirus software, but only the cost to cope directly with problems like stolen intellectual property, viruses, malware, theft from bank accounts, and other problems. The growing importance of online transactions demands that the nation's cyber infrastructure be secure. The Administration's Cyberspace Policy Review acknowledges the importance of a robust cyber infrastructure and lays out a set of initiatives to address them. The Review makes the case that strong federal leadership is needed now. Government must coordinate with the private sector to reduce cybercrime-related losses and increase confidence in IT communications systems.
NIST plays a leading role with the Department of Commerce in assuring that e-commerce continues to foster innovation, bolster industrial competitiveness and enhance economic growth and security. The Institute is a world leader in the development of improved cybersecurity practices and technologies. Its cybersecurity publications, protocols, and best practices are used extensively by both the public and private sectors to protect against cyber threats. The Computer Security Resource Center, the National Vulnerability Database, and an extensive series of publications that implement the Federal Information Security Management Act are just a few of NIST's many products used by literally millions of organizations and individuals to protect their cyber assets.
However, the current investment in NIST cybersecurity research and development is not commensurate with the problem. In response, the President's FY 2012 budget calls for a $43.4 million increase to NIST's cybersecurity efforts to fund new initiatives and accelerate progress in established programs. The effect of this increase will be to more than double funding for NIST R&D in this area with benefits many times the dollar value of the investment through improved protection of the nation's cybersecurity infrastructure.
NIST will apply its IT research and standards expertise and its strong track record for industry collaboration to significantly improve the security and interoperability of the nation's cyberspace infrastructure.
Scalable Cybersecurity for Emerging Technologies and Threats (+$14.9 million)
National Program Office for the National Strategy for Trusted Identities in Cyberspace (NSTIC) and the NSTIC Grant Program (+$24.5 million)
National Initiative for Cybersecurity Education (+$4 million)
Benefits and impacts expected to result from these initiatives include: