When it comes to cyber spending, of this much we are sure: The federal government spends a boatload of money.
How many billions Taxpayers for Common Sense can’t say for sure given the government’s propensity to fold cyber spending into overall programs, without a detailed breakdown.
So, what we are presenting here is the best picture we developed from extensive research of government programs. Taxpayers created this database to give the public insight—sometimes penetrating, sometimes not, depending on available government data we could scrub—of what individual federal agencies spend to protect of its many cyber secrets.
This database presents information on unclassified federal cyber spending from Fiscal Year 2007 to Fiscal Year 2016. Dollar figures are actual numbers through 2015. Fiscal year 2016 numbers are estimates included with President Obama’s Fiscal Year 2017 budget request. All figures are in thousands of dollars, and are in current dollars (not adjusted for inflation).
Taxpayers searched publicly available federal budget submissions to Congress and budget justification documents to identify programs included in this database. Our researchers analyzed those documents to identify individual budget lines that contain programs that the government acknowledges relate to cyber spending. In cases where budget documents were not available in a searchable format, we relied on congressional bills and reports for dollar figures.
We reviewed only public documents. We did not seek out nor did we review any classified or “Sensitive but Unclassified” documents.
Our review of all the Presidential Budget Request documents identified lines that indicated that the work included cyber funding. We know of no way, using only public documents, to determine precisely how much of that money is direct cyber spending. If we had included only programs with “cyber” in their title, we would have identified only a fraction of the hundreds of lines in this database. Instead, we looked for every instance in which “cyber” is mentioned in the explanatory documentation, or when it was reasonable to infer that such spending would have a significant impact on promoting cyber security.