Dive Brief:
- The Biden administration unveiled its fiscal 2023 budget this week, allocating $11 billion toward civilian cybersecurity spending, an 11% increase from the year before.
- The budget earmarks $2.5 billion for the Cybersecurity and Infrastructure Security Agency, slightly below the fiscal 2022 levels of $2.6 billion, after Congress appropriated additional funding.
- The proposed budget provides $175 million to help increase resilience for privately owned critical infrastructure. Also included is $8 million for the CISA Cybersecurity Advisory Committee, Cyber Safety Review Board and the creation of an Advisory Council Program Management Office.
Dive Insight:
The fiscal 2023 budget reflects an effort by the Biden administration to modernize the nation's IT infrastructure and harden security across federal agencies. Many of these agencies will also boost oversight for the nation's critical infrastructure and increase collaborative efforts with private industry partners.
Despite the increased investments in cybersecurity, former House Rep. Mike Rogers, said the administration's budget priorities are not forward thinking enough.
"Rather than build for the future, we're just piling on to weak foundations and plugging gaps," said Rogers, who now sits on the board of IronNet. "We still have operational problems across the government with each agency trying to figure it out on their own, legacy systems that need modernization and getting personnel in charge to get it done."
As part of the budget, direct, full-time employment at CISA is projected to increase to 2,740, an additional 276 staff from fiscal 2022.
The budget also includes funding for additional Cyber Mission Force Teams, which include U.S. Cyber Command personnel to respond to attacks against the nation.
"CISA's role in cybersecurity at the federal level — and in the private sector — continues to increase as does its funding," Jeff Pollard, VP/Principal analyst at Forrester said via email.
Pollard said adding more teams to the Cyber Command Cyber Mission Force should also be a priority given the current geopolitical tensions and threat activity.
The proposed budget allocates $1.2 billion related to cybersecurity for the FBI and the Department of Justice, with about $150 million in cyber program enhancements, according Deputy AG Lisa Monaco.
"In light of this threat environment and geopolitical realities, investing in cybersecurity has never been more important," said Monaco Monday in comments regarding the proposed budget.
A total of $215 million will go toward protecting systems and information at the Department of Treasury.
The budget allocates $11.2 billion to the Department of Defense, including the rollout of zero trust architecture across all military departments and defense agencies. The budget also increases cybersecurity support to the nation's defense industrial base, which has been a major focus for enhanced cybersecurity for hundreds of thousands of suppliers under the Cybersecurity Maturity Model Certificate program.
Josh Lospinoso, CEO at Shift5, remains concerned there is not enough focus on operational technology at critical infrastructure providers, which are among the most at risk of nation-state attack in recent months.
"Critical infrastructure like air and rail operators typically don't operate with high profit margins," Lospinoso said via email. "The result is these businesses and municipalities simply don't have the requisite resources to make investments in overhauling their technology with best cybersecurity practices in mind."