Biden increases demand for cybersecurity from civilian agencies
The White House is asking Congress to allocate $ 9.8 billion to federal agencies to improve their cybersecurity in a proposal that highlights the breach of IT management contractor SolarWinds late last year.
“The president’s budget includes approximately $ 9.8 billion for civilian cybersecurity funding, which supports the protection of federal computing and our nation’s most valuable information, including the personal information of the American public,” we read in an analytical perspective that the administration published Friday with the budget proposal.
That’s about $ 1.2 billion more than the administration estimates civilian agencies will spend on cybersecurity in 2021, a 14% increase, according to the document.
The budget proposal repeatedly mentions the SolarWinds hacking campaign that compromised nine federal agencies and hundreds of private sector companies. The government attributed the intrusion to Russia’s foreign intelligence service and the budget reflects a focus on the Kremlin with Beijing.
“The budget prioritizes the need to counter the threat from China while deterring destabilizing behavior from Russia,” the White House said.
The administration’s plan to improve the government’s cybersecurity is closely linked to the general modernization of its information technology.
“To support agencies in modernizing, strengthening and securing obsolete information systems and strengthening federal cybersecurity, the budget provides $ 500 million for the Technology Modernization Fund, an additional $ 110 million for Cybersecurity and Infrastructure Security Agency, and $ 750 million in additional investments tailored to respond to lessons learned from the SolarWinds incident, ”the proposal reads.
The analytical perspective includes a breakdown of how the administration expects CFO law agencies to spend requested funds in accordance with the five functions of the National Institute of Standards and Technology’s cybersecurity framework. The bulk of the money – $ 3.6 billion – would go to protection, followed closely by identification, then detection, response and recovery, the administration said.
An annex released by the administration on agency-specific spending also mentions SolarWinds by name noting that the energy department’s chief information office will need to devote more resources to combating cyber- vulnerabilities after the event; and the status of a cybersecurity improvement account in the Department of the Treasury.
“The account supports department-wide and office-specific investments for critical IT improvements, including systems identified as high-value assets,” according to the appendix. “The centralization of funds allows the Treasury to respond more quickly to cybersecurity incidents and to leverage company-wide services and capabilities across the components of the Department. The budget includes an increase of $ 114 million above CEA’s core resources to strengthen the Treasury’s cybersecurity posture and address the impacts of the SolarWinds incident.
Energy and Treasury were among the agencies recorded as having been compromised by the SolarWinds campaign.
The expenditure estimates in the analysis use programmatic information collected on the executive’s efforts to protect information systems and “also on activities that broadly involve cybersecurity such as standards development, research and monitoring. development and cybercrime investigations, ”the document said.
This highlights the work that will be done in the NIST trade agencies and the National Telecommunications Administration, as well as in the National Security Division of the Department of Justice and the FBI. The budget calls for increases for all of these and other entities, in addition to CISA.
The FBI is asking “$ 40 million to bolster its cyber investigation program, $ 18.8 million to deal with threats posed to the nation by foreign intelligence actors … and $ 15.2 million to defend the organization against cybersecurity threats ”, for example, according to the annex.
The specific cybersecurity calls in this document also include $ 4 million for the NTIA to implement former President Donald Trump’s Executive Order 13873 on securing the supply chain of information technology and services. and communications.
“This funding will help NTIA meet its requirements to oversee, mitigate and manage supply chain risks for our country’s telecommunications infrastructure,” the annex says.
Supply chain risk management is something all agencies will need to work on, along with coordinated vulnerability disclosure programs outlined in a binding operational guidance from the CISA, the administration noted.
Of the roughly $ 1.7 billion requested by the president for CISA, the agency’s cybersecurity program will take the lion’s share – $ 913 million – with $ 20 million earmarked for a cyber-response fund. and recovery. The administration analysis also mentions “the essential government-wide protections provided by [The Department of Homeland Security] through the Continuous Diagnosis and Mitigation (CDM) program.
“The budget proposed by the president will invest in our broad set of missions, including the prevention of terrorism; secure our borders; fix our broken immigration system; improving cybersecurity; safeguarding critical infrastructure; and build national preparedness and resilience, ”said DHS Secretary Alejandro Mayorkas. “The budget will provide DHS with the resources we need to keep our country safe, strong and prosperous. “
Representative Maggie Hassan, DN.H., chair of the House Homeland Security Emerging Threats Subcommittee, expressed concern that the request would mean that DHS funding would remain ‘flat’ and not address’ the myriad threats ”facing the country.
Freshly landed reports the US Agency for International Development was violated by Russian hackers, the State Department stressed the investment in secure communication tools.
“An increase of more than $ 100 million for the state’s cybersecurity is critical to mitigate the evolving cybersecurity threat landscape. The Department and the Agency remain the prime targets of malicious state and non-state actors, as evidenced by recent attacks, ”according to a press release from the agency.
The State Department, where Congress is studying the development of a new office, is also seen as an important part of the government’s strategy to build global cybersecurity alliances.
The job of coordinating all this activity between the different civilian agencies will fall to the office of the National Director of Cyber Security. The flagship recommendation of the Congress-mandated Cyberspace Solarium Commission, the office of the National Cyberspace Director – which is expected to have a staff of more than 70 people – is expected to be funded at $ 15 million, according to the budget request.
See the agency-by-agency breakdown of IT and cybersecurity spending here.