Cybersecurity Spending
,
Government
,
Industry Specific
Budget Proposes Incremental Increases, Not Leaps, But Small Budget Cut for CISA
The Biden administration doesn’t propose huge leaps in cybersecurity funding in an annual spending blueprint unveiled Monday afternoon.
See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors
Under the $1.67 trillion discretionary spending proposal, U.S. federal civilian cybersecurity spending would amount to $13 billion in the coming federal fiscal year, roughly a billion more than the White House proposal for the current year. Federal fiscal years begin every Oct. 1.
“It’s a billion dollars – that’s a ton of money, obviously. But in the scheme of the federal budget it’s a pretty small amount,” said Grant Schneider, a former White House federal chief information security officer and senior director of cybersecurity services at Venable.
Military cybersecurity spending would be set at $7.4 billion, with another $6.4 billion for activities such as cyberspace operations and $630 million for research and development. The Department of Defense total of $14.5 billion would be an increase from the requested amount of $13.5 billion for the current year.
The nearly $2 trillion topline figure for the overall budget request accounts for discretionary spending on government services and the military. It omits spending for programs such as Social Security and Medicare that don’t require annual appropriations by Congress. The proposal adds up to $7.3 trillion when accounting for mandatory spending.
Included in the budget is $800 million for low-resourced hospitals to cover the upfront costs of improving basic cybersecurity and another $500 million for an incentive program encouraging investments in advance cybersecurity practices.
It includes $150 million to strengthen cybersecurity at the Department of Treasury, $50 million more than the amount the White House estimates the department will spend this year. “Trillions of dollars are accounted for and processed” by Treasury IT systems, the budget proposal states. “These systems are a constant target for sophisticated threat actors.”
The Cybersecurity and Infrastructure Security Agency – the Department of Homeland Security agency that leads federal cybersecurity efforts and serves as a gateway to the private sector – could be in store for a slight reduction in cybersecurity spending. The Biden request proposes $1.24 billion in CISA cybersecurity spending, contrasted with the $1.3 billion the agency estimates the agency will receive this fiscal year. The overall CISA spending proposal totals $2.5 billion, and increase over the $2.35 billion estimated topline for this year.
Despite the current federal fiscal year already having run about half its course, this year’s appropriations for CISA aren’t yet certain. Congress has funded the agency since October through temporary measures known as continuing resolutions that maintain spending levels established the previous year, when Congress appropriated slightly more than $1.3 billion.
CISA has “historically has got lot of additional money appropriated to it from Congress beyond what the president has asked for,” said Schneider, who is also a member of Information Security Media Group’s Cyber Ed Board.
White House budget officials may simply be proposing CISA funding at levels that don’t take into account congressional additions, he said.
It’s doubtful whether CISA will be the benefactor of congressional largesse this year. CISA has emerged as a partisan flash point with Republicans questioning its size and its role in election security and disinformation. “The bipartisan nature of cybersecurity is still fundamentally true in Congress, but I don’t know that full bipartisan endorsement of CISA is widespread in Congress,” he said.
The next immediate deadline for government spending is March 22, when the continuing resolution funding DHS, DOD and other agencies expire. Congressional watchers expect the legislative branch to approve a package of appropriations bills dubbed a “minibus” covering those agencies, especially since members on Friday approved a similar bill covering agencies such as the Departments of Justice, Commerce and Transportation.
The last six months of funding via continuing resolution has meant that agencies have been unable to initiate new programs or acquisitions. That’s especially set back zero trust architecture efforts, Schneider said, since the current fiscal year was the first in which federal agencies could fully respond to the zero trust mandate of Biden’s 2021 cybersecurity executive order.
The incremental nature of the continuing resolutions – approved at the last minute and for period amounting to no more than weeks – has also diverted federal agencies into preparing for possible shutdowns caused by lack of funding.
Of the past six months, Schneider said the best case is that it slowed down zero trust efforts. “Worst case it has stopped their efforts altogether.”