Cyber Security

FY2022 Federal Budget Request Seeks to Add Billions for Cybersecurity

FY2022 Federal Budget Request Seeks to Add Billions for Cybersecurity
Written by ga_dahmani
FY2022 Federal Budget Request Seeks to Add Billions for Cybersecurity

If ultimately approved by Congress, a federal budget proposal just issued by the Biden administration would provide a major financial injection for the nation’s cybersecurity. The request would set aside $9.8 billion in civilian cybersecurity funding in total, which would be in addition to the $10.4 billion the Defense Department expects to spend when the new fiscal year begins Oct. 1.

Much of this spending is intended to support a series of executive orders issued by the administration in response to a series of attacks that posed potential national security threats in 2021. These included the SolarWinds breach, as well as attacks by opportunistic ransomware criminals. at the power supplier. Colonial pipeline and JBS meatpacking plant.

Proposed $5.8 Trillion Federal Budget Contains Billions for Cybersecurity

The Office of Management and Budget proposal seeks $9.8 billion to secure federal civilian networks and national infrastructure, the core elements aimed at shoring up the Biden administration’s series of executive orders. There aren’t many details beyond that at this point, but the bill makes a point to set aside $750 million for “lessons learned from the SolarWinds supply chain attack” (although it’s unclear exactly where that money would go). ). In total, it would be an increase of 11% over the amount of the current federal budget.

Some details have been set forth for some of the relatively smaller portions of the federal budget proposal. The US Cybersecurity and Infrastructure Security Agency (CISA) would see a $500 million budget increase, the newly formed Office of the National Cyber ​​Director inside the White House would receive $15 million to work , and $20 million would go to a new Cyber ​​Response and Recovery Fund intended to provide grants to bolster cybersecurity defenses and help organizations that have been affected by attacks.

There is also $300 million earmarked for the Technology Modernization Fund, which is intended to modernize IT systems at federal agencies. Legacy systems are scattered across these agencies that have outdated versions of Windows and other software that no longer receives security patches, or that cannot properly interface with modern networks to adequately protect against attacks. Presumably, these funds are intended to modernize these systems wherever possible.

FEMA would receive $3.5 billion from the federal budget to be distributed at a rate of $1 billion per year through 2025, with the money going to grants to state and local governments and critical infrastructure agencies seeking to make cybersecurity improvements. An additional $80 million in grants would be available to a broader range of public and private organizations seeking to implement cyber risk reduction programs.

Among other things, the Department of Defense is seeking money to bolster Cyber ​​Command’s Cyber ​​Mission Force, raising the current number of teams from 137 to 142. Established in 2009, this force is the “action arm” of Cyber ​​Command and conducts offensive activities and defensive missions in cyberspace.

Mariano Núñez, CEO of onapsis, notes: “Additional funding for cybersecurity within the federal government is extremely important in this new era of interconnected risk, especially between business applications and critical operational technology infrastructure. Prioritizing the modernization of aging technology stacks will be essential to mitigating growing cybersecurity vulnerabilities and ensuring the security of the nation’s most critical systems and applications from malicious cyber campaigns.”

Cybersecurity focus comes after a year of attacks on critical infrastructure and invasion of Ukraine

Although the specific cybersecurity details of the federal budget are not yet fully in focus, some safe assumptions can be made. One is that talk of learning lessons from SolarWinds likely means a focus on beefing up the Treasury Department, the Energy Department, and other critical agencies that came under attack. The software vendor’s breach is believed to be the work of Russian state-backed hackers, as the compromise granted access to tens of thousands of the company’s customers, but the attackers ignored the vast majority of them and targeted the federal agencies and about a dozen. select private targets of interest for espionage. One line in the bill mentions that the Treasury Department specifically would get an additional $210 million for cybersecurity, and that other equally sensitive agencies could receive similar increases in funding.

Another is the move to a “zero trust” architecture in all federal government systems, something mandated by a January 2022 executive order and scheduled to be completed by the end of 2024. The move would require a major overhaul of federal systems to Allow user accounts to only access items they need for work purposes and require multi-factor authentication logins.

The OMB proposal seeks $9.8 billion to secure federal civilian networks and #criticalinfrastructure, the core elements targeted by the Biden administration’s series of executive orders. #cybersecurity #respectdataclick to tweet

The federal budget for next year is due to be discussed in October, usually a contentious process in which various members of Congress create their own offshoots of proposals like these. The final form is still in doubt, but spending on cybersecurity is almost certain to increase significantly given the double whammy of increased crime (and greater audacity by criminals) brought on during the pandemic and the possibility of Russia participating in it. retaliatory cyberattacks targeting entities. in the US. As Nick Tausek, Security Automation Architect at Swimlane observes: “Although this proposal will most likely go through numerous changes before being approved, the increased investment in cybersecurity, combined with recent security directives on Zero Trust, Logging, and Security Orchestration, Automation, and Response (SOAR) are encouraging steps for the future of the nation’s cybersecurity strategy. While it is difficult to pinpoint the chances of the entire budget passing in its current form, it seems likely that cybersecurity measures will remain largely unchanged due to their emphasis on national defense.”

About the author


Leave a Comment