Biden Budget Seeks to Invest Billions in US Cybersecurity

The White House officially released its 2022 federal budget proposal on Friday, and the Biden administration is seeking to spend billions on cybersecurity next year, including $750 million for “lessons learned” from the SolarWinds attack.

See Also: The Cost of OT Cybersecurity Incidents and How to Reduce Risk

Overall, President Joe Biden’s first budget proposal as president contains $9.8 billion in cybersecurity funding “to secure federal civilian networks, protect the nation’s infrastructure, and support efforts to share information, standards and best practices with critical infrastructure partners and American businesses,” according to the official document published by the Office of Management and Budget.

The Biden budget does not take into account an additional $10.4 billion that the U.S. Department of Defense wants to spend next year on cybersecurity, as well as research and development, according to an unclassified document also released on Friday.

With its emphasis on cybersecurity, national security, infrastructure spending and IT modernization, the White House is looking to spend additional billions on various cybersecurity programs that have already been announced by the administration.

This includes the May 12 presidential executive order that was designed, in part, to implement measures to help counter the type of supply chain attack that compromised SolarWinds, as well as other changes to how the federal government approaches cybersecurity (see: Biden’s Cybersecurity Executive Order: 4 Key Takeaways).

“These resources would better enable federal agencies to protect technology and safeguard citizens’ sensitive information from the threats posed by cybercriminals and adversaries,” according to the budget document. “Agencies will continue to improve cybersecurity practices, implement supply chain risk management programs, develop coordinated vulnerability disclosure programs, and improve cyber threat intelligence analysis.”

Biden’s total fiscal budget calls for $6 trillion in federal spending in 2022, and the proposal will now go to Congress for debate, with the House and Senate expected to vote on it later this year.

Cyber Proposals

The proposed 2022 budget includes multiple provisions for cybersecurity and IT spending next year, although the document lacks specifics in many areas. For instance, the $750 million for lessons learned from the SolarWinds supply chain attack contains no additional details.

The document does call for an additional $110 million for the U.S. Cybersecurity and Infrastructure Security Agency to help better address a wide range of cybersecurity issues that have come to light over the past six months. Overall, CISA’s budget for 2022 will stand at $2.1 billion if the spending bill passes (see: Biden Seeks to Boost CISA’s Budget by $110 Million).

The 2022 budget proposal also includes $15 million to support the Office of the National Cyber Director within the White House, which was created earlier this year by Congress as part of the 2021 National Defense Authorization Act. John “Chris” Inglis has been nominated to lead the new cybersecurity office (see: NSA Veterans Nominated for Top Cyber Posts).

In addition, the president’s budget asks for $20 million for a new Cyber Response and Recovery Fund, which was one of the recommendations included in the Cyberspace Solarium Commission report released in 2020, according to the Department of Homeland Security.

Modernization

The Biden budget is also looking to spend significant sums on IT modernization programs to boost the federal government’s infrastructure and cybersecurity. Specifically, the proposal provides $500 million for the government’s Technology Modernization Fund.

In March, Congress allocated $1 billion for federal IT modernization project grants as part of the American Rescue Plan – the $2 trillion economic relief package signed by Biden. These grants are distributed by the OMB and the General Services Administration through the Technology Modernization Fund (see: IT Modernization Grants Will Prioritize Cybersecurity).

The administration also wants to use federal dollars to bolster the government’s IT and cybersecurity workforces by offering ways for government employees and contracts to acquire new skills, as well as recruit new talent to join federal agencies, according to the document.

“To support the federal IT and cybersecurity portfolio, the Budget proposes to identify and address critical skills gaps across the IT and cybersecurity workforce,” according to the budget proposal. “The budget invests in innovative programs that improve the government’s ability to recruit, retain, and train a workforce that can build, maintain, and secure Federal information and information systems. The administration is focused on continuing the use of reskilling and upskilling training programs to address critical knowledge skills gaps by reinvesting in existing employees.”