Biden Administration Seeks 2023 Cybersecurity Spend Increase
The just-released White House fiscal year 2023 federal budget proposes nearly $11 billion in cybersecurity spending for agencies not directly in defense. The request is an 11% increase from the fiscal 2022 budget. “The budget bolsters our cybersecurity and strengthens our military by ensuring we have the resources necessary to sustain deterrence and backstop our diplomacy,” the administration wrote in its proposal.
The budget, the administration said, is part of its effect to reprioritize cybersecurity by strengthening resilience at home and accelerating cooperation with allies and the private sector. Those efforts are a continuation, the administration says, are a continuation of the president’s signing of executive order 14028 on Improving the Nation’s Cybersecurity. That executive order prioritized protecting and modernizing federal information systems and data and aimed to improve information-sharing between the federal government and private industry. The executive order also took steps to enhance standards for secure software development, improve detection of and response to cyberthreats and vulnerabilities on federal systems.
As Bren Briggs detailed in his post, How Biden’s National Security Memo Bolsters US Cybersecurity, in addition to zero-trust, the executive order aimed to improve supply chain security, create a Cyber Safety Review Board (CSRB) comprised of public and private stakeholders and expand the NSA’s role in threat mitigation.
A core part of the proposed cybersecurity budget is funding the shift to a zero-trust architecture within federal agencies. The hope is that zero-trust will help agencies better defend against cyberthreats. The budget provides $2.5 billion to the Cybersecurity and Infrastructure Security Agency (CISA). That figure represents a $486 million increase above existing levels and would help to expand network protection throughout the executive branch and bolster cloud business applications, enhance analytics and improve stakeholder communications. “The Budget also supports the Office of the National Cyber Director, which would improve national coordination in the face of escalating cyber-attacks on government and critical infrastructure,” the budget proposal stated.
The budget also would invest in cybersecurity programs aimed to protect the nation from cyberattacks, including through the strengthening of cyber protection standards for the defense industrial base and increased cybersecurity investment within Department of Defense networks, strengthening election security, enhancing critical infrastructure protection and prioritizing and reinforcing CISA’s role as the “national risk manager.”
“The proposed budget is in keeping with the continuing drumbeat from the Biden White House that virtually began with the Executive Order 14028, itself motivated in part by months of high-profile attacks, and most recently by the president’s warning last week regarding the potential for cyber retaliation against the West in response to sanctions against Russia. It’s good to see consistent guidance and federal mandates—but even better to see them funded,” said Scott Crawford, information security research head at 451 Research.