Biden Budget Seeks to Invest Billions in US CybersecurityFY 2022 Budget Proposal Seeks $750 Million for 'Lessons Learned' From SolarWinds
The White House officially released its fiscal 2022 budget proposal on Friday. The Biden administration is seeking to spend billions on cybersecurity, including $750 million for "lessons learned" from the SolarWinds attack.
Overall, President Joe Biden's first budget proposal as president contains $9.8 billion in cybersecurity funding "to secure federal civilian networks, protect the nation’s infrastructure and support efforts to share information, standards and best practices with critical infrastructure partners and American businesses," according to the official document published by the Office of Management and Budget.
The Biden budget does not take into account an additional $10.4 billion that the Department of Defense wants to spend in fiscal 2022, which begins Oct. 1, on cybersecurity as well as research and development, according to an unclassified document also released on Friday.
With its emphasis on cybersecurity, national security, infrastructure spending and IT modernization, the White House is looking to spend additional billions on various cybersecurity programs that have already been announced by the administration.
This includes the May 12 presidential executive order that was designed, in part, to implement measures to help counter the type of supply chain attack that compromised SolarWinds, as well as other changes to how the federal government approaches cybersecurity (see: Biden's Cybersecurity Executive Order: 4 Key Takeaways).
"These resources would better enable federal agencies to protect technology and safeguard citizens’ sensitive information from the threats posed by cybercriminals and adversaries," according to the budget document. "Agencies will continue to improve cybersecurity practices, implement supply chain risk management programs, develop coordinated vulnerability disclosure programs, and improve cyber threat intelligence analysis."
Biden's budget, which calls for $6 trillion in federal spending in fiscal 2022, is a blueprint that will be followed up by Congressional appropriations later this year.
The proposed 2022 budget includes multiple provisions for cybersecurity and IT spending next year, although the document lacks specifics in many areas. For instance, the $750 million for lessons learned from the SolarWinds supply chain attack contains no additional details.
The document calls for an additional $110 million for the U.S. Cybersecurity and Infrastructure Security Agency to help better address a wide range of cybersecurity issues that have come to light over the past six months. Overall, CISA's budget for 2022 would be t $2.1 billion if Congress appropriates the requested funding (see: Biden Seeks to Boost CISA's Budget by $110 Million).
The 2022 budget proposal also includes $15 million to support the Office of the National Cyber Director within the White House, which was created earlier this year by Congress as part of the 2021 National Defense Authorization Act. John "Chris" Inglis has been nominated to lead the new cybersecurity office (see: NSA Veterans Nominated for Top Cyber Posts).
In addition, the president's budget asks for $20 million for a new Cyber Response and Recovery Fund, which was one of the recommendations included in the Cyberspace Solarium Commission report released in 2020, according to the Department of Homeland Security.
The Biden budget is also looking to spend significant sums on IT modernization programs to boost the federal government's infrastructure and cybersecurity. The proposal would provide $500 million for the government's Technology Modernization Fund.
In March, Congress allocated $1 billion for federal IT modernization project grants as part of the American Rescue Plan - the $2 trillion economic relief package signed by Biden. These grants are distributed by the OMB and the General Services Administration through the Technology Modernization Fund (see: IT Modernization Grants Will Prioritize Cybersecurity).
The administration also wants to use federal dollars to bolster the government's IT and cybersecurity workforces by offering ways for government employees and contractors to acquire new skills as well as recruit new talent to join federal agencies, according to the document.
"To support the federal IT and cybersecurity portfolio, the budget proposes to identify and address critical skills gaps across the IT and cybersecurity workforce," according to the budget proposal. "The budget invests in innovative programs that improve the government’s ability to recruit, retain, and train a workforce that can build, maintain, and secure federal information and information systems. The administration is focused on continuing the use of reskilling and upskilling training programs to address critical knowledge skills gaps by reinvesting in existing employees."