April 19, 2022 | The Hill

Biden’s cybersecurity budget good start; Congress needs to fill the gaps

April 19, 2022 | The Hill

Biden’s cybersecurity budget good start; Congress needs to fill the gaps

Excerpt

The White House released the President’s Budget Request for Fiscal Year 2023 on the heels of the recently passed Consolidated Appropriations Act, which provided a jolt of cybersecurity funding for 2022 but missed important opportunities. For its part, the FY23 Budget request contains a number of critical cybersecurity investments but falls short on cyber education and critical infrastructure resilience and does not adequately fund the National Institute of Standards and Technology (NIST). Congress should now move decisively to fill those gaps, as it often has in previous years.

The FY23 Budget prioritizes securing the federal government’s digital systems and networks with an 11 percent ($10.9 billion) increase in enterprise cybersecurity and IT funding for departments and agencies. For example, the White House requests an increase of $197 million “to protect and defend sensitive agency systems and information” at the Department of the Treasury. Similarly, the Budget cites improving the Pentagon’s network security and strengthening cybersecurity standards for the defense industrial base as priorities. This growth and prioritization align neatly with Executive Order 14028 on Improving the Nation’s Cybersecurity which, the Budget notes, emphasizes “enhancing the security of Government-procured software [and] improving detection of cyber threats and vulnerabilities on Federal systems.”

The White House also recognizes the need to expand the federal cybersecurity workforce, increasing funding for the National Science Foundation’s (NSF) “CyberCorps: Scholarship for Service” program by $12 million over the FY22 appropriation. CyberCorps is a critical pathway for post-secondary cybersecurity education and recruitment. The Budget, however, neglects K-12 cybersecurity education as it requests no funding for the Cybersecurity Education and Training Assistance Program (CETAP) housed at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). The administration similarly marked CETAP for elimination in the FY22 request, but Congress ultimately appropriated $6.8 million for FY22 to continue this congressionally authorized program. The FY23 Budget provides no reason for eliminating CETAP funding other than suggesting NSF will take over some element of the work. As they have in the past, congressional appropriators should resolve the confusion by funding this critical cybersecurity education program in its current home at CISA and ensuring that any increased funding for K-12 education activities at NSF are truly additive, rather than coming at the expense of CETAP or existing NSF educational programs like CyberCorps.

Retired Rear Admiral Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation (CCTI) and is a senior fellow at the Foundation for Defense of Democracies (@FDD), a Washington, D.C.-based, nonpartisan research institute focusing on national security and foreign policy. Montgomery also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Follow him on Twitter @MarkCMontgomery.

Issues:

Cyber