President’s cyber budget request is off to a good start; Congress should fill the gaps

Excerpt

The White House released the President’s Budget Request for Fiscal Year (FY) 2024 last month, just a few days after issuing the much-anticipated National Cybersecurity Strategy. The budget reflects many of the new strategy’s priorities, including modernizing federal network infrastructure and developing public-private and international partnerships. Both documents continue a multi-year focus on defending critical infrastructure, but many of the budget’s funding requests to resource this effort fall short.

The new budget would increase spending on securing the federal government’s digital infrastructure with a beefy 13 percent increase over the FY23 congressional appropriation for information technology at civilian agencies. This growth reflects the administration’s commitment to a comprehensive, all-agency approach to adopting zero-trust architecture and retiring older systems. A key component of the new spending is a $12.7 billion investment in cybersecurity at federal civilian agencies — itself an increase of 13 percent over the FY23 enacted levels.

The “quarterback” of the federal government cyber team, the Cybersecurity and Infrastructure Security Agency (CISA), would receive a total of $3.1 billion, which includes $149 million in new money for programs reinforcing “cybersecurity and infrastructure security.” Of that, $98 million is allocated to implement the Cyber Incident Reporting for Critical Infrastructure Act, which requires critical infrastructure owners and operators to report significant cyber incidents to CISA. Another $425 million is allocated to CISA’s new Cyber Analytics Data System, which aims to improve CISA’s capabilities to record, analyze, and defend against vulnerabilities rapidly. For the first time, CISA acknowledged its responsibility to fund and execute K-12 cyber security awareness programs, which Congress has directed (and resourced) for nearly five years. The president’s budget request for FY23 had suggested cutting this funding.

Retired Rear Admiral Mark Montgomery serves as senior director of the Center on Cyber and Technology Innovation (CCTI) and is a senior fellow at the Foundation for Defense of Democracies (@FDD), a Washington, D.C.-based, nonpartisan research institute focusing on national security and foreign policy. Montgomery also directs CSC 2.0, an initiative that works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he served as executive director. Follow him on Twitter @MarkCMontgomery. Jiwon Ma is a program analyst at CCTI, where she contributes to the CSC 2.0 project. Follow her on Twitter @jiwonma_92.