Biden’s cybersecurity plan has a huge funding gap

Excerpt

The Biden administration is boasting about its planned $13 billion investment in cybersecurity for federal civilian agencies, but the White House’s plans neglect essential programs, including foundational research and standards setting.

The administration is once again requesting far too little for the National Institute of Standards and Technology (NIST), which develops cybersecurity standards and guidelines for the rest of the government. The White House directs NIST to play a critical role in its most important cybersecurity priorities, but does not fund the agency to match its importance. Unless Congress steps in, NIST will be unable to do the work assigned, jeopardizing the success of the administration’s cyber ambitions.

The National Institute of Standards and Technology, part of the Department of Commerce, conducts technical research into emerging technologies while also developing risk mitigation frameworks. Its most visible outputs are more than 200 directives that establish cybersecurity standards, technical specifications and guidelines that governments and private industry use as their benchmarks. NIST also maintains the Cybersecurity Framework, a detailed system for managing cybersecurity risks. It offers a methodology for identifying and prioritizing an organization’s assets and protecting those systems. Critical infrastructure operators, government contractors and federal agencies all measure the efficacy of their cybersecurity procedures against this framework.

Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. He directs CSC 2.0, which works to implement the recommendations of the Cyberspace Solarium Commission, where he previously served as executive director. Follow him @MarkCMontgomery. Michael Sugden is a research analyst and editorial associate with CCTI at FDD.