President Joe Biden’s administration has proposed a $110 million increase in the U.S. Cybersecurity and Infrastructure Security Agency's budget.
With the passage of the nearly $2 trillion American Rescue Plan and an infrastructure bill with a price tag of $2.4 trillion (and a forthcoming jobs plan that will cost $2 trillion), it is a number that critics say is too meager, given the range of cyberattacks that federal agencies face.
Biden’s proposed $1.5 trillion 2022 discretionary spending budget includes $2.1 billion for the CISA, an increase of about 5.6% over its budget allocated by Congress for the last year. The CISA’s budget previously got a temporary boost of $650 million in the American Rescue Plan Act passed in March.
With the CISA focused on protecting government agencies and critical infrastructure, some cybersecurity experts called for the Biden administration to pump up its budget further. Nine U.S. agencies were affected by the SolarWinds breach, announced in late 2020. This month, Atlas VPN, a VPN provider, released a report saying that government agencies were the top target of ransomware attacks in 2020.
Rep. Jim Langevin, a Rhode Island Democrat, praised the Biden administration’s focus on cybersecurity in its budget, but he suggested the CISA could use more money. The Biden budget is a “starting point,” he said in a statement.
“In the face of growing cyber threats, President Biden has demonstrated a robust commitment to improving our nation’s cyber defenses, and I applaud his recognition of this urgent need,” added Langevin, the chairman of the House Armed Service Committee’s Subcommittee on Cyber, Innovative Technologies, and Information Systems. “While I believe the $110 million increase for CISA is a good start, I think we can be even bolder in our vision for the nation’s premier cybersecurity agency.”
More money for the CISA is needed, added Edgard Capdevielle, the CEO of Nozomi Networks, an Internet of Things cybersecurity provider.
“Recent incidents such as the SolarWinds hack should be an eye-opener for enterprise and government,” he told the Washington Examiner. “The enemy is at the gates.”
Capdevielle called on the CISA’s mission to be expanded to offer more support for privately held critical infrastructure. “This is not the time to be frugal when protecting the most critical infrastructure in the world, in the country that’s by far the most dependent on the availability of that infrastructure,” he said.
The budget increase will “not make a dent” in the long-standing problems with cybersecurity in the federal government, added Joseph Neumann, a cyber executive adviser at cybersecurity vendor Coalfire.
The SolarWinds hack showed that the CISA doesn’t have a good inventory of all federal systems and possible compromise points, Neumann told the Washington Examiner. He called for more comprehensive reforms in federal cybersecurity efforts, focusing on centralizing security with one organization.
“With every organization having its own disparate network, security, and goals, increases in federal spending with CISA are only going to continue Band-Aiding the problem the federal government has,” he added. “[CISA] is reactionary at best.”
Some observers, however, suggested the Biden budget is already focusing on the significant cybersecurity issues that the federal government needs to address. While the budget increase is “modest,” Biden’s base CISA budget addresses ransomware attacks and threats from China and Russia, noted Shambhu Upadhyaya, a professor and the director of the Center of Excellence in Information Systems Assurance Research and Education at the University at Buffalo.
“The additional funds seem to be adequate to develop certain long-term solutions in the cybersecurity space,” he told the Washington Examiner.
Upadhyaya, who focuses on public infrastructure cybersecurity, called for the CISA to increase its focus on ransomware attacks on the financial and healthcare industries, as well as attacks on the IoT and the privacy and security of individual residents.
He also called on the U.S. government to train more cyber warriors. “The administration must focus on cybersecurity education and produce a greater cybersecurity workforce to fill the positions at the various agencies,” he said.
The U.S. government has a cybersecurity training and skills gap, said Adam K. Levin, the founder and chairman of cybersecurity provider Cyberscout. “Identifying, training, vetting, and hiring the right people to bolster our cyber defenses should be the first order of business,” he told the Washington Examiner.
But Levin also called for an increase in CISA funding. The $110 million increase “feels like a rounding error, not a solution,” he said. “No amount of funding will provide the quick fix we need to our most pressing problem, which is a lack of trained talent.”
View original Post