CISA would get $3 billion under the Biden admin's budget request, including funding to implement new cyber incident reporting rules.
While Congress still hashes out the details of cybersecurity spending for fiscal 2024, the Biden administration’s budget request outline several increases for key cyber programs and initiatives in 2025.
The Biden administration is seeking $13 billion in cybersecurity funding across civilian departments and agencies, according to the White House’s fiscal 2025 budget overview released today. That would represent a major increase over the $11.8 billion pegged for civilian agency cybersecurity spending in fiscal 2024 and the $11.3 billion spent on the same activities in fiscal 2023, according to the White House’s analysis of IT and cybersecurity spending.
The Biden administration had requested $12.7 billion for federal cybersecurity spending in fiscal 2024, but those plans have been kneecapped by the lack of a new budget nearly midway through the fiscal year. Agencies continue to operate under a continuing resolution while lawmakers negotiate spending bills.
For fiscal 2025, the White House had directed agencies to prioritize cyber investments in “secure by design” technologies, zero trust architectures, and the modernization of legacy technology.
The fiscal 2025 proposal includes $3 billion for the Cybersecurity and Infrastructure Security Agency, a $103 million increase over the agency’s current budget.
Budget documents released by the Department of Homeland Security show CISA’s budget request includes $1.7 billion for its cybersecurity programs, including $394 million for a Joint Collaborative Environment (JCE). The JCE program allows CISA to “fulfill its mission of centralizing and synthesizing cyber threat and vulnerability data” across federal, state and local, and private sector stakeholders.
CISA’s 2025 cyber budget proposal also includes $469.8 million for the Continuous Diagnostics and Mitigation (CDM) program. The agency would use the CDM funding to “complete mobile asset deployments, continue cloud asset deployments, initiate Internet of Things activities in Asset Management, continue to fill gaps in Identity and Access Management capabilities, and align to agency zero trust use cases,” according to DHS budget documents.
The fiscal 2025 budget request also provides some detail on CISA’s plans to implement the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). The agency is expected to issue a notice of proposed rulemaking this month, laying out how entities across all 16 critical infrastructure sectors will be required to report cyber incidents to CISA.
CISA’s budget request includes $116 million to add new staff, update existing programs and implement new technologies in preparation for CIRCIA. The agency specifically plans to introduce an unclassified ticketing system, integrate a customer relationship management tool, expand its threat intelligence platform, and develop an incident reporting web app.
Beyond CISA, the proposed budget includes an additional $25 million for the Justice Department and FBI’s work on “cyber and counterintelligence investigative capabilities.” About $5 million would go toward expanding a new office within DoJ’s National Security Division focused specifically on cyber threats.
The Department of Health and Human Services’ proposed budget also includes major cyber initiatives, including $800 million to help “high-need, low-resourced hospitals cover the upfront costs associated with implementing essential cybersecurity practices,” as well as $500 million for an incentive program “to encourage all hospitals to invest in advanced cybersecurity practices.”
It additionally includes $141 million for HHS to strengthen the security of its own systems, while also supporting the broader health sector. That number includes $11 million to “expand and enhance capacity to protect the privacy and security of health information” under the Health Insurance Portability and Accountability Act of 1996, known as HIPAA.
The cybersecurity of public services is also an emphasis under the budget proposal. For instance, would expand the Department of Agriculture’s authority so it can use expired discretionary funds to patch cyber vulnerabilities and improve web-based rural development loan services.
Meanwhile, agencies continue to advance their plans under the federal zero trust strategy. The Treasury Department budget would allocate $150 million for its “Cybersecurity Enhancement Account,” an increase of $50 million above the fiscal 2023 level. That includes funding to “continue the implementation of a zero trust architecture” at Treasury, according to the budget overview.
In the wake of President Joe Biden’s executive order on artificial intelligence last fall, the 2025 budget proposal includes plenty of AI-related spending. Much of that intersects with cybersecurity and AI “safety.”
For instance, the budget would allocate $455 million for the Energy Department’s work on artificial intelligence, cybersecurity, and resiliency in the energy sector.
“These investments enhance the department’s computing capabilities and support the development of AI testbeds to build foundation models for energy security, national security, and climate resilience as well as tools to evaluate AI capabilities to generate outputs that may represent nuclear, nonproliferation, biological, chemical, critical-infrastructure, and energy security threats or hazards,” the budget overview states. “The funding also invests in continued support for training new researchers from a diverse array of backgrounds capable of meeting the rising demand for AI talent.”
The budget request also includes $5 million for DHS to open a new office responsible for coordinating the use of AI across the department, while promoting innovation and managing AI risks. DHS and CISA play key roles in advancing the security of AI systems under Biden’s executive order.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Follow @jdoubledayWFED