White House 2023 budget request prioritizes more staff for CISA, funding for zero trust security measures

The budget request outlines a "strategic shift" in federal cybersecurity efforts after incidents like SolarWinds and Log4j.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

The White House’s budget request outlines $10.9 billion in cybersecurity-related spending in 2023, including funding for agencies to shift toward “zero trust” security architectures, as well as a boost to the Cybersecurity and Infrastructure Security Agency’s workforce.

The fiscal year 2023 request lays out cybersecurity as a top priority for the Biden administration, continuing an emphasis that largely began with the May 2021 cybersecurity executive order and has continued this year with the Office of Management and Budget’s new zero trust security strategy.

“The budget funds a strategic shift in the defense of federal infrastructure and service delivery, better positioning agencies to guard against sophisticated adversaries,” the administration’s budget overview states.

The requested investments support practices and priorities in last year’s cybersecurity executive order, including “funding to facilitate the ongoing transition to a ‘zero trust’ approach, which would enable agencies to more rapidly detect, isolate and respond to cyber threats,” the overview continues.

The request seeks $65 billion for IT at civilian agencies in 2023, according to a budget analytics document. That covers 4,290 investments at 24 agencies, including 742 “major IT investments,” according to the document.

The IT request includes $10.9 billion for civilian agency “cybersecurity-related activities,” an increase of about $1 billion above 2022 spending levels. The Department of Homeland Security leads the way in estimated cyber spending for 2023 at $2.6 billion, while the Justice Department’s cybersecurity-related spending is projected to reach just shy of $1.3 billion next year.

The White House is requesting $2.5 billion for DHS’s Cybersecurity and Infrastructure Security Agency in FY23. That would represent a small cut, however, compared to the $2.594 billion Congress gave CISA in the FY22 omnibus spending bill. But the budget request was largely finalized by the time the spending agreement was reached earlier this month.

The requested funds will allow CISA to “maintain critical cybersecurity capabilities implemented in the American Rescue Plan Act of 2021, expand network protection throughout the Federal Executive Branch, and bolster support capabilities, such as cloud business applications, enhanced analytics, and stakeholder engagement,” according to a budget summary.

The Biden administration is also looking to add hundreds of employees to CISA’s workforce. The agency had about 2,400 full-time equivalent employees in 2021, and the budget outlines an increase in CISA’s workforce to an estimated 2,740 employees in 2023, according to a budget appendix document.

The administration is also requesting $22 million for the Office of the National Cyber Director, a new White House office dedicated to coordinating U.S. cyber policy.

Last year’s infrastructure bill gave the new office, led by Chris Inglis, a $21 million round of initial funding. The extra $1 million in 2023 would help bring the new office’s workforce from an estimated 75 staff this year to 77 next year, according to the appendix document.

Zero trust and SolarWinds

The White House has directed all agencies to have a plan to adopt a zero trust posture by the end of FY24. The latest budget request continues to prioritize new funding for agency’s to upgrade their cyber defenses, especially in the wake of incidents like the SolarWinds software supply chain attack and the newly uncovered Log4j open-source software vulnerabilities.

An example can be found in the Treasury Department’s request, where the administration is seeking $215 million for the “Cybersecurity Enhancement Account.” The funding would help “protect and defend sensitive agency systems and information, including those designated as high-value assets,” according to the summary.

The Cybersecurity Enhancements Account received $18 million in FY21 and an additional $80 million as part of the FY22 omnibus spending agreement.

“The budget increases centralized funding to strengthen Treasury’s overall cybersecurity efforts and establish a Zero Trust Architecture,” the FY23 budget overview states. “These investments would protect Treasury systems from future attacks and accelerate Treasury’s response to the SolarWinds incidents and Log4j vulnerabilities.”

The Treasury Department was among the agencies to suffer a serious breach in the SolarWinds hack. With trillions of dollars passing through Treasury’s systems, the agency’s networks are a “constant target for sophisticated threat actors,” according to the FY23 budget appendix.

“The Cybersecurity Enhancement Account allows Treasury to more proactively and strategically protect Treasury systems against cybersecurity threats,” the appendix states. The account supports “enterprise-wide services and capabilities,” as well as “targeted bureau-specific cyber investments.”

The Department of Energy was also among the agencies hit by the SolarWinds attack. The FY23 budget request seeks $68 million for DoE’s chief information officer, with planned investments addressing vulnerabilities stemming from SolarWinds, as well as implementation of the executive order and the move to a zero trust architecture, according to the budget appendix.

The newly requested funding comes after the FY22 budget agreement provided $71.9 million for the CIO’s office at DOE, including $55 million “to address the impacts of the SolarWinds incident across the department.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories

    Amelia Brust/Federal News Network

    Zero trust will be ‘incomplete experiment’ without prompt follow-up, report says

    Read more

    Final zero trust strategy both prescriptive, flexible enough to achieve end goals

    Read more