Spending law pumps up budget for federal cybersecurity agency
The new $1.7 trillion omnibus spending law includes a 12% budget increase for the Cybersecurity and Infrastructure Security Agency in an effort to secure the nation’s IT infrastructure better.
Under the omnibus spending law, enacted by Congress and signed by President Joe Biden in late December, CISA, part of the Department of Homeland Security, will receive an annual allocation of $2.9 billion. That’s an increase of about $313 million under the new budget, which runs through Sept. 30. It marks about 15% more than the CISA budget Biden’s administration asked for.
US ELECTION SECURITY OFFICIAL SAYS 'NO EVIDENCE' VOTES WERE CHANGED DURING MIDTERM ELECTIONS
The law also bans TikTok, owned by Chinese company ByteDance, from being installed on government devices after several states have also prohibited it. The spending law further includes $50 million to battle cyberthreats from Russia and other adversaries.
More is needed because of the cybersecurity threats the United States faces, some cybersecurity advocates say.
The fiscal 2023 increase “is a start but not nearly enough,” said Susan Cho, director of intelligence at Hyperion Services, a security services company. “Cyberwarfare is the current and future way of waging war, so we need to be looking at combating cyberattacks in the same way we would in all national defense matters.”
CISA and other government cybersecurity efforts are important tools for countering cyberattacks across the U.S., Cho told the Washington Examiner. “Because cyberattacks can affect such large swaths of the American population and often span across numerous state boundaries, the federal government is essential in monitoring and regulating network activities in order to protect our national interests and security,” she added.
In addition to the TikTok ban, Cho called on the federal government to take a “more aggressive approach” in monitoring foreign software applications, with a focus on warning the private sector and consumers.
“The average person simply does not recognize the danger that these foreign-developed applications pose to our national defense, so the government needs to take a greater role in banning foreign apps before they become proliferated and ubiquitous,” she said.
A budget increase at CISA is welcome given its missions, said Mike Pedrick, vice president for cybersecurity consulting at cybersecurity provider Nuspire. The agency’s objectives include serving as the information security apparatus of the U.S. government and providing thought leadership and cyber intelligence to civilian industry groups.
“It stands to reason that CISA is in the best position, based on proximity to government systems and infrastructure, to identify, enumerate, and provide instructive defense guidance for nation-state threats and their methodologies,” he said. “The sooner and more effectively that CISA is able to digest emerging threats and devise commensurate risk mitigation strategies, the sooner such information can be made available to civilian organizations that are paying attention and that are prepared to put such information into action.”
However, the value to private business is indirect because CISA’s budget isn’t targeted to the civilian sector, Pedrick noted. CISA needs enough funding to educate people and businesses that need to pay attention to cyberthreats, he said.
“Risk mitigation and defense remain the sole responsibility of the general populace, personally and where [it] regards their business interests,” he added. “It’s difficult to imagine the budget, much less the logistics, required for a taxpayer-funded government agency to provide adequate cybersecurity defense for all businesses and corporations.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
CISA has been a “shining light” in cybersecurity since its inception, added Chris Clymer, CISO of cybersecurity provider Inversion6. The agency does an excellent job in researching incidents and advising how organizations should make cybersecurity investments, he added, and the agency provides cover for executives to defend cybersecurity investments to their stockholders.
The budget increase is “much, much needed, as the U.S. has slipped behind and become increasingly vulnerable because we have been in need of authorities to give some direction,” Clymer told the Washington Examiner. “CISA has, and can continue to play, an important role helping business leaders be more aware of the specific threats they face, understanding that they are very real, and making it clear what needs to be done to avoid becoming a victim.”
Gloss